The Countering Online Radicalization and Terrorism Act requires the Department of Homeland Security to conduct annual assessments of terrorism threats to the United States posed by terrorist organizations that use foreign cloud-based mobile or desktop messaging applications. The initial assessment is due within 180 days of enactment, and DHS must continue these assessments annually for five years in coordination with the Director of National Intelligence.
Each assessment will analyze how such apps facilitate radicalization and recruitment, examine online payment features that may support financing for terrorist activities, and include policy recommendations. The secretary must coordinate with the Department’s General Counsel, Privacy Office, and Civil Rights and Civil Liberties Office to ensure compliance with law and privacy protections, and may leverage existing products where appropriate.
Unclassified portions will be posted publicly, with a possible classified annex, and Congress must be briefed within 30 days of each submission.
At a Glance
What It Does
Not later than 180 days after enactment and annually for five years, DHS, in coordination with the DNI, must submit an assessment of terrorism threats from terrorist organizations using foreign cloud-based messaging apps. Each assessment addresses radicalization, online payments, and policy recommendations, and is delivered in unclassified form with a potential classified annex.
Who It Affects
The assessments involve DHS components, the DNI, state and local fusion centers, and congressional committees. It also implicates foreign cloud-based apps recognized by DHS for such analysis, potentially influencing policymakers and security operations.
Why It Matters
This creates a formal, repeatable risk‑assessment process focused on a specific threat vector, improves information sharing with fusion centers, and increases transparency through public posting, while requiring privacy safeguards.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The bill establishes a structured, five-year program for regular risk assessments at the federal level. DHS must produce annual analyses that focus on terrorism threats associated with foreign cloud-based messaging apps used by terrorist organizations.
The initial assessment is due within six months of enactment, with subsequent reports each year. Each report must examine how such apps enable radicalization and recruitment, as well as the online payment mechanisms that could support terrorist financing, and it must offer concrete recommendations for mitigating these threats.
The assessments are to be coordinated with DHS legal and civil rights offices to ensure privacy protections are maintained and to align with existing DHS products where possible. The unclassified portions will be made publicly accessible on DHS’s website, while a classified annex may accompany the documents to protect sources and methods.
In addition to publishing the reports, DHS must brief the appropriate congressional committees within 30 days after each submission; other federal agencies can participate in the briefing if the committees determine it is appropriate. The bill also directs DHS to review information from state and local fusion centers and integrate relevant data into national threat analyses.
Finally, it defines what counts as a foreign cloud-based messaging application and gives DHS authority to add other apps in consultation with the DNI.
Taken together, the act creates a formal mechanism for tracking and countering threats arising from foreign, cloud-based messaging platforms. It emphasizes privacy protections and civil liberties, links reporting to congressional oversight, and relies on interagency coordination to produce actionable analyses for security professionals and policymakers.
The result is a repeatable process that could shape DHS priorities, inform resource allocation, and influence any future policy responses to online terrorist activities.
The Five Things You Need to Know
180 days after enactment: first assessment due, with five-year cadence for subsequent reports.
Assessments must analyze radicalization and recruitment linked to foreign messaging apps and examine online payment features used by terrorists.
Coordinated process with DHS General Counsel, Privacy Office, and Civil Rights and Liberties staff; may use existing DHS products.
Unclassified versions must be posted publicly; a classified annex may accompany for sensitive sources/methods.
Congress must be briefed within 30 days of each submission; DNI involvement and interagency briefing may extend to other agencies as appropriate.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Short title
This act may be cited as the Countering Online Radicalization and Terrorism Act. It names the overall purpose and sets the stage for the requirements that follow in later sections.
Sense of Congress regarding foreign messaging apps
The law expresses concern about the rising terrorism threat landscape associated with foreign cloud-based messaging apps and directs DHS, in consultation with the DNI, to recognize, assess, and address this threat. The provision frames the issue as a national security priority and establishes the intent to reduce risks to the American public.
Annual assessments on threats posed by foreign messaging apps
This section requires DHS to submit an annual terrorism threat assessment for five years, beginning 180 days after enactment, with DNI coordination. Each assessment must cover incidents where terrorist groups used foreign messaging apps to radicalize or recruit, analyze online payment features that enable financing, and provide recommendations for addressing these threats. The assessments must be coordinated with the General Counsel, Privacy Office, and Civil Rights and Civil Liberties Office to ensure legal compliance and privacy protections, and may rely on existing DHS products.
Information sharing with fusion centers
DHS must review terrorism threat information gathered by state and local fusion centers and the National Network of Fusion Centers and integrate appropriate data into DHS’s own threat information ecosystem. DHS must disseminate relevant information to fusion centers to support nationwide analysis and situational awareness, facilitating coordinated local and national security responses.
Definitions
This section defines foreign cloud-based mobile or desktop messaging applications, including specific apps such as ByteDance-owned services, Telegram, WeChat, VKontakte, Weibo, and others the Secretary, in consultation with the DNI, designates as appropriate. It also clarifies terms like fusion center and National Network of Fusion Centers and sets out the definition of a terrorist organization per existing law. These definitions determine the scope of apps and entities covered by the assessments and information-sharing provisions.
This bill is one of many.
Codify tracks hundreds of bills on Government across all five countries.
Explore Government in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- DHS analysts and leadership gain a formal, repeatable threat assessment process that informs prioritization and resourceallocation.
- The Director of National Intelligence benefits from structured collaboration with DHS, improving interoperability of intelligence products.
- State and local fusion centers receive consolidated threat information to inform regional security planning and rapid local responses.
- Congressional committees obtain timely, unclassified reporting and briefings that support oversight and policymaking.
- The American public benefits from greater transparency through the public posting of unclassified assessment material and clearer national security signaling.
Who Bears the Cost
- DHS will incur staffing, data collection, and analysis costs to produce annual five-year assessments.
- The DNI will contribute resources and coordination to interagency assessments and briefings.
- Fusion centers face increased data processing and information-sharing responsibilities that require staffing and IT resources.
- The Privacy and Civil Liberties offices within DHS will oversee compliance activities, potentially increasing oversight workload.
- Congressional staff time and committee resources are required for briefings and oversight related to each assessment.
Key Issues
The Core Tension
Balancing the need for timely, comprehensive threat assessments with robust privacy protections and practical data access presents a central dilemma: security outputs must be actionable and transparent, yet respect civil liberties and the realities of multinational platform data governance.
The bill creates a structured mechanism for assessing threats from foreign cloud-based messaging apps and sharing information across federal, state, and local lines. However, implementing these assessments hinges on access to reliable data about illicit activity on global platforms, which may be uneven across providers and jurisdictions.
The coordination requirements with privacy offices and legal counsel help guard civil liberties, but they may also slow or constrain data collection and dissemination. There is a risk that the five-year cadence could become a ceiling rather than a floor if new threats emerge, or that public postings could reveal sensitive operational details if not carefully managed.
The dependence on existing DHS products could limit the analysis if current tools are not adequately configured to capture rapidly evolving online threat activity.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.