U.S. and Chinese officials are weighing a structured arrangement that would let TikTok keep operating in the country while reducing national security risks, without forcing a full transfer of its core recommendation algorithm out of China. The emerging concept focuses on a legally enforceable framework for governance, data handling, and technology controls that could satisfy U.S. agencies and fit within China’s export rules.
What the deal tries to solve
Years of scrutiny have centered on two risks: who can access U.S. user data and who can influence what Americans see. Earlier efforts such as Oracle’s Project Texas pushed data localization and U.S.-based oversight but stopped short of a complete corporate separation. A 2024 law turned up the heat by setting a divest-or-ban path, which triggered lawsuits and a new push for a middle-ground design. China’s export controls on recommendation technology also complicate any outright sale, so negotiators are working on a structure that changes control without transferring the algorithm itself.
How the U.S. app would work
The current talks focus on a U.S.-domiciled TikTok entity with an independent board vetted through national security processes. That board would oversee dedicated committees for data security, content integrity, and compliance, with the authority to hire and fire leaders who run those functions. Day-to-day operations in the United States would be led by a U.S.-based executive team with clear reporting lines and protections from offshore directives. The recommendation engine would remain ByteDance intellectual property, but TikTok’s U.S. arm would receive a long-term, exclusive license to use it domestically.
On the engineering side, the U.S. version would operate from a separate codebase held in escrow on U.S. soil. Updates could flow in through a monitored pipeline only after pre-deployment security reviews. Interfaces between U.S. systems and non-U.S. systems would be tightly defined to prevent covert data flows or remote manipulation.
Data safeguards and content integrity
U.S. user data would be stored and processed in the United States with a vetted cloud partner and strict limits on cross-border transfers. Fine-grained access controls would rely on just-in-time permissions, robust logging, and audit trails available to U.S. monitors. The framework would prohibit shadow datasets and require data minimization and retention limits. Content policies would be structured for independence in moderation and recommendations, with transparent criteria, appeal routes, and a public-facing transparency center. Third parties would audit for political influence or hidden weighting, and any suspected manipulation would trigger rapid incident reporting.
Oversight, enforcement, and what comes next
Compliance would be anchored in a formal agreement with the Committee on Foreign Investment in the United States, potentially backed by a court-enforceable consent decree and an independent monitor. Regular security assessments, red-team tests, and certifications would be required, with escalation procedures and the option to suspend operations if material breaches occur. App stores and telecom providers could be asked to honor enforcement triggers written into the agreement.
Politically, some U.S. lawmakers remain skeptical of any plan short of full divestiture, while Chinese regulators are wary of setting a precedent that gives away strategic algorithms. Still, the economic and social costs of an outright ban keep a compromise on the table. For users and creators, the app would look and feel familiar if a deal lands, with changes mostly happening behind the scenes. If talks stall, the fight could shift to courts and app distribution, though limited extensions tied to verifiable progress remain possible.
