TikTok has established a new operational structure for the United States with a clear goal: removing the platform from the political arena by shifting the “heart” of the technology and security operations to a controlled perimeter within U.S. soil. The company announced the creation of TikTok USDS Joint Venture LLC, a entity predominantly owned by U.S. investors, designed to meet regulatory requirements and operate under specific safeguards concerning data, algorithms, moderation, and software assurance.
TikTok’s thesis is that, through this move, the platform can continue operating in the country without relying on broad promises: the new “vehicle” commits to custodianship of critical data and components in a U.S.-based Oracle cloud environment, in addition to undergoing external audits and certifications.
Ownership and Governance Structure: 80.1% in U.S. hands, ByteDance retains 19.9%
According to the official announcement, the joint venture is structured with majority U.S. ownership (80.1%) and ByteDance holding 19.9%. Furthermore, it names three managing investors: Silver Lake, Oracle, and MGX, each holding 15%.
| Element | Details (U.S.) |
|---|---|
| Majority ownership | 80.1% (U.S. investors) |
| ByteDance ownership | 19.9% |
| Managing investors | Silver Lake (15%), Oracle (15%), MGX (15%) |
The board is described as a seven-member, predominantly U.S.-based body, with a security committee led by an independent director. Among the names mentioned are, among others, Shou Chew, executives associated with Silver Lake, Oracle, Susquehanna, and MGX, as well as a chair of the security committee with a profile related to risk and national security.
The Critical Point for a Technology Sector: Defining “How” the Platform is Controlled
Beyond the ownership distribution, what matters most to the sector is that the announcement details concrete mechanisms: where data is hosted, which standards are applied, who manages the algorithm, and how software is validated.
1) Data protection in Oracle Cloud (U.S.) with audits and certifications
The joint venture states that U.S. user data will be protected within Oracle’s secure cloud environment in the U.S. and that it will operate a comprehensive privacy and cybersecurity program audited and certified by third parties.
It also specifies control frameworks: NIST CSF, NIST SP 800-53, ISO/IEC 27001, and security requirements from CISA for “restricted transactions”. This list is not decorative: these are common references in enterprise and public sector environments, indicating controls related to governance, risk, and compliance more typical of a critical provider than a consumer app.
2) Algorithm security: “retrain, test, and update” with U.S. data
The TikTok USDS Joint Venture claims that it will retrain, test, and update the recommendation algorithm using U.S. user data, and that the algorithm will also be secured in Oracle’s U.S.-based cloud.
This introduces a significant technical dimension: in practice, an “algorithmic sovereignty perimeter” is institutionalized (at least for U.S. operations), with potential implications for MLOps, validation, change observability, and traceability of datasets used for adjusting the “recommender”.
3) Software assurance: continuous source code review and “Trusted Security Partner”
A key differentiator is the emphasis on software assurance protocols and on continuous review and validation of source code, supported by Oracle as a “Trusted Security Partner”.
From an engineering perspective, this suggests a closer approach to a controlled SDLC with recurrent audits, where risk management isn’t only based on perimeters and policies but involves inspection and verification of changes, dependencies, and artifacts.
4) Moderation and Trust & Safety: decision authority within the USDS perimeter
The entity claims to have decision-making authority over trust & safety policies and content moderation to safeguard the U.S. ecosystem.
For a tech-focused outlet, the novelty here is the explicit transfer of moderation governance to an entity designed to meet national security and audit requirements, which could lead to increased traceability and external reporting.
Interoperability: Balancing a “Global” TikTok with a “Local” Core
TikTok also introduces an important nuance: it argues that interoperability will enable the U.S. to have a global experience, while global entities will manage product interoperability and certain commercial activities (e.g., e-commerce, advertising, and marketing).
Within the sector, this appears as a domain separation architecture: an operational and security core (data/algorithm/apps) under the USDS umbrella, with coordinated global layers to maintain scale and product coherence.
Scope: Not Only TikTok, But Also CapCut and Lemon8
The announcement specifies that safeguards will extend to CapCut, Lemon8, and other apps and websites in the U.S..
The Regulatory Background and the “Continuity Solution”
Some media frame this move as part of U.S. regulatory pressure on ownership and control of platforms deemed strategic, against the backdrop of measures and debates that have escalated over years in the context of the tech rivalry between Washington and Beijing.
Practically, TikTok is aiming to turn a political debate (“who controls the platform”) into a matter of verifiable controls (“who safeguards the data, who validates the code, under what standards, with which audits”), bringing the case closer to common patterns of digital sovereignty and compliance in cloud environments.
Source: Redes Sociales