WeVote

Bill

Bill

SB 2523

Criminal Offenses - As introduced, clarifies that the criminal offense of knowingly accessing a communication or computer system for the purpose of fraud or theft includes accessing a cloud computing service. - Amends TCA Title 4; Title 10; Title 35; Title 37; Title 38; Title 39; Title 40; Title 45; Title 47; Title 65; Title 66; Title 67 and Title 71.

114th Regular Session (2025-2026) Introduced by Jeff Yarbro

Cloud computing services are explicitly included in crimes of knowingly accessing systems to commit fraud or theft.

Passed on Second Consideration, refer to Senate Judiciary Committee
0
WeVote Research Nonpartisan
Bill Summary · SB 2523

Summary of Bill: SB 2523 / HB 2312 (Tennessee) – Consumer Protection

Jurisdiction: Tennessee | Session: 114 | Topic: Criminal Offenses – Cloud computing and access to computer systems

1) Purpose and Intent

  • The bill clarifies that the criminal offense of knowingly accessing a communication or computer system for the purpose of fraud or theft includes access to cloud computing services.
  • In essence, it updates existing statutes to explicitly cover cloud-based services when individuals knowingly access them to commit fraud or theft.

2) Key Provisions and Changes

  • Amends Tennessee Code Annotated (TCA) § 39-14-602(a)(1).
  • The revised language expands the listed targets of a crime to include:
    • Telephone systems
    • Telecommunications facilities
    • Computer software and programs
    • Data
    • Computers, computer systems, and computer networks
    • Cloud computing services
    • Any part thereof
  • The triggering purpose remains: the access must be for the purpose of fraud or theft.
  • The change is directed at classifying cloud computing services as within the scope of “communication or computer system” access used for fraudulent or theft-related conduct.

3) Affected Stakeholders

  • Potential defendants:
    • Individuals who knowingly access cloud computing services with intent to commit fraud or theft.
  • Law enforcement and prosecutors:
    • Guidance to charge individuals who target cloud-based resources under the existing statute with an explicit reference to cloud computing.
  • Courts:
    • No procedural changes anticipated beyond application of the updated statutory scope.
  • Businesses and service providers:
    • Cloud providers and customers may see enforcement clarity when dealing with fraud/theft cases involving cloud resources.

4) Procedural and Timeline Considerations

  • Effective Date: The act takes effect upon becoming law, with the ordinary “public welfare requiring it” standard.
  • Legislative History:
    • Introduced and passed first reading on February 2, 2026.
    • Passed second consideration on February 5, 2026.
    • Refer to Senate Judiciary Committee for further action (as of the latest action).
  • Fiscal Impact:
    • Claimed to be not significant.
    • Expected to result in no substantial changes in state/local revenue or court expenditures.
    • Based on estimates, the offense would align with existing penalties for theft of property or services, with low historical admissions for related offenses.

5) Notable Details

  • The bill is framed as an expansion of the existing offense to expressly include cloud computing services within the scope of prohibited access for fraud or theft.
  • It amends multiple titles (Title 4; Title 10; Title 35; Title 37; Title 38; Title 39; Title 40; Title 45; Title 47; Title 65; Title 66; Title 67; Title 71) through the referenced amendment to § 39-14-602(a)(1).
  • The fiscal note indicates the change is not expected to have a significant financial impact on government operations.

If you want, I can provide a side-by-side comparison of the current statute language versus the amended language, or a brief FAQ addressing how this affects cloud-service-related fraud cases.

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.