H.R. 2787 amends title 18 to require a warrant before a governmental entity can compel a provider of electronic communication service or remote computing service to disclose records or other information that relate to a subscriber or customer, explicitly including metadata. The bill removes the existing storage‑duration distinction that previously allowed different processes depending on whether communications had been in electronic storage for more than 180 days.
This change shifts the default legal standard for access to non‑content provider records: investigators will generally need a court‑issued warrant under the Federal Rules of Criminal Procedure (or analogous state or military procedures). For privacy and compliance professionals, the bill recasts routine metadata requests as search‑warrant searches and will reshape provider response practices and law enforcement workflows if enacted.
At a Glance
What It Does
The bill amends 18 U.S.C. §2703 to require a warrant for disclosure of records or other information from providers of electronic communications or remote computing services, and explicitly includes metadata (as defined in 44 U.S.C. §3502) within that scope. It eliminates the 180‑day storage distinction that previously affected disclosure procedures.
Who It Affects
Major and small providers of email, messaging, cloud storage, and similar services; federal, state, and military investigators and prosecutors who rely on provider records; defense counsel and civil litigants who litigate compelled‑disclosure issues.
Why It Matters
The bill elevates metadata to warrant‑protected information, narrowing routine administrative or subpoena‑based access that law enforcement has used for investigative leads. Compliance teams will need to rework internal processes for legal process and providers may see more warrant applications and judicial review.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The bill edits section 2703 of title 18 to change when and how government actors can compel provider records. It removes the language that treated communications stored for “180 days or less” differently, and it rewrites the subsection that governs disclosure of ‘‘records or other information’’ so that such information—now explicitly including metadata—may be obtained only with a warrant issued by a court of competent jurisdiction.
The text points investigators to the Federal Rules of Criminal Procedure for warrant procedures, while allowing parallel state warrant processes and military warrant procedures under the Uniform Code of Military Justice.
Metadata is not redefined in the bill itself; instead the bill imports the term by reference to the definition in 44 U.S.C. §3502. That creates a statutory cross‑reference that will pull in the federal definition of metadata rather than supplying a bespoke statutory definition in the amended criminal code.
Practically, that means a broad range of non‑content signals—timestamps, routing information, device identifiers, IP addresses, and other technical and transactional metadata—are covered unless courts interpret the incorporated definition more narrowly.The bill also contains a retroactivity clause. Disclosures that occurred before enactment under the then‑existing §2703(c) remain valid and are not undone.
However, any subsequent disclosure related to an earlier compelled disclosure—or an expansion of a prior disclosure—after enactment must comply with the new warrant requirement and will be treated as a new disclosure. That creates a cut‑off: past compelled turns of data stay as they are, but any follow‑up access generally triggers the warrant rule.Mechanically, the bill leaves other parts of title 18 untouched beyond the specified edits, so other legal authorities (for example, FISA, national security letters, or statutory fines and penalties located elsewhere) are not directly amended by this text.
The focus is narrow: change the procedural baseline in §2703 so that courts, providers, and investigators treat non‑content provider records as warrant‑protected unless another statute expressly authorizes a different process.
The Five Things You Need to Know
The bill amends 18 U.S.C. §2703 and removes the clause that distinguished records based on whether communications had been in electronic storage for more than 180 days.
It adds explicit text requiring a warrant for 'other information, including the metadata (as that term is defined in section 3502 of title 44),' so metadata is brought within §2703’s warrant rule by cross‑reference.
The required warrant must be issued using the procedures described in the Federal Rules of Criminal Procedure, or applicable state warrant procedures, or under section 846 of title 10 for courts‑martial and military proceedings.
The bill’s retroactivity clause preserves compulsory disclosures made before the statute’s enactment but treats any later related or expanded disclosures as new requests subject to the warrant requirement.
The amendment strikes one or more existing paragraphs in §2703(c) and removes a reference to subsection (c) in subsection (d), narrowing exceptions that previously permitted disclosure without a warrant.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Short title — 'Warrant for Metadata Act'
This is the naming provision. Its practical effect is only to provide the bill’s public short title; it carries no operational legal change. Analysts and drafters use the short title to refer to the package, but enforcement and interpretation rely entirely on the amendments that follow.
Remove the 180‑day storage distinction
The bill strikes the phrase that referenced communications stored for 'one hundred and eighty days or less.' That excises the statutory language that previously differentiated procedures based on storage time. Removing this language narrows the universe of administrative pathways available to investigators and signals that the statute no longer treats older stored communications differently for purposes of compulsory process under §2703.
Warrant required for 'records or other information,' explicitly including metadata
Congress replaces the existing paragraph text with a single, narrower rule: a governmental entity may compel records or other information—now explicitly including metadata defined in 44 U.S.C. §3502—only if it obtains a warrant from a court of competent jurisdiction using the Federal Rules of Criminal Procedure (or corresponding state or military warrant procedures). This is the operational core of the bill: non‑content provider records that investigators commonly used subpoenas or orders to obtain will now generally require a warrant.
Grandfather past disclosures; treat follow‑ups as new requests
The retroactivity provision says earlier compelled disclosures under the old §2703(c) remain valid and enforceable; the amendment does not unwind them. But if a government seeks additional access tied to those prior disclosures after enactment—either by asking for more data or by re‑requesting data related to the same matter—that subsequent access is treated as a new disclosure and must meet the new warrant standard. For providers and investigators, this creates a firm line: do not assume you can reopen or extend past data pulls without judicial authorization under the new rule.
This bill is one of many.
Codify tracks hundreds of bills on Privacy across all five countries.
Explore Privacy in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Individual users who want stronger protection for their digital traces — The bill elevates warrant protection to metadata, reducing routine investigatory access to device identifiers, timestamps, and connection records that reveal sensitive patterns of behavior.
- Defense attorneys and criminal defendants — By requiring warrants for metadata, the bill increases judicial oversight of commonly used investigative techniques and provides a clearer basis to challenge improper non‑warrant disclosures.
- Civil liberties organizations and privacy‑focused advocates — The statutory change aligns statutory procedure with modern understandings of how metadata can reveal intimate details, supporting litigation and advocacy grounded in statutory protection.
Who Bears the Cost
- Federal, state, and local law enforcement agencies — Investigators must obtain warrants more often, which may slow some investigative leads and increase the number of warrant applications and associated legal work.
- Providers of electronic communication and remote computing services — Compliance teams will face more court orders, more records production under warrants (rather than administrative subpoenas), and heightened litigation if they receive conflicting process or if prior disclosures are questioned.
- Smaller or under‑resourced prosecutors and public defenders — The procedural shift may increase drafting and court time; smaller offices may absorb disproportionate administrative burden when seeking routine metadata.
Key Issues
The Core Tension
The bill resolves a privacy gap by treating metadata like content for warrant purposes, but in doing so it forces a trade‑off between stronger judicial oversight of intrusive non‑content collection and the practical needs of law enforcement to obtain timely investigative leads; the choice protects individual privacy at the cost of added procedural friction and potential jurisdictional complexity.
The bill makes a focused procedural change to §2703, but several implementation questions could shape its real‑world effect. First, the bill imports the term 'metadata' by referencing 44 U.S.C. §3502 rather than defining it in §2703.
That choice speeds drafting but leaves open how courts will apply the federal definition in contexts not contemplated by that definition, and whether certain transactional records will be treated as metadata or excluded. Second, the statute addresses compelled disclosures under §2703 but does not explicitly displace other statutory authorities (for example, FISA orders, national security letters, administrative subpoenas in other statutes, or state search‑and‑seizure doctrines).
Those parallel regimes may continue to provide access channels that the bill does not cover, producing potential forum‑shopping or conflicts of authority.
Operational burdens are another unresolved issue. The retroactivity clause preserves past compelled disclosures but treats later follow‑ups as new, which protects historical agency actions but requires fresh warrants for expansions.
That will force agencies to audit past requests to determine whether new access constitutes an expansion; providers may face competing obligations when foreign governments or third parties seek the same records. Finally, the bill does not specify penalties, expedited warrant procedures for time‑sensitive investigations, or guidance on exigent circumstances beyond the warrant procedures it references.
Courts will likely confront disputes on how to balance privacy against urgent law enforcement needs, and early litigation will shape whether the practical impact is substantial or modest.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.