S 196
· 119th Congress
· Commerce
MAIN Event Ticketing Act
Sponsor
Latest action
Placed on Senate Legislative Calendar under General Orders. Calendar No. 144.
Action timeline
Every recorded action on this bill, newest first. Stage badges color-code the legislative path.
Sep 02, 2025
committee
Committee on Commerce, Science, and Transportation. Reported by Senator Cruz with an amendment in the nature of a substitute. With written report No. 119-57.
Commerce, Science, and Transportation Committee
Sep 02, 2025
other
Placed on Senate Legislative Calendar under General Orders. Calendar No. 144.
Apr 30, 2025
committee
Committee on Commerce, Science, and Transportation. Ordered to be reported with an amendment in the nature of a substitute favorably.
Commerce, Science, and Transportation Committee
Jan 22, 2025
introduced
Introduced in Senate
Jan 22, 2025
introduced
Read twice and referred to the Committee on Commerce, Science, and Transportation.
Commerce, Science, and Transportation Committee
Text versions
Each stage of the bill — official text published by GPO. Click any format to read on congress.gov / govinfo.
CRS summaries
Plain-English summaries written by the Congressional Research Service — neutral, nonpartisan staff who summarize bills as they advance through stages. The authoritative description of what each version of the bill does.
00
Introduced in Senate
Jan 22, 2025
Mitigating Automated Internet Networks for Event Ticketing Act or the MAIN Event Ticketing Act
This bill expands measures to protect the security and integrity of online ticket sales.
Specifically, the bill prohibits the use of applications that perform automated tasks to purchase event tickets from online ticket sellers in circumvention of the seller's posted ticket purchasing order rules. This includes using software applications that circumvent access control systems or security measures.
In addition, online ticket sellers must establish, implement, and maintain reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, integrity, or availability of the seller's website or service.
Further, online ticket sellers must report known incidents of circumvention to the Federal Trade Commission and take reasonable steps to address any such incidents.
The bill establishes civil penalties for violations of the provisions of this bill (and related prohibitions under current law) and authorizes the commission to bring civil actions for such violations.
Federal, state, and local law enforcement agencies must coordinate as appropriate with the commission to share information about known instances of cyberattacks against the websites or online services used by ticket sellers.
The commission must report to Congress on the status of enforcement actions taken under this bill.
via Congressional Research Service · published through congress.gov
Changelog
ⓘ
How a bill moves through Congress. Each stage produces a new official text. The diff between them shows what changed at that step.
ih / is — Introduced in House / Senate. First filed version.rfh / rfs — Referred to a committee for review.rh / rs — Reported back by the committee to the floor (often with amendments — this is where most language changes happen).pcs / pch — Placed on Calendar for floor consideration.eh / es — Engrossed. Passed by the originating chamber. Text is now what was actually voted on.rdh / rds — Received by the other chamber.eah / eas — Engrossed Amendment. The other chamber passed an amended version.ath / ats — Agreed to. Both chambers settled on the same text.enr — Enrolled. Final reconciled text, sent to the President.pl — Public Law. Signed by the President. It's now law.pp — Public Print. Official printing post-enactment.
Most bills die before eh/es. Going from pcs → enr is the full path through both chambers.
ⓘ
How a bill moves through Congress. Each stage produces a new official text. The diff between them shows what changed at that step.
ih/is— Introduced in House / Senate. First filed version.rfh/rfs— Referred to a committee for review.rh/rs— Reported back by the committee to the floor (often with amendments — this is where most language changes happen).pcs/pch— Placed on Calendar for floor consideration.eh/es— Engrossed. Passed by the originating chamber. Text is now what was actually voted on.rdh/rds— Received by the other chamber.eah/eas— Engrossed Amendment. The other chamber passed an amended version.ath/ats— Agreed to. Both chambers settled on the same text.enr— Enrolled. Final reconciled text, sent to the President.pl— Public Law. Signed by the President. It's now law.pp— Public Print. Official printing post-enactment.
Most bills die before eh/es. Going from pcs → enr is the full path through both chambers.
Line-level diff between text versions of this bill — what actually changed at each legislative stage.
+405
−202
55 unchanged
--- Introduced (Senate)
+++ Reported (Senate)
@@ -1,12 +1,15 @@
[From the U.S. Government Publishing Office]
-[S. 196 Introduced in Senate (IS)]
+[S. 196 Reported in Senate (RS)]
<DOC>
+Calendar No. 144
119th CONGRESS
1st Session
S. 196
+[Report No. 119-57]
+
To improve online ticket sales and protect consumers, and for other
purposes.
@@ -20,6 +23,12 @@
bill; which was read twice and referred to the Committee on Commerce,
Science, and Transportation
+September 2, 2025
+
+Reported by Mr. Cruz, with an amendment
+[Strike out all after the enacting clause and insert the part printed
+in italic]
+
_______________________________________________________________________
A BILL
@@ -30,182 +39,200 @@
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
-SECTION 1. SHORT TITLE.
-
-This Act may be cited as the ``Mitigating Automated Internet
-Networks for Event Ticketing Act'' or the ``MAIN Event Ticketing Act''.
-
-SEC. 2. STRENGTHENING THE BOTS ACT.
-
-(a) In General.--Section 2 of the Better Online Ticket Sales Act of
-2016 (15 U.S.C. 45c) is amended--
-(1) in subsection (a)(1)--
-(A) in subparagraph (A), by striking ``; or'' and
-inserting a semicolon;
-(B) in subparagraph (B), by striking the period at
-the end and inserting ``; or''; and
-(C) by adding at the end the following new
-subparagraph:
-``(C) to use or cause to be used an application
-that performs automated tasks to purchase event tickets
-from an Internet website or online service in
-circumvention of posted online ticket purchasing order
-rules of the Internet website or online service,
-including a software application that circumvents an
-access control system, security measure, or other
-technological control or measure.'';
-(2) by redesignating subsections (b) and (c) as subsections
-(c) and (d), respectively;
-(3) by inserting after subsection (a) the following new
-subsection:
-``(b) Requiring Online Ticket Issuers To Put in Place Site Policies
-and Establish Safeguards To Protect Site Security.--
-``(1) Requirement to enforce site policies.--Each ticket
-issuer that owns or operates an Internet website or online
-service that facilitates or executes the sale of event tickets
-shall ensure that such website or service has in place an
-access control system, security measure, or other technological
-control or measure to enforce posted event ticket purchasing
-limits.
-``(2) Requirement to establish site security safeguards.--
-``(A) In general.--Each ticket issuer that owns or
-operates an Internet website or online service that
-facilitates or executes the sale of event tickets shall
-establish, implement, and maintain reasonable
+<DELETED>SECTION 1. SHORT TITLE.</DELETED>
+
+<DELETED> This Act may be cited as the ``Mitigating Automated
+Internet Networks for Event Ticketing Act'' or the ``MAIN Event
+Ticketing Act''.</DELETED>
+
+<DELETED>SEC. 2. STRENGTHENING THE BOTS ACT.</DELETED>
+
+<DELETED> (a) In General.--Section 2 of the Better Online Ticket
+Sales Act of 2016 (15 U.S.C. 45c) is amended--</DELETED>
+<DELETED> (1) in subsection (a)(1)--</DELETED>
+<DELETED> (A) in subparagraph (A), by striking ``;
+or'' and inserting a semicolon;</DELETED>
+<DELETED> (B) in subparagraph (B), by striking the
+period at the end and inserting ``; or''; and</DELETED>
+<DELETED> (C) by adding at the end the following new
+subparagraph:</DELETED>
+<DELETED> ``(C) to use or cause to be used an
+application that performs automated tasks to purchase
+event tickets from an Internet website or online
+service in circumvention of posted online ticket
+purchasing order rules of the Internet website or
+online service, including a software application that
+circumvents an access control system, security measure,
+or other technological control or measure.'';</DELETED>
+<DELETED> (2) by redesignating subsections (b) and (c) as
+subsections (c) and (d), respectively;</DELETED>
+<DELETED> (3) by inserting after subsection (a) the
+following new subsection:</DELETED>
+<DELETED> ``(b) Requiring Online Ticket Issuers To Put in Place Site
+Policies and Establish Safeguards To Protect Site Security.--</DELETED>
+<DELETED> ``(1) Requirement to enforce site policies.--Each
+ticket issuer that owns or operates an Internet website or
+online service that facilitates or executes the sale of event
+tickets shall ensure that such website or service has in place
+an access control system, security measure, or other
+technological control or measure to enforce posted event ticket
+purchasing limits.</DELETED>
+<DELETED> ``(2) Requirement to establish site security
+safeguards.--</DELETED>
+<DELETED> ``(A) In general.--Each ticket issuer that
+owns or operates an Internet website or online service
+that facilitates or executes the sale of event tickets
+shall establish, implement, and maintain reasonable
administrative, technical, and physical safeguards to
protect the security, confidentiality, integrity, or
-availability of the website or service.
-``(B) Considerations.--In establishing the
+availability of the website or service.</DELETED>
+<DELETED> ``(B) Considerations.--In establishing the
safeguards described in subparagraph (A), each ticket
issuer described in such paragraph shall consider--
-``(i) the administrative, technical, and
-physical safeguards that are appropriate to the
-size and complexity of the ticket issuer;
-``(ii) the nature and scope of the
-activities of the ticket issuer;
-``(iii) the sensitivity of any customer
-information at issue; and
-``(iv) the range of security risks and
-vulnerabilities that are reasonably foreseeable
-or known to the ticket issuer.
-``(C) Third parties and service providers.--
-``(i) In general.--Where applicable, a
-ticket issuer that owns or operates an Internet
-website or online service that facilitates or
-executes the sale of event tickets shall
-implement and maintain procedures to require
-that any third party or service provider that
-performs services with respect to the sale of
-event tickets or has access to data regarding
-event ticket purchasing on the website or
-service maintains reasonable administrative,
-technical, and physical safeguards to protect
-the security and integrity of the website or
-service and that data.
-``(ii) Oversight procedure requirements.--
-The procedures implemented and maintained by a
-ticket issuer in accordance with clause (i)
-shall include the following:
-``(I) Taking reasonable steps to
-select and retain service providers
-that are capable of maintaining
-appropriate safeguards for the customer
-information at issue.
-``(II) Requiring service providers
-by contract to implement and maintain
-adequate safeguards.
-``(III) Periodically assessing
-service providers based on the risk
-they present and the continued adequacy
-of their safeguards.
-``(D) Updates.--A ticket issuer that owns or
-operates an Internet website or online service that
+</DELETED>
+<DELETED> ``(i) the administrative,
+technical, and physical safeguards that are
+appropriate to the size and complexity of the
+ticket issuer;</DELETED>
+<DELETED> ``(ii) the nature and scope of the
+activities of the ticket issuer;</DELETED>
+<DELETED> ``(iii) the sensitivity of any
+customer information at issue; and</DELETED>
+<DELETED> ``(iv) the range of security risks
+and vulnerabilities that are reasonably
+foreseeable or known to the ticket
+issuer.</DELETED>
+<DELETED> ``(C) Third parties and service
+providers.--</DELETED>
+<DELETED> ``(i) In general.--Where
+applicable, a ticket issuer that owns or
+operates an Internet website or online service
+that facilitates or executes the sale of event
+tickets shall implement and maintain procedures
+to require that any third party or service
+provider that performs services with respect to
+the sale of event tickets or has access to data
+regarding event ticket purchasing on the
+website or service maintains reasonable
+administrative, technical, and physical
+safeguards to protect the security and
+integrity of the website or service and that
+data.</DELETED>
+<DELETED> ``(ii) Oversight procedure
+requirements.--The procedures implemented and
+maintained by a ticket issuer in accordance
+with clause (i) shall include the
+following:</DELETED>
+<DELETED> ``(I) Taking reasonable
+steps to select and retain service
+providers that are capable of
+maintaining appropriate safeguards for
+the customer information at
+issue.</DELETED>
+<DELETED> ``(II) Requiring service
+providers by contract to implement and
+maintain adequate safeguards.</DELETED>
+<DELETED> ``(III) Periodically
+assessing service providers based on
+the risk they present and the continued
+adequacy of their safeguards.</DELETED>
+<DELETED> ``(D) Updates.--A ticket issuer that owns
+or operates an Internet website or online service that
facilitates or executes the sale of event tickets shall
regularly evaluate and make adjustments to the
safeguards described in subparagraph (A) in light of
any material changes in technology, internal or
external threats to system security, confidentiality,
integrity, and availability, and the changing business
-arrangements or operations of the ticket issuer.
-``(3) Requirement to report incidents of circumvention;
-consumer complaints.--
-``(A) In general.--A ticket issuer that owns or
-operates an Internet website or online service that
-facilitates or executes the sale of event tickets shall
-report to the Commission any incidents of circumvention
-of which the ticket issuer has actual knowledge.
-``(B) Consumer complaint website.--Not later than
-180 days after the date of enactment of the Mitigating
-Automated Internet Networks for Event Ticketing Act,
-the Commission shall create a publicly available
-website (or modify an existing publicly available
-website of the Commission) to allow individuals to
-report violations of this subsection to the Commission.
-``(C) Reporting timeline and process.--
-``(i) Timeline.--A ticket issuer shall
-report known incidents of circumvention within
-a reasonable period of time after the incident
-of circumvention is discovered by the ticket
-issuer, and in no case later than 30 days after
-an incident of circumvention is discovered by
-the ticket issuer.
-``(ii) Automated submission.--The
+arrangements or operations of the ticket
+issuer.</DELETED>
+<DELETED> ``(3) Requirement to report incidents of
+circumvention; consumer complaints.--</DELETED>
+<DELETED> ``(A) In general.--A ticket issuer that
+owns or operates an Internet website or online service
+that facilitates or executes the sale of event tickets
+shall report to the Commission any incidents of
+circumvention of which the ticket issuer has actual
+knowledge.</DELETED>
+<DELETED> ``(B) Consumer complaint website.--Not
+later than 180 days after the date of enactment of the
+Mitigating Automated Internet Networks for Event
+Ticketing Act, the Commission shall create a publicly
+available website (or modify an existing publicly
+available website of the Commission) to allow
+individuals to report violations of this subsection to
+the Commission.</DELETED>
+<DELETED> ``(C) Reporting timeline and process.--
+</DELETED>
+<DELETED> ``(i) Timeline.--A ticket issuer
+shall report known incidents of circumvention
+within a reasonable period of time after the
+incident of circumvention is discovered by the
+ticket issuer, and in no case later than 30
+days after an incident of circumvention is
+discovered by the ticket issuer.</DELETED>
+<DELETED> ``(ii) Automated submission.--The
Commission may establish a reporting mechanism
to provide for the automatic submission of
-reports required under this subsection.
-``(iii) Coordination with state attorneys
-general.--The Commission shall--
-``(I) share reports received from
-ticket issuers under subparagraph (A)
-with State attorneys general as
-appropriate; and
-``(II) share consumer complaints
-submitted through the website
-established under subparagraph (B) with
-State attorneys general as appropriate.
-``(4) Duty to address causes of circumvention.--A ticket
-issuer that owns or operates an Internet website or online
-service that facilitates or executes the sale of event tickets
-must take reasonable steps to improve its access control
-systems, security measures, and other technological controls or
-measures to address any incidents of circumvention of which the
-ticket issuer has actual knowledge.
-``(5) FTC guidance.--Not later than 1 year after the date
-of enactment of the Mitigating Automated Internet Networks for
-Event Ticketing Act, the Commission shall publish guidance for
-ticket issuers on compliance with the requirements of this
-subsection.'';
-(4) in subsection (c), as redesignated by paragraph (1) of
-this subsection--
-(A) by striking ``subsection (a)'' each place it
-appears and inserting ``subsection (a) or (b)'';
-(B) in paragraph (2)--
-(i) in subparagraph (A), by striking ``The
-Commission'' and inserting ``Except as provided
-in paragraph (3), the Commission''; and
-(ii) in subparagraph (B), by striking ``Any
-person'' and inserting ``Subject to paragraph
-(3), any person''; and
-(C) by adding at the end the following new
-paragraphs:
-``(3) Civil action.--
-``(A) In general.--If the Commission has reason to
-believe that any person has committed a violation of
-subsection (a) or (b), the Commission may bring a civil
-action in an appropriate district court of the United
-States to--
-``(i) recover a civil penalty under
-paragraph (4); and
-``(ii) seek other appropriate relief,
-including injunctive relief and other equitable
-relief.
-``(B) Litigation authority.--Except as otherwise
-provided in section 16(a)(3) of the Federal Trade
-Commission Act (15 U.S.C. 56(a)(3)), the Commission
-shall have exclusive authority to commence or defend,
-and supervise the litigation of, any civil action
-authorized under this paragraph and any appeal of such
-action in its own name by any of its attorneys
+reports required under this
+subsection.</DELETED>
+<DELETED> ``(iii) Coordination with state
+attorneys general.--The Commission shall--
+</DELETED>
+<DELETED> ``(I) share reports
+received from ticket issuers under
+subparagraph (A) with State attorneys
+general as appropriate; and</DELETED>
+<DELETED> ``(II) share consumer
+complaints submitted through the
+website established under subparagraph
+(B) with State attorneys general as
+appropriate.</DELETED>
+<DELETED> ``(4) Duty to address causes of circumvention.--A
+ticket issuer that owns or operates an Internet website or
+online service that facilitates or executes the sale of event
+tickets must take reasonable steps to improve its access
+control systems, security measures, and other technological
+controls or measures to address any incidents of circumvention
+of which the ticket issuer has actual knowledge.</DELETED>
+<DELETED> ``(5) FTC guidance.--Not later than 1 year after
+the date of enactment of the Mitigating Automated Internet
+Networks for Event Ticketing Act, the Commission shall publish
+guidance for ticket issuers on compliance with the requirements
+of this subsection.'';</DELETED>
+<DELETED> (4) in subsection (c), as redesignated by
+paragraph (1) of this subsection--</DELETED>
+<DELETED> (A) by striking ``subsection (a)'' each
+place it appears and inserting ``subsection (a) or
+(b)'';</DELETED>
+<DELETED> (B) in paragraph (2)--</DELETED>
+<DELETED> (i) in subparagraph (A), by
+striking ``The Commission'' and inserting
+``Except as provided in paragraph (3), the
+Commission''; and</DELETED>
+<DELETED> (ii) in subparagraph (B), by
+striking ``Any person'' and inserting ``Subject
+to paragraph (3), any person''; and</DELETED>
+<DELETED> (C) by adding at the end the following new
+paragraphs:</DELETED>
+<DELETED> ``(3) Civil action.--</DELETED>
+<DELETED> ``(A) In general.--If the Commission has
+reason to believe that any person has committed a
+violation of subsection (a) or (b), the Commission may
+bring a civil action in an appropriate district court
+of the United States to--</DELETED>
+<DELETED> ``(i) recover a civil penalty
+under paragraph (4); and</DELETED>
+<DELETED> ``(ii) seek other appropriate
+relief, including injunctive relief and other
+equitable relief.</DELETED>
+<DELETED> ``(B) Litigation authority.--Except as
+otherwise provided in section 16(a)(3) of the Federal
+Trade Commission Act (15 U.S.C. 56(a)(3)), the
+Commission shall have exclusive authority to commence
+or defend, and supervise the litigation of, any civil
+action authorized under this paragraph and any appeal
+of such action in its own name by any of its attorneys
designated by it for such purpose, unless the
Commission authorizes the Attorney General to do so.
The Commission shall inform the Attorney General of the
@@ -213,42 +240,192 @@
preclude the Attorney General from intervening on
behalf of the United States in such action and any
appeal of such action as may be otherwise provided by
-law.
-``(C) Rule of construction.--Any civil penalty or
-relief sought through a civil action under this
-paragraph shall be in addition to other penalties and
-relief as may be prescribed by law.
-``(4) Civil penalties.--
-``(A) In general.--Any person who violates
-subsection (a) or (b) shall be liable for--
-``(i) a civil penalty of not less than
-$10,000 for each day during which the violation
-occurs or continues to occur; and
-``(ii) an additional civil penalty of not
-less than $1,000 per violation.
-``(B) Enhanced civil penalty for intentional
-violations.--In addition to the civil penalties under
-subparagraph (A), a person that intentionally violates
-subsection (a) or (b) shall be liable for a civil
-penalty of not less than $10,000 per violation.'';
-(5) in subsection (d), as redesignated by paragraph (1) of
+law.</DELETED>
+<DELETED> ``(C) Rule of construction.--Any civil
+penalty or relief sought through a civil action under
+this paragraph shall be in addition to other penalties
+and relief as may be prescribed by law.</DELETED>
+<DELETED> ``(4) Civil penalties.--</DELETED>
+<DELETED> ``(A) In general.--Any person who violates
+subsection (a) or (b) shall be liable for--</DELETED>
+<DELETED> ``(i) a civil penalty of not less
+than $10,000 for each day during which the
+violation occurs or continues to occur;
+and</DELETED>
+<DELETED> ``(ii) an additional civil penalty
+of not less than $1,000 per
+violation.</DELETED>
+<DELETED> ``(B) Enhanced civil penalty for
+intentional violations.--In addition to the civil
+penalties under subparagraph (A), a person that
+intentionally violates subsection (a) or (b) shall be
+liable for a civil penalty of not less than $10,000 per
+violation.'';</DELETED>
+<DELETED> (5) in subsection (d), as redesignated by
+paragraph (1) of this subsection, by striking ``subsection
+(a)'' each place it appears and inserting ``subsection (a) or
+(b)''; and</DELETED>
+<DELETED> (6) by adding at the end the following new
+subsections:</DELETED>
+<DELETED> ``(e) Law Enforcement Coordination.--</DELETED>
+<DELETED> ``(1) In general.--The Federal Bureau of
+Investigation, the Department of Justice, and other relevant
+State or local law enforcement officials shall coordinate as
+appropriate with the Commission to share information about
+known instances of cyberattacks on security measures, access
+control systems, or other technological controls or measures on
+an Internet website or online service that are used by ticket
+issuers to enforce posted event ticket purchasing limits or to
+maintain the integrity of posted online ticket purchasing order
+rules. Such coordination may include providing information
+about ongoing investigations but may exclude classified
+information or information that could compromise a law
+enforcement or national security effort, as
+appropriate.</DELETED>
+<DELETED> ``(2) Cyberattack defined.--In this paragraph, the
+term `cyberattack' means an attack, via cyberspace, targeting
+an enterprise's use of cyberspace for the purpose of--
+</DELETED>
+<DELETED> ``(A) disrupting, disabling, destroying,
+or maliciously controlling a computing environment or
+computing infrastructure; or</DELETED>
+<DELETED> ``(B) destroying the integrity of data or
+stealing controlled information.</DELETED>
+<DELETED> ``(f) Congressional Report.--Not later than 1 year after
+the date of enactment of this paragraph, the Commission shall report to
+Committee on Commerce, Science, and Transportation of the Senate and
+the Committee on Energy and Commerce of the House of Representatives on
+the status of enforcement actions taken pursuant to this Act, as well
+as any identified limitations to the Commission's ability to pursue
+incidents of circumvention described in subsection
+(a)(1)(A).''.</DELETED>
+<DELETED> (b) Additional Definition.--Section 3 of the Better Online
+Ticket Sales Act of 2016 (15 U.S.C. 45c note) is amended by adding at
+the end the following new paragraph:</DELETED>
+<DELETED> ``(4) Circumvention.--The term `circumvention'
+means the act of avoiding, bypassing, removing, deactivating,
+or otherwise impairing an access control system, security
+measure, safeguard, or other technological control or measure
+described in section 2(b)(1).''.</DELETED>
+
+SECTION 1. SHORT TITLE.
+
+This Act may be cited as the ``Mitigating Automated Internet
+Networks for Event Ticketing Act'' or the ``MAIN Event Ticketing Act''.
+
+SEC. 2. STRENGTHENING THE BOTS ACT.
+
+(a) In General.--Section 2 of the Better Online Ticket Sales Act of
+2016 (15 U.S.C. 45c) is amended--
+(1) in subsection (a)(1)--
+(A) in subparagraph (A)--
+(i) by inserting ``online'' before ``ticket
+issuer''; and
+(ii) by striking ``; or'' and inserting a
+semicolon;
+(B) in subparagraph (B), by striking the period at
+the end and inserting ``; or''; and
+(C) by adding at the end the following new
+subparagraph:
+``(C) to use or cause to be used an application,
+including a software application, that performs
+automated tasks to purchase event tickets from an
+Internet website or online service used by an online
+ticket issuer through the circumvention of an access
+control system, security measure, or other
+technological control or measure used by such Internet
+website or online service to enforce posted online
+ticket purchasing order rules of the Internet website
+or online service.'';
+(2) by redesignating subsections (b) and (c) as subsections
+(c) and (d), respectively;
+(3) by inserting after subsection (a) the following new
+subsection:
+``(b) Requiring Online Ticket Issuers to Enforce Site Policies.--
+``(1) Requirement to enforce and update site policies.--
+Each online ticket issuer shall--
+``(A) establish, implement, and maintain an access
+control system, security measure, or other
+technological control or measure to enforce posted
+event ticket purchasing limits and to maintain the
+integrity of posted online ticket purchasing order
+rules; and
+``(B) regularly evaluate and make adjustments, as
+necessary, to such an access control system, security
+measure, or other technological control or measure in
+light of any material changes in technology, internal
+or external threats to system security, and the
+changing business arrangements or operations of the
+ticket issuer.
+``(2) Requirement to report incidents of circumvention;
+consumer complaints.--
+``(A) In general.--Each online ticket issuer shall
+report to the Commission any incidents of circumvention
+of which the ticket issuer has actual knowledge not
+later than 30 days after the incident of circumvention
+is discovered by the online ticket issuer.
+``(B) Electronic submission.--The Commission may
+establish a reporting mechanism to provide for the
+electronic submission of reports required by
+subparagraph (A).
+``(C) Coordination with state attorneys general.--
+The Commission shall share with State attorneys
+general, as appropriate--
+``(i) any report received from online
+ticket issuers under subparagraph (A); and
+``(ii) consumer complaints related to any
+violation of this subsection that are submitted
+through the Commission's website.
+``(3) Requirement to address known causes of
+circumvention.--Each online ticket issuer shall take reasonable
+steps to improve its access control systems, security measures,
+and other technological controls or measures to address any
+known or reasonably foreseeable risks connected to incidents of
+circumvention.
+``(4) Commission guidance.--Not later than 1 year after the
+date of enactment of the Mitigating Automated Internet Networks
+for Event Ticketing Act, the Commission shall publish guidance
+for online ticket issuers regarding compliance with the
+requirements of this subsection.'';
+(4) in subsection (c), as redesignated by paragraph (2) of
+this subsection--
+(A) by striking ``subsection (a)'' each place it
+appears and inserting ``subsection (a) or (b)''; and
+(B) by adding at the end the following new
+paragraph:
+``(3) Limitation on commission guidance.--
+``(A) In general.--No guidance issued by the
+Commission with respect to this Act shall confer any
+rights on any person, State, or locality, nor shall
+operate to bind the Commission or any person to the
+approach recommended in such guidance.
+``(B) Specific allegations.--In any enforcement
+action brought pursuant to this Act, the Commission--
+``(i) shall allege a specific violation of
+a provision of this Act; and
+``(ii) may not base an enforcement action
+on, or execute a consent order based on,
+practices that are alleged to be inconsistent
+with any such guidance, unless the practices
+allegedly violate this Act.'';
+(5) in subsection (d), as redesignated by paragraph (2) of
this subsection, by striking ``subsection (a)'' each place it
appears and inserting ``subsection (a) or (b)''; and
(6) by adding at the end the following new subsections:
``(e) Law Enforcement Coordination.--
``(1) In general.--The Federal Bureau of Investigation, the
-Department of Justice, and other relevant State or local law
+Attorney General, and other relevant State or local law
enforcement officials shall coordinate as appropriate with the
-Commission to share information about known instances of
-cyberattacks on security measures, access control systems, or
-other technological controls or measures on an Internet website
-or online service that are used by ticket issuers to enforce
-posted event ticket purchasing limits or to maintain the
-integrity of posted online ticket purchasing order rules. Such
-coordination may include providing information about ongoing
-investigations but may exclude classified information or
-information that could compromise a law enforcement or national
-security effort, as appropriate.
+Commission to share information about any known instance of a
+cyberattack on a security measure, access control system, or
+other technological control or measure on an Internet website
+or online service that is used by an online ticket issuer to
+enforce posted event ticket purchasing limits or to maintain
+the integrity of posted online ticket purchasing order rules.
+Such coordination may include providing information about
+ongoing investigations, but may exclude classified information
+or information that could compromise a law enforcement or
+national security effort, as appropriate.
``(2) Cyberattack defined.--In this paragraph, the term
`cyberattack' means an attack, via cyberspace, targeting an
enterprise's use of cyberspace for the purpose of--
@@ -261,15 +438,41 @@
of enactment of this paragraph, the Commission shall report to
Committee on Commerce, Science, and Transportation of the Senate and
the Committee on Energy and Commerce of the House of Representatives on
-the status of enforcement actions taken pursuant to this Act, as well
-as any identified limitations to the Commission's ability to pursue
-incidents of circumvention described in subsection (a)(1)(A).''.
-(b) Additional Definition.--Section 3 of the Better Online Ticket
+the status of any enforcement action taken pursuant to this Act, as
+well as any identified limitations to the Commission's ability to
+pursue incidents of circumvention described in subsection (a)(1)(A).''.
+(b) Additional Definitions.--Section 3 of the Better Online Ticket
Sales Act of 2016 (15 U.S.C. 45c note) is amended by adding at the end
-the following new paragraph:
+the following new paragraphs:
``(4) Circumvention.--The term `circumvention' means the
act of avoiding, bypassing, removing, deactivating, or
otherwise impairing an access control system, security measure,
safeguard, or other technological control or measure described
-in section 2(b)(1).''.
-<all>
+in section 2.
+``(5) Online ticket issuer.--The term `online ticket
+issuer' means a ticket issuer that owns or operates an Internet
+website or online service that, in the regular course of trade
+or business of the issuer, facilitates or executes the sale of
+event tickets to the general public.''.
+Calendar No. 144
+
+119th CONGRESS
+
+1st Session
+
+S. 196
+
+[Report No. 119-57]
+
+_______________________________________________________________________
+
+A BILL
+
+To improve online ticket sales and protect consumers, and for other
+purposes.
+
+_______________________________________________________________________
+
+September 2, 2025
+
+Reported with an amendment
Cosponsors (1)
Members who signed on to support this bill.