The Protect Your PIN Act of 2025 amends Section 1401 of the Violence Against Women Act Reauthorization Act of 2022 (codified at 34 U.S.C. 30107) to add a standalone definition of “identity theft” and to include identity-theft offenses alongside “cybercrimes against individuals” in the statute’s local law enforcement grant provisions. Concretely, the bill inserts a new paragraph defining identity theft as knowingly transferring, possessing, or using without lawful authority a means of identification of another person, and it modifies subsections (b)–(d) so identity theft is eligible for the same grant program that funds local cybercrime enforcement.
Why this matters: the change makes identity-theft investigations and related activities eligible for a VAWA-administered federal grant stream, potentially opening federal funding for training, digital forensics, and investigative capacity at state, tribal, and local levels. The statutory language also ties eligibility to whether a relevant identity-theft offense exists under local law, which creates practical limits and implementation questions for agencies and grant administrators.
At a Glance
What It Does
The bill inserts a new definition of “identity theft” into 34 U.S.C. 30107 and appends “or identity theft” wherever the statute now references “cybercrimes against individuals” in subsections (b) through (d). That change makes identity-theft offenses explicitly eligible for the same local law enforcement grants created for cybercrime enforcement under VAWA Reauthorization Act of 2022.
Who It Affects
Local, state, and tribal law enforcement agencies that apply for VAWA cybercrime enforcement grants; Department of Justice grant administrators who must update eligibility guidance; prosecutors and digital-forensics units that could receive funded support; and victims of identity theft who may receive stronger investigative responses.
Why It Matters
The amendment expands an existing federal grant vehicle to cover identity theft without creating a new program, which can accelerate funding access. But the bill ties eligibility to local criminal law and does not authorize new appropriations, so practical effects will depend on how grant rules are revised and how limited funding is allocated.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
At a structural level, the Protect Your PIN Act is short and targeted: it changes one statutory section to add identity theft to a grant program that already funds local enforcement of cybercrimes. The bill accomplishes that by inserting a three-part definition of identity theft into the statute and then updating the cross‑references so that wherever the law mentions “cybercrimes against individuals,” it now reads “cybercrimes against individuals or identity theft.”
The definition the bill adds is functional: identity theft covers knowingly transferring, possessing, or using without lawful authority a “means of identification” of another person. The text ties the offense to whatever criminal law is “applicable in the area under the jurisdiction of the relevant State, Indian Tribe, or unit of local government,” which means the statute does not create a standalone federal crime or federalize identity theft — it makes grant eligibility contingent on a qualifying local or tribal offense existing.Because the bill simply expands the list of eligible crimes in the existing grant program, the immediate operational effect is on grant administration.
The Department of Justice — through the Office of Justice Programs or the agency that runs the VAWA grants — will need to update solicitations, eligibility criteria, and program guidance to reflect that identity-theft investigations, training, equipment, and victim-assistance activities can be funded the same way cybercrime enforcement has been. Local agencies that already pursue cybercrime funding can add identity-theft projects to applications; agencies that lack statutory identity-theft offenses may be excluded unless they enact enabling criminal statutes.Finally, the bill leaves untouched funding levels and program structure.
It does not appropriate money or change reporting, matching, or allowable-activity rules in the text before us. That means practitioners should expect a legal and administrative expansion of eligibility, but the scale and distribution of funding for identity-theft work will be determined by subsequent grant guidance and annual appropriations decisions.
The Five Things You Need to Know
The bill amends Section 1401 of the Violence Against Women Act Reauthorization Act of 2022 (codified at 34 U.S.C. 30107).
It inserts a new paragraph (3) defining “identity theft” as knowingly transferring, possessing, or using, without lawful authority, a means of identification of another person.
The definition applies only where an identity-theft criminal offense is “applicable in the area under the jurisdiction of the relevant State, Indian Tribe, or unit of local government.”, Subsections (b) through (d) of Section 1401 are revised to add “or identity theft” after every occurrence of “cybercrimes against individuals,” making identity theft explicitly eligible for the same grant program.
The bill does not authorize new appropriations or change other statutory grant terms; it expands eligibility but leaves funding levels and program rules to existing authorities and grant guidance.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Short title
Provides the Act’s short title: the “Protect Your PIN Act of 2025.” This is purely formal and does not affect substantive implementation, but it signals the bill’s focus for drafting administrative guidance and press materials.
New statutory definition of identity theft
Adds a new paragraph defining “identity theft” to Section 1401(a). The definition is narrowly drafted: it criminalizes knowingly transferring, possessing, or using a means of identification of another person without lawful authority. Critically, the definition is anchored to local law — it applies only where a corresponding criminal offense exists under state, tribal, or local law — so the change affects grant eligibility rather than creating a federal crime or uniform national standard.
Extends grant eligibility to cover identity-theft offenses
Wherever the statute currently refers to “cybercrimes against individuals” in subsections (b) through (d), the bill inserts “or identity theft.” Those subsections govern the local law enforcement grant program’s purposes, eligible activities, and conditions; by appending identity theft, the bill makes identity-theft investigations and associated activities eligible for the same grants. Practically, grant solicitations, allowed-costs lists, and reporting requirements will need to be updated to reflect this expanded scope.
This bill is one of many.
Codify tracks hundreds of bills on Justice across all five countries.
Explore Justice in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Local and tribal law enforcement agencies — They gain an additional, existing federal grant vehicle to fund identity-theft investigations, training, and forensic tools, increasing their capacity without waiting for a new program to be created.
- Prosecutors and digital-forensics units — Eligibility for the VAWA cybercrime enforcement grants can finance evidence preservation, specialized personnel, and cross-jurisdictional investigative support that identity-theft prosecutions often require.
- Victims of identity theft — If funded projects improve investigative capacity and victim services, victims may see quicker case openings, stronger evidence collection, and better access to remedies and support.
- Grant administrators (DOJ/OJP) — They gain clearer statutory authority to fund identity-theft activities through an established program, simplifying legal justification for awardmaking decisions.
Who Bears the Cost
- Department of Justice grant administrators — OJP and related offices must revise solicitations, eligibility rules, monitoring, and evaluation frameworks to incorporate identity-theft activities, creating administrative work and potential short-term implementation costs.
- State, tribal, and local governments without clear identity-theft statutes — Because eligibility hinges on a local criminal offense, jurisdictions that lack suitable statutes may need to enact new laws to allow their agencies to compete for funds.
- Existing VAWA grant applicants and priorities — Without new appropriations, expanding eligibility risks redirecting limited funds toward identity-theft projects and away from other VAWA priorities unless Congress increases funding.
- Local agencies seeking to apply — Preparing competitive grant applications for digital-forensics work can require time, matching funds, and staff capacity, creating upfront costs for smaller departments.
Key Issues
The Core Tension
The central dilemma is simple: expand federal support for identity-theft enforcement to help victims and bolster local capacity, or preserve the existing focus and limited funds of a VAWA grant program. The bill tilts toward expansion by broadening eligibility, but because it does not add funding or resolve definitional and jurisdictional gaps, it risks diluting program resources and producing unequal access unless accompanied by clear guidance and additional appropriations.
Two implementation issues will determine how consequential this statutory change is. First, the bill’s definition expressly ties eligibility to local criminal law: identity-theft activities are fundable only where a corresponding offense is “applicable in the area” of the jurisdiction.
That preserves deference to state and tribal criminal codes but creates an uneven eligibility landscape—agencies in jurisdictions without clear identity-theft statutes will remain excluded unless legislatures act or program guidance interprets the phrase broadly.
Second, the text expands eligibility without authorizing additional appropriations or creating programmatic detail. That means the practical increase in identity-theft enforcement hinges on annual appropriations and on how DOJ prioritizes awards.
The change creates potential duplication or overlap with other federal efforts (for example, COPS Program grants, ICAC task force funding, or DOJ identity-theft initiatives), and it places a premium on clear interagency coordination and updated guidance to avoid double-funding or gaps in oversight. Finally, the statutory language uses “means of identification” without elaboration, leaving open questions about coverage of synthetic-identity schemes, account takeover variants, and data-broker misuse—questions that grant guidance and case law will have to resolve.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.