The Documents

Regulatory filings submitted to the Irish Data Protection Commission in March 2026 contain technical architecture diagrams that were not included in TikTok's public-facing transparency reports. Bulligence obtained copies of these documents through an FOI-adjacent request process.

What the Architecture Shows

The filings reveal that user data classified as "EU-only" passes through two intermediate processing nodes — one in Singapore and one in the US — before being stored in TikTok's Dublin data centre. ByteDance engineers with Chinese-based contracts retain read access to these intermediate nodes during the processing window, which can last up to 72 hours.

This contradicts testimony given to the US Senate Commerce Committee in 2023, where TikTok's then-CEO stated that US user data "never touches a Chinese server."

TikTok's Position

TikTok's communications team provided a statement asserting that "intermediate processing is a standard technical requirement" and that "no Chinese government entity has ever accessed European user data." The company did not address the discrepancy with prior testimony.

Regulatory Outlook

The Irish DPC has confirmed it has received our supplementary evidence submission and will consider it as part of the ongoing inquiry under GDPR Article 46.