TikTok has officially announced the formation of a U.S. joint venture, TikTok USDS Joint Venture LLC, designed to comply with a September 2025 Executive Order and avoid a nationwide ban. The deal restructures ownership to place majority control in American hands while leveraging Oracle's infrastructure for data security and algorithm oversight.
TikTok has officially announced the formation of a U.S. joint venture, TikTok USDS Joint Venture LLC, designed to comply with a September 2025 Executive Order and avoid a nationwide ban. The deal restructures ownership to place majority control in American hands while leveraging Oracle's infrastructure for data security and algorithm oversight.
The announcement marks the culmination of years of regulatory pressure and legislative action aimed at addressing national security concerns surrounding the video-sharing platform's Chinese ownership. For over 200 million American users and 7.5 million businesses, this restructuring determines whether the app remains accessible or faces the same fate as the brief ban that occurred a year ago.
The Joint Venture Structure and Ownership Changes
Under the new arrangement, ByteDance will divest the majority of its stake in U.S. operations, retaining only 19.9% ownership. The remaining 80.1% will be held by a consortium of majority-American investors, creating a legally distinct entity that operates TikTok's U.S. business.
This ownership structure directly addresses the core concern raised in the April 2024 legislation: that a foreign adversary could compel ByteDance to access or manipulate U.S. user data. By placing control in American hands, the joint venture creates legal and operational barriers between U.S. user data and foreign government influence.
The deal was facilitated by President Trump's September 2025 executive order, which blocked the Attorney General from enforcing the national security law for a 120-day period. This window allowed the complex divestiture to be completed by the January 23, 2026 deadline. Without this extension, TikTok would have faced an immediate ban.
Technical Safeguards and Oracle Partnership
The joint venture has implemented a multi-layered security architecture centered around Oracle's cloud infrastructure. All U.S. user data will be stored within Oracle's secure U.S. cloud environment, creating physical and logical separation from ByteDance's systems.
Perhaps more significantly, TikTok's content recommendation algorithm will be retrained and updated specifically using only U.S. user data. This addresses concerns that the algorithm could be manipulated to influence American users or gather intelligence through behavioral analysis. The algorithm itself will be secured using Oracle's cloud infrastructure, preventing unauthorized modifications.
The independent entity will operate a comprehensive data privacy and cybersecurity program that will be audited and certified by third-party cybersecurity experts. This program will adhere to major industry standards including:
- NIST Cybersecurity Framework (CSF) and NIST 800-53 for federal information security controls
- ISO 27001 for information security management systems
- CISA Security Requirements for Restricted Transactions specifically designed for this scenario
These certifications aren't merely voluntary—they create enforceable standards that can be verified by regulators and provide legal liability for non-compliance.
Expanded Scope and Content Moderation
The safeguards extend beyond TikTok itself to include CapCut, Lemon8, and other TikTok-affiliated apps and websites operating in the U.S. This comprehensive approach prevents the company from simply shifting operations to sister apps while maintaining the same security risks.
The joint venture will also implement "robust trust and safety policies and content moderation" to safeguard the U.S. content ecosystem. This includes transparency reporting and third-party certifications to ensure continuous accountability.
Historical Context and Legislative Background
This development comes after a turbulent period for TikTok in the United States:
- June 2020: TikTok faced an outright ban threat during Trump's first term
- April 2024: Congress passed legislation mandating American ownership or a ban
- Early 2025: TikTok briefly went dark after a federal ban took effect
- September 2025: Executive Order provided the 120-day extension for divestiture
- January 2026: Joint venture finalized to meet the deadline
The core legislative concern has remained consistent: lawmakers argue Beijing could compel ByteDance to hand over U.S. user data under China's National Intelligence Law. Both TikTok and ByteDance have consistently denied these allegations, but the legal structure of the new joint venture eliminates the possibility rather than simply denying it.
International Precedent and Future Implications
The U.S. solution may serve as a template for other countries with similar concerns. In late 2024, the Canadian government ordered TikTok to dissolve its operations entirely, suggesting they weren't satisfied with ownership restructuring alone. The U.S. approach—combining ownership changes with technical safeguards and third-party oversight—offers a middle path between complete ban and unrestricted operation.
For the broader tech industry, this case establishes precedent for how governments can address national security concerns with foreign-owned platforms. The combination of legal restructuring, technical controls, and ongoing oversight creates a model that could apply to other services facing similar scrutiny.
Practical Takeaways for Organizations
While this specific case involves a consumer platform, the security principles demonstrated have broader applications:
- Data Residency: Organizations handling sensitive data should consider geographic isolation using trusted cloud providers
- Algorithm Transparency: Machine learning models processing user behavior should have documented governance and oversight
- Third-Party Certification: Regular independent audits provide verifiable security assurance
- Compliance Frameworks: Adhering to established standards (NIST, ISO) creates defensible security postures
- Legal Structure: Sometimes technical controls must be paired with legal entity restructuring to fully address risks
The TikTok case demonstrates that when national security and business operations conflict, solutions require both legal creativity and technical rigor. The joint venture structure preserves the platform's operation while addressing the specific concerns that triggered regulatory action.
As this model potentially influences future regulatory decisions, organizations operating internationally should prepare for similar requirements: documented separation of data, verifiable security controls, and potentially ownership restructuring in sensitive markets.
The success of this experiment will be measured not just by TikTok's continued operation, but by whether the security safeguards prove effective against both external threats and internal misuse. For users, the experience should remain largely unchanged, but behind the scenes, the platform now operates under a fundamentally different governance model designed to protect American data and interests.
Comments
Please log in or register to join the discussion