Lightening Punishments for Online Fraud Act of 2026

[Good Carder]

Lightening Punishments for Online Fraud Act of 2026: Full Draft Bill to Humanize U.S. Cybersecurity Justice with Restorative Diversion for First-Time Minor Cyber Offenses​

Detailed Description of the Legislative Initiative
The “Lightening Punishments for Online Fraud Act of 2026” is a targeted federal reform designed to bring restorative justice principles into U.S. criminal proceedings for low-harm cybersecurity and online fraud offenses. It directly addresses longstanding concerns about the overbreadth and disproportionate application of the Computer Fraud and Abuse Act (CFAA, 18 U.S.C. § 1030) and related statutes like wire fraud (18 U.S.C. § 1343), which have historically led to felony convictions and incarceration even for relatively minor, first-time digital acts — such as small-scale unauthorized access, low-value online scams, or experimentation with minimal financial loss.

Core Problem It Solves:
Current law often treats these as serious felonies with mandatory enhancements under U.S. Sentencing Guidelines § 2B1.1 (economic crimes), where loss amounts trigger steep increases in offense levels, frequently resulting in prison time despite no violence, no critical infrastructure damage, and low recidivism risk among first-time offenders. This approach contributes to over-incarceration, strains federal resources, delays victim compensation, and fails to address root causes like lack of cybersecurity awareness or financial desperation. Recent congressional efforts have focused on strengthening penalties for organized cybercrime or conspiracy, but few address proportionality for minor, non-violent cases.

How the Initiative Works (Key Innovations):

• Cyber Offense Diversion Program (new statutory framework in 18 U.S.C. Chapter 229): Creates a dedicated, mandatory-consideration pathway for qualifying first-time offenders. Eligibility is narrow and objective: no prior felonies, total loss under $50,000, no involvement of critical infrastructure/national security/physical harm, and defendant agreement to full restitution plus rehabilitative conditions.
• Restorative Outcomes Over Incarceration: Successful completion yields case dismissal with prejudice and record expungement (or, alternatively, a suspended sentence, modest fine, and probation). Failure simply returns the case to standard prosecution — no automatic harsher penalties.
• Tailored Conditions: Full victim restitution (building directly on the Mandatory Victims Restitution Act, 18 U.S.C. § 3663A, which already applies to fraud schemes), cybersecurity ethics education, 100–250 hours of community service, supervised probation, and optional counseling. This emphasizes rehabilitation and victim restoration rather than pure punishment.
• Judicial and Prosecutorial Safeguards: Prosecutors can object for aggravating factors; courts must explicitly consider diversion on the record. Excludes repeat offenders, sophisticated schemes, or high-harm cases.
• Sentencing Guidelines Update: Directs the U.S. Sentencing Commission to add downward departures/variances and mitigating factors for these cases, consistent with ongoing discussions around economic crime guideline reforms.
• Accountability: Annual DOJ reports track completion rates, recidivism, and restitution recovered to ensure effectiveness and allow data-driven adjustments.

Benefits and Alignment with Current Law:
This humanizes proceedings without weakening enforcement against serious cyber threats (e.g., state actors, large-scale fraud, or infrastructure attacks — penalties remain unchanged). It leverages existing tools like pretrial diversion (Justice Manual § 9-22.000, already used successfully for white-collar cases) and the First Step Act’s emphasis on proportionality, but makes them cyber-specific and statutorily guaranteed rather than discretionary. Expected impacts include faster victim recovery, lower recidivism through education and accountability, reduced prison costs, and more judicial efficiency for truly serious cases. It promotes a balanced, modern approach to digital-age crime that prioritizes second chances where they are safe and just.

The full, unabridged bill text below is drafted in standard congressional format, self-contained, and ready for introduction (sponsor/cosponsors placeholder). It expands on the initial concept with precise definitions, detailed procedures, conforming amendments, appropriations, severability, and implementation timelines for maximum legal robustness and practicality.

---

119th CONGRESS
2d Session H.R.
[XXXX]

To establish a Cyber Offense Diversion Program providing restorative justice alternatives including suspended sentences, fines, probation, or dismissal for certain first-time, low-level online fraud and cybersecurity offenses, to amend title 18, United States Code, to humanize criminal proceedings in the cybersecurity domain, to direct amendments to the Federal Sentencing Guidelines, and for other purposes.

IN THE HOUSE OF REPRESENTATIVES
[Insert Date, e.g., April 15, 2026]
Mr./Ms. [Sponsor Name] (for himself/herself and [list cosponsors]) introduced the following bill; which was referred to the Committee on the Judiciary.

A BILL

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. SHORT TITLE; TABLE OF CONTENTS.
(a) Short Title. — This Act may be cited as the “Lightening Punishments for Online Fraud Act of 2026”.
(b) Table of Contents. — The table of contents for this Act is as follows:
Sec. 1. Short title; table of contents.
Sec. 2. Findings and purpose.
Sec. 3. Cyber Offense Diversion Program.
Sec. 4. Amendments to Federal Sentencing Guidelines.
Sec. 5. Conforming amendments.
Sec. 6. Annual reporting requirement.
Sec. 7. Authorization of appropriations.
Sec. 8. Severability.
Sec. 9. Effective date.

SECTION 2. FINDINGS AND PURPOSE.
(a) Findings. — Congress finds the following:
(1) The Computer Fraud and Abuse Act (18 U.S.C. § 1030) and related provisions, including wire fraud under section 1343, were originally enacted to address serious hacking and computer-related crimes but have been applied broadly to minor, first-time offenses involving small economic losses and no physical harm or threat to national security.
(2) Many individuals charged under these statutes are first-time offenders motivated by financial hardship, youthful curiosity, or lack of understanding of digital boundaries, rather than malicious intent to cause widespread damage.
(3) Harsh mandatory or guideline-driven sentences for low-level cyber offenses contribute to unnecessary incarceration, strain Federal prison resources, and hinder successful offender reintegration into society.
(4) Restorative justice approaches, including full victim restitution under the Mandatory Victims Restitution Act of 1996 (18 U.S.C. § 3663A), combined with targeted rehabilitation, have proven effective in reducing recidivism for non-violent, white-collar, and economic crimes.
(5) The United States Sentencing Guidelines § 2B1.1 appropriately accounts for loss amounts but lacks specific statutory direction for diversion or leniency in qualifying low-harm cybersecurity cases.
(6) Existing pretrial diversion programs under the Department of Justice (Justice Manual § 9-22.000) successfully handle many fraud cases but lack a dedicated cyber-specific statutory framework to ensure consistent application.
(7) Prioritizing victim compensation, cybersecurity education, and community service over incarceration for minor first offenses better serves public safety, judicial efficiency, and the goals of the First Step Act of 2018.
(8) Data from the United States Sentencing Commission and other analyses indicate that a significant portion of economic crime defendants have minimal or no prior criminal history, supporting tailored alternatives for low-harm cases.
(9) Enacting this targeted reform will modernize Federal criminal justice for the digital age without diminishing penalties for repeat offenders, sophisticated schemes, or offenses involving critical infrastructure, national security, or significant harm.
(b) Purpose. — The purposes of this Act are —
(1) to establish a statutory Cyber Offense Diversion Program for qualifying first-time, minor online fraud and cybersecurity offenses;
(2) to authorize and require consideration of restorative alternatives such as full restitution, suspended sentences, fines, probation, or dismissal upon successful program completion;
(3) to promote rehabilitation, victim restoration, and proportionality in sentencing;
(4) to direct the United States Sentencing Commission to issue appropriate guideline amendments; and
(5) to ensure ongoing oversight through reporting while preserving strong enforcement against serious cyber threats.

SECTION 3. CYBER OFFENSE DIVERSION PROGRAM.
(a) In General. — Chapter 229 of title 18, United States Code, is amended by inserting after section 3633 the following:
Ҥ 3634. Cyber Offense Diversion Program
“(a) Definitions. — In this section:
“(1) The term ‘qualifying cyber offense’ means —
“(A) a violation of section 1030(a)(2), (a)(4), or (a)(5) where the total loss to any victim (as defined in section 3663A) does not exceed $50,000 and the offense does not involve a protected computer used by or on behalf of a critical infrastructure sector (as defined in section 101 of the Cybersecurity Act of 2015 (6 U.S.C. 1501)); or
“(B) a violation of section 1343 where the total loss does not exceed $50,000, the offense does not involve a financial institution (as defined in section 20), and does not relate to a presidentially declared major disaster or emergency.
“(2) The term ‘first-time offender’ means a defendant who has no prior conviction for any felony offense under Federal or State law and no prior participation in the program established by this section.
“(3) The term ‘minor offense’ means a qualifying cyber offense that involves no physical injury to any person, no threat to national security or public safety, no use of sophisticated means (as defined in the Federal Sentencing Guidelines), and total economic loss not exceeding $50,000.
“(4) The term ‘full restitution’ means payment of the full amount of the victim’s actual loss as determined under section 3663A, including any applicable interest and, where appropriate, return of any property.
“(b) Eligibility Determination. —
“(1) A defendant charged with a qualifying cyber offense who meets the definition of a first-time offender may petition for admission to the Cyber Offense Diversion Program at any time prior to the entry of a guilty plea or verdict.
“(2) The Attorney General (or designee) and the court shall jointly determine eligibility based on —
“(A) the absence of aggravating factors, including use of sophisticated means, multiple victims exceeding the loss threshold in aggregate, or any nexus to organized crime;
“(B) a written agreement by the defendant to —
“(i) make full restitution to all victims within a court-determined timeline (not to exceed 24 months);
“(ii) complete a court-approved rehabilitative program of not less than 6 months and not more than 24 months, including mandatory cybersecurity ethics and digital responsibility education (minimum 40 hours), community service (100 to 250 hours), and, where indicated, financial literacy or mental health counseling;
“(iii) comply with supervised probation conditions, including periodic reporting, no further criminal activity, and possible device monitoring; and
“(iv) waive the right to a speedy trial during program participation; and
“(C) the absence of any objection by the Government based on documented public safety concerns.
“(3) Victim input shall be considered but is not determinative of eligibility.
“(c) Program Administration and Outcomes. —
“(1) Upon approval, the court shall stay proceedings and place the defendant under probation supervision for the program duration.
“(2) Upon successful completion (verified by the probation officer and confirmed at a hearing with opportunity for victim and Government input), the court shall —
“(A) dismiss the charges with prejudice and order expungement of all records related to the arrest and proceedings (subject to the limitations of section 3635, to be added by conforming amendment); or
“(B) in lieu of dismissal, impose a suspended sentence of imprisonment, a fine not exceeding $10,000, and probation not exceeding 3 years with no period of incarceration.
“(3) Failure to complete the program for any reason (including new criminal activity) shall result in resumption of standard prosecution or sentencing under applicable law.
“(4) Nothing in this section precludes the use of existing pretrial diversion authority under Department of Justice policy.
“(d) Mandatory Judicial Consideration. — In any sentencing proceeding for a qualifying cyber offense involving a first-time offender, the court shall state on the record whether the defendant was eligible for or participated in the program established by this section and shall give substantial weight to any full restitution paid and rehabilitative efforts completed.
“(e) Rule of Construction. — This section shall not be construed to limit the authority of the Attorney General, courts, or prosecutors with respect to non-qualifying or serious offenses, nor to create any private right of action.”
(b) Clerical Amendment. — The table of sections at the beginning of chapter 229 of title 18, United States Code, is amended by inserting after the item relating to section 3633 the following new item: “3634. Cyber Offense Diversion Program”.

SECTION 4. AMENDMENTS TO FEDERAL SENTENCING GUIDELINES.
Not later than 180 days after the date of the enactment of this Act, the United States Sentencing Commission shall review and, in accordance with the procedures under section 994 of title 28, United States Code, amend the Federal Sentencing Guidelines and policy statements (including, in particular, § 2B1.1) to —
(1) provide a specific downward departure or variance for qualifying cyber offenses when a defendant is a first-time offender who has made full restitution and demonstrated acceptance of responsibility;
(2) incorporate mitigating factors for cases involving minor loss, lack of sophisticated means, and post-offense rehabilitative conduct consistent with the diversion program; and
(3) ensure that the guidelines reflect the preference for diversion or non-incarceratory sentences in eligible cases while maintaining appropriate enhancements for aggravating conduct.

SECTION 5. CONFORMING AMENDMENTS.
(a) Expungement Authority. — Chapter 229 of title 18, United States Code, is further amended by inserting after the new section 3634 the following: “§ 3635. Expungement following successful diversion
“The court may order the expungement of records relating to a qualifying cyber offense upon successful completion of the Cyber Offense Diversion Program under section 3634, consistent with applicable privacy and law enforcement record-keeping requirements”.
(b) Clerical Amendment. — The table of sections is amended accordingly.
(c) Technical and Conforming Changes. — The table of sections and cross-references in title 18, United States Code, and the Federal Rules of Criminal Procedure shall be updated as necessary by the Administrative Office of the United States Courts.

SECTION 6. ANNUAL REPORTING REQUIREMENT.
The Attorney General, in consultation with the Director of the Administrative Office of the United States Courts and the United States Sentencing Commission, shall submit to Congress an annual report for each of the first 5 years after the date of enactment of this Act. Each report shall include —
(1) the number of defendants who applied for, were admitted to, and successfully completed the Cyber Offense Diversion Program;
(2) the total amount of restitution recovered and the number of victims compensated;
(3) recidivism rates (measured at 1, 3, and 5 years post-completion) for program participants compared to similar non-participants;
(4) any identified barriers to program effectiveness or equity; and
(5) legislative or administrative recommendations for improvement.

SECTION 7. AUTHORIZATION OF APPROPRIATIONS.
There are authorized to be appropriated to the Department of Justice and the Administrative Office of the United States Courts such sums as may be necessary to implement and administer the Cyber Offense Diversion Program, including for cybersecurity education curricula development, probation supervision enhancements, and victim notification systems.

SECTION 8. SEVERABILITY.
If any provision of this Act or the application thereof to any person or circumstance is held invalid, the remainder of this Act and the application of such provision to other persons or circumstances shall not be affected thereby.

SECTION 9. EFFECTIVE DATE.
This Act shall take effect 90 days after the date of enactment and shall apply to any offense committed before, on, or after such date, except that it shall not apply to any case in which a final judgment of conviction has been entered and all appeals have been exhausted prior to the effective date.

This comprehensive bill is now fully fleshed out, legally precise, and aligned with existing U.S. criminal justice frameworks. It can be directly introduced or refined by legislative counsel. The initiative represents a practical, balanced step toward smarter, more humane cybersecurity justice.