Trump's TikTok Executive Order and the Limits of Executive Non-Enforcement

The Supreme Court's unanimous Jan. 17 decision upholding the TikTok divestment-or-ban law triggered a dramatic sequence of events. The law, known as the Protecting Americans from Foreign Adversary Controlled Applications Act (PAFACAA), prohibits U.S. app stores and cloud services providers from hosting TikTok, with violations accruing penalties of $5,000 per user who accesses the popular social media app. It took effect at midnight on Jan. 19, and major U.S. technology companies complied: Apple and Google removed TikTok from their app stores, while infrastructure providers Oracle and Akamai terminated their services. TikTok itself shut down access to U.S. users even though it was not strictly required to, presumably to make vivid what a world without TikTok would look like.

But mere hours later the landscape shifted once again. Then-President elect Trump publicly urged companies to restore service, promising both a forthcoming executive order to extend the deadline and retroactive protection from liability. He also floated a bizarre proposal for the U.S. government to acquire a 50 percent stake in TikTok (he has since reiterated this interest). While Apple and Google maintained their compliance, Oracle and Akamai made the remarkable decision to resume services, despite facing potentially catastrophic liability rates. Shortly after his inauguration on Jan. 20, Trump followed through by issuing an executive order that suspended PAFACAA enforcement for 75 days and attempted to provide retroactive protection for any violations before and during the nonenforcement period.

TikTok’s tech partners face a key executive power question: Can they rely on Trump's promises not to enforce PAFACAA? If companies continue providing services to TikTok, can Trump later change his mind and pursue enforcement actions against them for all accumulated violations? Could a future administration enforce these violations regardless of Trump's current promises? The stakes are enormous—nearly a trillion dollars in potential liability. Unfortunately for the companies, established legal doctrine suggests that they are making a remarkably risky bet on both the scope and durability of executive non-enforcement promises.

The Executive Order's Authority Claims

The Jan. 20 executive order seeks to provide TikTok's tech partners with two forms of protection: First, it suspends PAFACAA enforcement for 75 days, covering both future conduct and retroactively protecting actions taken on January 19–20, between when the law went into effect and when the executive order was issued. Second, it directs the attorney general to issue letters explicitly stating that providers face no liability for TikTok-related services during this non-enforcement period.

The order is transparently an attempt to undermine PAFACAA, rather than implement it in good faith. First, the order's own language betrays its antagonistic stance toward the law, specifically criticizing PAFACAA's “unfortunate timing” of going into effect “one day” before inauguration. Second, the order's 75-day enforcement suspension deliberately bypasses PAFACAA's built-in mechanism for 90-day extensions, which requires certification to Congress that a legally binding divestment process is underway. Third, the order's declaration that companies "did not violate" PAFACAA cannot be reconciled with the statute's plain text. The law unambiguously prohibits providing “internet hosting services,” defined as “a service through which storage and computing resources are provided . . . includ[ing] file hosting . . . [and] cloud hosting.” Finally, the order's logic collapses on itself: It makes no sense to declare that identical conduct—providing services to TikTok—somehow does not violate PAFACAA during the 75-day period but would suddenly become a violation immediately afterward.

The Legal Framework for Reliance on Executive Non-Enforcement

Legal scholar Zachary Price has synthesized the complex doctrine that governs when defendants can claim “entrapment by estoppel,” relying on government statements as a defense for legal violations. He roots this doctrine in a fundamental constitutional tension. On one side stands basic fairness to defendants, expressed through due process protections—the principle that citizens should be able to rely on their government's statements about the law. On the other side lies a core separation of powers concern: if courts broadly protected reliance on executive non-enforcement promises, they would effectively grant the president an unauthorized power to suspend laws. This would enable presidents to nullify statutes simply by promising not to enforce them, circumventing Congress's legislative role.

Price identifies three key Supreme Court cases on the due process side of the balance. First, in Raley v. Ohio (1959), the Court overturned convictions of witnesses who declined to testify based on a self-incrimination privilege that officials had implied was available, despite its invalidation by a state immunity statute. The Court deemed this a “most indefensible sort of entrapment.” Second, in Cox v. Louisiana (1965), the Court extended this principle to protect protesters who were convicted after police explicitly authorized their demonstration in a location that was technically illegal under state law. Finally, in United States v. Pennsylvania Industrial Chemical Corp. (1973), the Court expanded the doctrine to overturn a conviction where the defendant had relied on an agency's longstanding interpretation of an environmental statute, holding that defendants have a right to rely on agency regulations for guidance.

But as Price notes, because of the separation of powers concerns that entrapment by estoppel raises, lower courts have consistently interpreted this line of cases narrowly, limiting the application of non-enforcement principles to closely analogous circumstances:

[E]xisting case law has struck [the] balance in favor of enforceability and against individual reliance, while at the same time carving out a narrow exception in some cases when enforcement officials invited unlawful conduct with assurances of legality rather than mere promises of nonenforcement. Federal courts thus have sometimes protected reliance when official assurances involved at least an apparent exercise of delegated interpretive authority to determine legal meaning or when executive officials held authority to enlist private parties in government operations not subject to generally applicable legal prohibitions. In contrast, courts have generally rejected reliance on promised nonenforcement—even when doing so results in acute unfairness—when officials made no representation that conduct was lawful and promised only to exercise their discretion not to prosecute.

An important feature of the doctrine in lower courts is that it incorporates a reasonableness requirement. This test demands not only that the government "affirmatively told the defendant that the proscribed conduct was permissible," but also that the defendant “reasonably relied on the government's statement”—i.e., if a defendant “sincerely desirous of obeying the law would have accepted the information as true, and would not have been put on notice to make further inquiries.”

Courts could be expected to apply this reasonableness standard more stringently when evaluating claims by sophisticated actors. Corporate entities with substantial legal resources and regulatory expertise should face greater scrutiny of their reliance claims, as they possess the capacity to independently evaluate legal requirements rather than relying solely on executive statements.

Analyzing the Liability Exposure for TikTok’s Tech Partners

Companies like Oracle and Akamai that have continued to provide services to TikTok face liability exposure across two distinct periods.

The first period covers Jan. 19 and the morning of Jan. 20, before Trump took office. The companies have clear liability during this period with minimal defensive options. Trump's pre-inauguration statements offer no legal protection, as he lacked authority to bind executive enforcement decisions. While President Biden indicated he would not enforce PAFACAA during this transition period, he explicitly framed this as temporary deference to the incoming administration's preferences.

The second period covers the 75 days following Trump's executive order, which takes two distinct approaches to protecting companies: an order to the attorney general not to enforce PAFACAA and a declaration that providing services to TikTok doesn't violate the law at all. Neither approach is likely to provide meaningful legal protection.

The non-enforcement promise offers minimal security. As discussed above, courts rarely treat such promises as binding, even when defendants face serious consequences from relying on them. Trump could change his mind at any time or selectively enforce against companies that fall from political favor, and a future administration, taking advantage of the five-year statute of limitations, would almost certainly be free to pursue violations regardless of Trump's stance.

Trump opted for this approach despite PAFACAA providing an alternative mechanism: the president can grant a formal 90-day extension by certifying to Congress that a legally binding divestment process is underway. Perhaps Trump avoided this option because it would have required making a false certification, since no actual divestment was in process. That's good for the rule of law but bad for the companies—even a fraudulent certification would likely have provided genuine legal protection against enforcement. Instead, Trump chose a unilateral non-enforcement declaration, precisely the kind of promise courts have consistently refused to treat as binding.

The executive order's second approach—declaring that providing services to TikTok doesn't violate PAFACAA—might trigger the entrapment by estoppel defense by framing the executive action as affirmative legal interpretation rather than mere enforcement discretion. But this argument faces two flaws. First, the order includes the standard disclaimer that it creates no enforceable legal rights, directly undercutting any claim that companies could rely on its interpretations. Second, the reasonableness requirement for entrapment by estoppel likely defeats these sophisticated corporate actors' claims. The tech companies’ initial decision to terminate TikTok's services shows they understood PAFACAA created binding legal obligations; its subsequent reversal based on Trump's statements, while politically expedient, should not be viewed as reasonable reliance. This is especially true given the companies’ access to elite legal counsel capable of independently analyzing PAFACAA's requirements.

The varying levels of exposure across different provider categories makes Oracle and Akamai’s decision especially striking. As cloud infrastructure providers enabling TikTok's core functionality, these companies face catastrophic liability accumulating at $5,000 per user—TikTok has 170 million U.S. users and so PAFACAA’s penalties could compound to ruinous levels within days. By contrast, app store providers like Apple and Google face more limited exposure since most users already have TikTok on their phones; their liability would accrue more slowly, only when users download or update the app. Yet ironically, it was the cloud providers, facing the greater risk, that took the more aggressive stance by restoring services based on minimal legal protection, while the app stores maintained their compliance with PAFACAA.

* * *

The legal saga for TikTok and the companies that facilitate its U.S. services will no doubt continue. But despite the twists and turns we shouldn't lose sight of the bigger picture. While the massive potential liability for TikTok’s cloud providers certainly deserves scrutiny from shareholders and securities lawyers alike, the more troubling implication is what this episode reveals about corporate behavior in our current political moment. That sophisticated technology companies would take clearly illegal actions based on mere non-enforcement promises, bypassing established legal frameworks, suggests a dangerous willingness of our largest corporations to “obey in advance” with an administration whose disrespect for the rule of law is only going to get worse.