The doxxing-bill wave of 2025-2026: every pending bill and what it would do.

What's happening

The bills exist. None of them have passed yet.

That is the honest opening on the federal and state doxxing-legislation wave of 2025 and 2026. The Hortman assassination, the ICE-agent doxxing campaign, and the PimEyes pipeline all created enough public attention that legislators introduced bills faster than they have in any prior privacy wave. Most of those bills are still in committee. A few have moved to floor consideration. Some have already died.

What follows is the full slate as of April 2026, with honest reads on what each would do, who is behind it, and where it stands.

Federal HR 5118 / S 1952: Protecting Law Enforcement from Doxxing Act of 2025

The flagship federal bill of the wave.

What it does. Amends 18 USC 119, the existing federal doxxing statute, to criminalize the public release of a federal law enforcement officer's name with intent to obstruct, intimidate, or threaten. Penalties up to 5 years in prison; 10 years if the doxxing leads to bodily harm.

Who it covers. Federal LE only. ICE agents, Border Patrol, FBI, DEA, ATF, US Marshals. State and local LE are not covered. Family members of federal LE are not explicitly covered, though some readings of the broader 18 USC 119 framework would extend protection.

Who is behind it. The bill has bipartisan introduction in both chambers. The National Police Association has formally endorsed it. ICE union groups have endorsed it. The bill responds directly to the August-November 2025 ICE doxxing wave.

Status as of April 2026. In committee in both chambers. No floor schedule. Most likely to move after the next significant federal-LE doxxing event.

The honest read. The bill addresses real harm. Federal agents working enforcement details have been doxxed at scale. The bill creates a legal hook to prosecute doxxers who currently operate in a grey area where existing 18 USC 119 doctrine has not been applied to commercial-broker-derived doxxing. Where it falls short: state and local LE are most of the country's cops, and they get nothing from this bill. The Shield Privacy Act below tries to fix that.

Federal Shield Privacy Act of 2025 (Rep. Williams)

The companion bill that would extend protection to state and local LE.

What it does. Extends 18 USC 119 protection to state and local LE officers and their immediate families. Same penalty structure as HR 5118.

Who it covers. State and local LE officers. Family members.

Who is behind it. Rep. Williams. The bill has fewer co-sponsors than HR 5118 and has not received the same level of trade-association backing. State and local LE associations support it conceptually; the politics are less aligned than the federal-LE bill.

Status as of April 2026. In committee. No floor schedule. The bill is more likely to be folded into a future omnibus than to move on its own.

The honest read. State and local LE need this protection. Without it, the federal doxxing statute leaves out the majority of cops. The bill is well-drafted. It is also further from passage than HR 5118.

New York A10911 (2025)

The first half of New York's doxxing response.

What it does. Two parts. First, prohibits data brokers from selling personal information of military servicemembers without consent. Second, creates a criminal doxxing offense for police and peace officers in New York. Penalties scaled by harm.

Who it covers. Military servicemembers (broker-side restriction). NY police and peace officers (criminal-doxxing prohibition). Families included where the offense is connected to retaliation.

Status as of April 2026. In committee in the NY State Assembly. Companion bill in the NY Senate has not been introduced yet.

The honest read. The military-broker piece is novel. The criminal-doxxing piece is similar to existing laws in CA and TX. The bill would matter more if it passed. As of late April 2026, it has not moved out of committee.

New York S9088 (introduced January 30, 2026)

The other half of New York's response. The most ambitious state-level Delete Act analog yet.

What it does. Mirrors California's Delete Act. Creates a New York data broker registry with mandatory registration. Establishes a state-run consumer deletion platform similar to California's DROP. Imposes accuracy and disclosure obligations on registered brokers.

Who it covers. All New York consumers. Specific provisions for first responders and at-risk persons (judges, prosecutors, LE, victims of stalking, victims of domestic violence). At-risk persons get expedited deletion timelines and stronger penalty provisions.

Status as of April 2026. Introduced January 30, 2026. In Senate Consumer Protection Committee. Active hearings expected in May 2026.

The honest read. If S9088 passes, it sets the model for the next ten states. The bill is well-drafted, learns from the California Delete Act's gaps, and includes the at-risk-persons provisions that California's law treats as ancillary. New York is the most likely state to be the second to pass a Delete-Act-style law.

Vermont H.211 (2026)

The Vermont fix to the registration-compliance gap.

What it does. Increases penalties for non-registration under Vermont's data broker law. Creates a private right of action for consumers harmed by non-registered brokers. Tightens the definitions of "data broker" and "knowingly."

Status as of April 2026. In House Commerce Committee. The bill responds directly to the June 2025 Privacy Rights Clearinghouse analysis showing significant non-compliance.

The honest read. Vermont's broker law was the first in the country. It is also the most under-enforced. H.211 would put teeth on a statute that needed teeth from the start. Likely to pass in the 2026 session.

Colorado SB 1255 (February 2026)

A different mechanism for a similar problem.

What it does. Restricts how social media platforms can respond to law enforcement warrants for user data. Creates notification requirements for users in non-emergency contexts. Limits geofencing-warrant scope.

Who it covers. All Colorado social media users. Specific protections for at-risk persons (LE, judges, victims).

Status as of April 2026. In Senate Judiciary Committee. The bill is part of a broader Colorado response to social-media-driven doxxing.

The honest read. Different from the broker-side bills. Colorado is targeting the social-media-to-warrant pipeline that has been used to identify dissidents and at-risk persons. The bill is more controversial than the broker-side bills. Less likely to pass in current form.

What none of these bills do

Important to be honest.

1. None of them passes today. As of April 2026, every bill on this list is still pending. Officers should plan around what exists, not what might exist.

2. None of them retroactively scrubs broker data. Even if HR 5118 passes tomorrow, the broker pages with your address will still exist. The bills criminalize the doxxer, not the broker.

3. None of them reaches the B2B investigative tier. Accurint, TLOxp, Pipl, and the other credentialed-access tools are not subject to consumer-facing legislation in any of these bills.

4. None of them solves the family-member problem in full. Some of them include family. None of them give a spouse or child the same statutory damages a covered officer gets in NJ, FL, or NE under Daniel's Law.

5. None of them addresses facial recognition. The PimEyes pipeline that powered the ICE-agent doxxing is mostly out of scope for all these bills. Different legislation, mostly state-level biometric privacy, would be needed.

What an officer should do now

Three things.

1. Do not wait for legislation. The data-broker problem is solvable today through opt-outs, ACP enrollment, and statutory redaction at the state level for those that have it. See our protections page.

2. If you live in NJ, FL, or NE, use Daniel's Law. It is the most mature broker-removal statute that covers cops. See our Daniel's Law page.

3. If you are a federal judge, use the Anderl Act and the AOUSC pipeline. See our Lieu Act page.

4. For everyone else, paid opt-outs against the consumer-facing tier plus suppression requests against the B2B tier is the practical floor. See our opt-out coverage.

5. Track the legislation that affects you. The bills above will move at different speeds. New York S9088 is the most likely to pass in the next 12 months. Federal HR 5118 is the most likely federal bill to move. Vermont H.211 is the most likely state-level cleanup bill.

What the wave really means

The pending bills do not help today. They do show momentum. The Hortman case, the ICE List, and the PimEyes pipeline have moved Congress and a dozen state legislatures in a way prior privacy waves did not. That matters for the next two to three years of policy.

It does not matter for tomorrow morning's threat model. Tomorrow morning, your name and address are still on Spokeo. Whitepages still has your phone number. Accurint still has your driver's license history. The pending bills do not change any of that. What changes it is the work of opting out, enrolling in ACPs, filing statutory redactions, and submitting Daniel's Law demands where the law allows.

The bills will pass. Some of them. Eventually. Cops who plan around the bills will be exposed in the meantime. Cops who plan around the broker pipelines that exist today will be in better shape regardless of what Congress does.

For the catalyst behind the wave, see the Hortman catalyst effect. For the registration gap that the Vermont bill addresses, see broker registration compliance gaps.