[Federal Register Volume 91, Number 127 (Monday, July 6, 2026)]
[Rules and Regulations]
[Pages 41466-41516]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2026-13609]
[[Page 41465]]
Vol. 91
Monday,
No. 127
July 6, 2026
Part VI
Department of Homeland Security
-----------------------------------------------------------------------
6 CFR Part 124
Department of Justice
-----------------------------------------------------------------------
28 CFR Part 124
Counter-UAS Authority for State, Local, Tribal, and Territorial Law
Enforcement and Correctional Agencies; Interim Final Rule
Federal Register / Vol. 91 , No. 127 / Monday, July 6, 2026 / Rules
and Regulations
[[Page 41466]]
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
6 CFR Part 124
RIN 1601-AB25
DEPARTMENT OF JUSTICE
28 CFR Part 124
[Docket No. FBI-2026-0001]
RIN 1110-AA39
Counter-UAS Authority for State, Local, Tribal, and Territorial
Law Enforcement and Correctional Agencies
AGENCIES: Department of Homeland Security; Department of Justice.
ACTION: Interim final rule; request for comment.
-----------------------------------------------------------------------
SUMMARY: In this interim final rule (``IFR''), the Department of
Justice (``DOJ'') and the Department of Homeland Security (``DHS'')
(collectively, ``the Departments'') codify the framework for
implementing the SAFER SKIES Act, which authorizes State, local,
Tribal, and territorial law enforcement or correctional (``SLTT'')
agencies to conduct counter-unmanned aircraft system (``C-UAS'')
operations. This framework governs training and certification
(including a two-tiered structure for detection and warning operations
and for mitigation operations), authorized technologies, spectrum
coordination, airspace approval, real-time air traffic control
notification, mitigation reporting, privacy protections, and compliance
requirements for SLTT agencies in relation to the exercise of C-UAS
authority.
DATES:
Effective date: This interim final rule is effective July 1, 2026.
Comment due date: Comments must be received on or before September
4, 2026. The electronic Federal Docket Management System (``FDMS'') at
https://www.regulations.gov will accept electronic comments until 11:59
p.m. Eastern Time on that date.
ADDRESSES: You may submit comments on the entirety of this IFR,
identified by FDMS Docket No. FBI-2026-0001, through the Federal
eRulemaking Portal: https://www.regulations.gov. Follow the website
instructions for submitting comments. The Departments are not accepting
mailed, couriered, or hand-delivered comments at this time. If you
cannot submit your comment by using https://www.regulations.gov, please
use the contact information in the FOR FURTHER INFORMATION CONTACT
section for alternate instructions.
FOR FURTHER INFORMATION CONTACT:
For DHS: Steven A. Willoughby, Acting Executive Director, Program
Executive Office for Drones and Counter-Unmanned Aircraft Systems, U.S.
Department of Homeland Security, [email protected].
For DOJ: Micheal J. Torphy, Assistant Section Chief, Unmanned
Aviation Section, Critical Incident Response Group, Federal Bureau of
Investigation, [email protected].
SUPPLEMENTARY INFORMATION:
I. Public Participation
The Departments invite all interested parties to participate in
this rulemaking by submitting written data, views, comments, and
arguments on all aspects of this rule. The Departments also invite
comments that relate to the economic, environmental, or federalism
effects that might result from this rule. Comments must be submitted in
English, or an English translation must be provided. Comments that will
provide the most assistance to the Departments in implementing these
changes will reference a specific portion of the rule, explain the
reason for any recommended change, and include data, information, or
authority that supports such recommended change. Comments submitted in
a manner other than the one listed above, including emails or letters
sent to Department officials, will not be considered comments on the
rule and may not receive a response from the Departments.
Instructions: If you submit a comment, you must include the agency
name (Federal Bureau of Investigation) and the FDMS Docket No. FBI-
2026-0001 for this rulemaking. All submissions will be posted, without
change, to the Federal eRulemaking Portal at https://www.regulations.gov, and will include any personal information you
provide. Therefore, submitting this information makes it public. You
may wish to consider limiting the amount of personal information that
you provide in any voluntary public comment submission you make to the
Departments. The Departments may withhold information provided in
comments from public viewing that they determine may impact the privacy
of an individual or is offensive. For additional information, please
read the Privacy and Security Notice available at https://www.regulations.gov.
Docket: For access to the docket and to read background documents
or comments received, go to https://www.regulations.gov, referencing
FDMS Docket No. FBI-2026-0001. You may also sign up for email alerts on
the online docket to be notified when comments are posted or a final
rule is published.
II. Executive Summary
In 2018, Congress recognized the growing threat of drones (unmanned
aircraft) and unmanned aircraft systems (``UAS'') to public safety and
national security, including their use by extremists, terrorists, and
criminals. See S. Rep. No. 115-332, at 2-3 (2018). Congress recognized
that ``[t]errorist organizations promote the use of UAS to conduct
attacks in the U.S. and surveillance on potential targets.'' Id. at 2.
In one notable instance, ``Al-Qaeda in the Arabian Peninsula used their
Inspire magazine in May 2016 to encourage individuals to use UAS to
collect information about potential assassination attempts and
killings.'' Id. And ``[i]n September 2011, Rezwan Ferdaus, a U.S.
citizen, was arrested for planning to attach explosives to a UAS and
attack the Pentagon and U.S. Capitol.'' Id. ``Another potentially
dangerous incident occurred in 2017 when a UAS flew over the San
Francisco 49ers and Oakland Raiders National Football League stadiums
dropping leaflets and causing panic.'' Id.
Congress also recognized that Federal law hampered the ability of
law enforcement to respond to these threats. Congress noted that
Federal law enforcement agencies were ``prohibited from taking actions
against UAS due to decades-old statutes,'' such as ``the Wiretap Act of
1968 and the Computer Fraud and Abuse Act of 1986,'' that ``were
enacted long before UAS were widely available.'' Id. Such laws make
``it illegal to intercept any wire, oral, or electronic communication,
or to access a computer without authorization, respectively, making it
imposing to use the electronic transmission to track down the operator
of the drone.'' Id. Congress also noted that ``DHS and DOJ are
prevented from taking action against a rogue UAS due to the FAA
Modernization and Reform Act of 2012 that define[d] UAS as aircraft''
and as a result subjected UAS to ``aircraft piracy laws [that] ma[de]
it illegal to seize or exercise control of an aircraft.'' Id. (citing
49 U.S.C. 331).
In order to remedy this problem, as part of the FAA Reauthorization
Act of 2018, Congress passed the Preventing Emerging Threats Act of
2018, which authorized the Secretary of Homeland Security and the
Attorney General to designate certain facilities or assets as
[[Page 41467]]
``covered facilities or assets'' and take certain measures necessary to
mitigate a credible threat that an unmanned aircraft or UAS poses to
the safety or security of a covered facility or asset, notwithstanding
certain provisions of Federal criminal law, including prohibitions
against aircraft piracy, destruction of an aircraft, computer fraud,
interference with the operation of a satellite, the Wiretap Act, and
the prohibition on pen register and trap and trace device use. Public
Law 115-254, sec. 1602(a), 132 Stat. 3186, 3522-29 (codified at 6
U.S.C. 124n). Generally, the authorized protective measures included,
and still include, detection, disruption, seizure, confiscation, and
destruction of UAS using reasonable force (if necessary). 6 U.S.C.
124n(b)(1)(F). However, the Act did not authorize SLTT agencies to take
such measures.
In testimony before the Senate Judiciary Committee in July 2025,
DOJ recommended that all SLTT agencies be authorized to address the
continuing threat of UAS (for example, smuggling contraband into
prisons, or threatening public safety at sporting events or other
outdoor gatherings), again notwithstanding these same Federal criminal
laws. Dep't of Justice, Securing the Skies: Law Enforcement, Drones,
and Public Safety: Hearing Before the S. Comm. on the Judiciary, 119th
Cong. 8-9 (2025), https://www.judiciary.senate.gov/imo/media/doc/94f53245-d172-92ba-152b-06bc9ee00a50/2025-07-22%20-%20Testimony%20-%20Torphy%20&%20Hardee1.pdf [https://perma.cc/F3J7-NWDG] (statement of
Christopher Hardee, Chief, Office of Law & Policy, Nat'l Sec. Div.,
DOJ, and Micheal Torphy, Unit Chief, Critical Incident Response Grp.,
FBI). DOJ suggested that State and local law enforcement be authorized
to use pre-approved, detection-only equipment, and that certain State
and local law enforcement be trained to use all C-UAS capabilities
(including mitigation measures such as exercising control of a UAS or
destroying a UAS). Id.
In recognition of this continued challenge, Congress passed the
SAFER SKIES Act, signed into law by the President on December 18, 2025.
National Defense Authorization Act for Fiscal Year 2026, Public Law
119-60, div. H, tit. LXXXVI, Sec. Sec. 8601-07, 139 Stat. 718, 1938-45
(2025) (``SAFER SKIES Act'' or ``the Act'') (codified in large part in
6 U.S.C. 124n). The SAFER SKIES Act authorizes SLTT agencies to take
certain measures to detect and mitigate credible threats that unmanned
aircraft and UAS pose to the safety or security of people, facilities,
and assets, a venue or set of venues used for large-scale public
gatherings or events, critical infrastructure, or correctional
facilities,\1\ notwithstanding the same provisions of Federal criminal
law (prohibitions against aircraft piracy, destruction of an aircraft,
computer fraud, interference with the operation of a satellite, the
Wiretap Act, and the prohibition on pen register and trap and trace
device use), and notwithstanding the laws of any particular State,
local, Tribal, or territorial jurisdiction, but only under certain
conditions. 6 U.S.C. 124n(a)(2).
---------------------------------------------------------------------------
\1\ Note that the SAFER SKIES Act also amended the definition of
``personnel'' under section 124n, thus facilitating the use of
detailed and deputized personnel. 6 U.S.C. 124n(l)(6)(A). The FBI is
currently using SLTT agencies as federally deputized task force
officers in operations to mitigate UAS. This IFR does not address
federally deputized or detailed SLTT agency personnel. Note as well
that the Act provided two new bases for DOJ and DHS protective
measures: that is, to enforce the law, and to protect the public. 6
U.S.C. 124n(a)(1). However, the Act did not make these two new bases
available to SLTT agencies.
---------------------------------------------------------------------------
Specifically, the SAFER SKIES Act authorizes SLTT agencies to take
the mitigation measures identified in 6 U.S.C. 124n(b)(1)(C), (D), and
(F) if they: (1) are trained and certified by the Attorney General, or
the Attorney General's designee, through a national schoolhouse, 6
U.S.C. 124n(d)(2)(A)(i); (2) use technologies on authorized
technologies and systems lists maintained jointly by DOJ, DHS, the
Department of Defense,\2\ the Department of Transportation, the Federal
Communications Commission (``FCC''), and the National
Telecommunications and Information Administration (``NTIA''), 6 U.S.C.
124n(d)(2)(A)(iii); (3) comply with specific compliance, coordination,
and audit requirements, 6 U.S.C. 124n(d)(2)(B) (Oversight), (e)
(Privacy protection); and (4) report mitigation actions to DOJ and DHS,
6 U.S.C. 124n(d)(2)(C). At the same time, the SAFER SKIES Act
authorized SLTT agencies to take measures identified under 6 U.S.C.
124n(b)(1)(A), (B), and (E)--that is to detect, monitor, identify,
track, and confiscate UAS, as well as warn the operator of a UAS,
including by passive or active, direct or indirect physical,
electronic, radio, or electromagnetic means, and through the use of a
remote identification broadcast, or by other means--subject to
satisfying training and certification procedures; but the training and
certification procedures required to take these specific protective
measures need not occur at a national schoolhouse. 6 U.S.C. 124n(a)(2)
(allowing SLTT agencies to take measures in subsection (b)(1), but only
subject to subsection (d)(2)); see also 6 U.S.C. 124n(d)(2)(A)(ii)
(providing that SLTT agencies must satisfy the training and
certification procedures before taking any action in all of subsection
(b)(1)).
---------------------------------------------------------------------------
\2\ The Department of Defense is also known as the Department of
War. E.O. 14347, 90 FR 43893 (Sept. 5, 2025). This rule refers to
the ``Department of Defense'' to be consistent with the SAFER SKIES
Act.
---------------------------------------------------------------------------
Finally, the Act directs the Secretary of Homeland Security and the
Attorney General, in coordination with the Secretary of Defense, the
Secretary of Transportation, and the Administrator of the Federal
Aviation Administration (``FAA''), to develop and publish regulations
governing C-UAS authority--that is, the authority to conduct protective
measures to detect, identify, monitor, track, and, if necessary,
mitigate the threat of UAS--for SLTT agencies under section 124n. This
IFR implements this statutory authority, to include compliance
requirements and procedures for coordination.
III. Background and Purpose
A. Background and Legal Authority
As noted in Section II of this preamble above, the Preventing
Emerging Threats Act of 2018 permits the Attorney General and the
Secretary of Homeland Security to authorize certain personnel to take
certain protective measures (generally, detection, disruption, seizure,
confiscation, and disablement, damage, or destruction using reasonable
force) necessary to mitigate a credible threat that an unmanned
aircraft or UAS poses to the safety or security of a covered facility
or asset, notwithstanding certain provisions of Federal criminal law.
See 6 U.S.C. 124n(b)(1). Specifically, the Attorney General and the
Secretary of Homeland Security are authorized to take such measures
notwithstanding Federal criminal prohibitions in 49 U.S.C. 46502
(aircraft piracy), 18 U.S.C. 32 (destruction of aircraft), 18 U.S.C.
1030 (computer fraud), and 18 U.S.C. 1367 (interference with the
operation of a satellite), as well as chapters 119 (interception of
communications) and 206 (pen registers and trap and trace devices) of
Title 18. 6 U.S.C. 124n(a)(1). Generally, a ``covered facility or
asset'' must be identified as high risk and a potential target for
unlawful unmanned aircraft activity by the Secretary or the Attorney
General, in coordination with the Secretary of Transportation with
respect to potentially impacted airspace, through a risk-based
assessment. 6 U.S.C. 124n(l)(3)(A).
The SAFER SKIES Act amended section 124n in several ways, notably
by
[[Page 41468]]
authorizing SLTT agencies to take certain protective measures to
mitigate a credible threat that unmanned aircraft and UAS pose to the
safety or security of people, facilities, and assets, a venue or set of
venues used for large-scale public gatherings or events, critical
infrastructure, or correctional facilities, notwithstanding certain
provisions of Federal criminal law, and notwithstanding the laws of any
particular State, local, Tribal, or territorial (``SLTT'')
jurisdiction, 6 U.S.C. 124n(a)(2), but subject to additional
requirements.
Notwithstanding the foregoing statutory changes, the SAFER SKIES
Act did not amend or waive the applicability of other Federal statutory
provisions that may govern or proscribe SLTT agencies' otherwise
authorized activity, including those in the Communications Act or other
regulations governing access to spectrum. See, e.g., 47 U.S.C. 301
(licensing and authorization), 47 U.S.C. 302 (interfering devices), 47
U.S.C. 333 (jamming), 47 U.S.C. 605 (unauthorized transmissions). As a
result, this regulation requires SLTT agencies to obtain approvals from
the FCC before deploying any C-UAS system (whether detection only or
mitigation) that involves the emission of radio waves.
1. Detecting, Identifying, Monitoring, Tracking, and Warning
First, the Act authorizes SLTT agencies to ``detect, identify,
monitor, and track'' UAS or unmanned aircraft, without prior consent,
including by means of interception of or other access to a wire
communication, an oral communication, or an electronic communication
used to control the UAS or unmanned aircraft. 6 U.S.C. 124n(b)(1)(A).
The Act also authorizes SLTT agencies to warn the operator of a UAS,
including by ``passive or active, and direct or indirect physical,
electronic, radio, electromagnetic means, and through the use of remote
identification broadcast or other means.'' 6 U.S.C. 124n(b)(1)(B). The
Act also allows SLTT agencies to seize or otherwise confiscate a UAS or
unmanned aircraft. 6 U.S.C. 124n(b)(1)(E). This rule covers
confiscation under section 124n(b)(1)(E) through the Detection and
Warning Certification process alongside the detection and warning
activities in section 124n(b)(1)(A) and (B) because, like those
activities, confiscation does not involve the use of a mitigation
technology. The Act authorizes SLTT agencies to take measures under
section 124n(b)(1)(A), (B), and (E) subject to the training and
certification requirement described in section 124n(d)(2)(A)(ii), which
applies to all actions in section 124n(b)(1), only if they:
(1) use ``systems or technologies that are included on a list of
authorized technologies maintained jointly by the Department of
Justice, the Department of Homeland Security, the Department of
Defense, the Department of Transportation, the Federal Communications
Commission, and the National Telecommunications and Information
Administration,'' 6 U.S.C. 124n(d)(2)(A)(iii);
(2) comply with specific privacy protections identified in section
124n(e), which include compliance with the First and Fourth Amendments
to the Constitution of the United States, data retention limitations,
and limits on collecting certain data; and
(3) comply with Federal oversight, audits, coordination, and
compliance requirements, including by the Secretary of Homeland
Security and Attorney General, in coordination with the Secretary of
Transportation and the Administrator of the FAA, over SLTT agencies'
compliance with the privacy protections identified in section 124n(e)
and the requirements outlined in this regulation consistent with
sections 8602, 8605, and 8606 of the SAFER SKIES Act.
2. Disrupting, Disabling, Interfering, Seizing Control, or Using
Reasonable Force Under the Totality of the Circumstances To Disable,
Damage, or Destroy
Regarding the protective measures identified in section
124n(b)(1)(C), (D), and (F)--that is, mitigation measures generally
involving disruption, seizure and control, and destruction using
reasonable force--SLTT agencies are only authorized to use these
protective measures under a more restrictive set of conditions.
Specifically, in order to use the protective measures identified in
section 124n(b)(1)(C), (D), and (F), SLTT agencies must:
(1) be trained and certified by the Attorney General, or the
Attorney General's designee, in coordination with the Secretary of
Homeland Security, through a national schoolhouse, 6 U.S.C.
124n(d)(2)(A)(i);
(2) use technologies that are included on a list of authorized
technologies and systems maintained jointly by DOJ, DHS, the Department
of Defense, the Department of Transportation, the FCC, and the NTIA, 6
U.S.C. 124n(d)(2)(A)(iii);
(3) comply with specific privacy protections identified in section
124n(e), which include compliance with the First and Fourth Amendments
of the Constitution of the United States, data retention limitations,
and limits on collecting certain data, and with Federal oversight,
audits, coordination, and compliance requirements, including by the
Secretary of Homeland Security and the Attorney General, in
coordination with the Secretary of Transportation and the Administrator
of the FAA, as concerning compliance with the privacy protections
identified in section 124n(e), 6 U.S.C. 124n(d)(2)(B); and
(4) notify DHS and DOJ within 48 hours of any mitigation action
taken, 6 U.S.C. 124n(d)(2)(C).
The Act also provides for suspension of C-UAS authority and civil
fines for SLTT agencies, as well as their personnel, authorized to take
C-UAS protective measures who knowingly engage in such action without
Federal coordination as required by the Act. Public Law 119-60, sec.
8605(f), 139 Stat. at 1944 (codified at 6 U.S.C. 124n-1(f))
(``Penalties for Unauthorized Counter-UAS Actions''); id. sec. 8605(g)
(codified at 6 U.S.C. 124n-1(g)) (``Civil Enforcement'').
The Act also requires the ``Attorney General, in coordination with
the Secretary of Homeland Security, the Secretary of Defense, and the
Secretary of Transportation,'' to develop training and certification
procedures that SLTT law enforcement and correctional officers must
satisfy before engaging in those protective measures requiring training
and certification. 6 U.S.C. 124n(d)(2)(A)(ii) (training and
certification procedures).
Finally, the Act directs the ``Secretary of Homeland Security and
the Attorney General, in coordination with the Secretary of Defense and
Secretary of Transportation,'' and the Administrator of the FAA to
publish regulations governing C-UAS authority for SLTT agencies under
section 124n. See Public Law 119-60, sec. 8606, 139 Stat. 1944-45. This
IFR implements the statutory directive to promulgate regulations, to
include additional compliance requirements and procedures based on such
coordination.
B. Discussion of Interim Rule
This IFR identifies the requirements and procedures for SLTT
agencies to become authorized to take C-UAS measures under section
124n. Specifically, for the full range of C-UAS protective measures
identified under section 124n(b)(1)(A) and (B) (involving detecting,
identifying, monitoring, and tracking UAS, and warning the operator),
the mitigation measures under section 124n(b)(1)(C), (D), and (F), and
(E) (involving seizure and confiscation of UAS or unmanned
[[Page 41469]]
aircraft), the IFR identifies how SLTT agencies must (1) use only
systems or technologies that are included on a list of authorized
technologies, and how to obtain the list; and (2) comply with specific
privacy protections identified in section 124n(e) and how they must
comply with Federal oversight, audits, coordination, and compliance
requirements by the Secretary of Homeland Security and Attorney General
as outlined in this rule, consistent with sections 8602, 8605, and 8606
of the SAFER SKIES Act.
Concerning C-UAS protective measures identified under section
124n(b)(1)(C), (D), and (F) (generally involving mitigation--that is,
disrupting, disabling, interfering with, seizing control of, or using
reasonable force, if necessary, to disable, damage or destroy a UAS),
the IFR sets forth the requirements for the use of such measures.
Specifically, the IFR explains how SLTT agencies: (1) receive training
and certification through the Federal Bureau of Investigation's
(``FBI'') national schoolhouse; (2) obtain the list of authorized
technologies they may use; (3) comply with the specific privacy
protections identified in section 124n(e); and (4) comply with Federal
oversight, audits, and compliance requirements established by the
Secretary of Homeland Security and the Attorney General, in
coordination with the Administrator of the FAA, as outlined in this
regulation and as provided in 6 U.S.C. 124n(d)(2)(B), with suspension
of authority under sections 8605 and 8606(f) of the SAFER SKIES Act
available to the Attorney General or the Secretary.
The rule is organized as follows in parts 124 of titles 6 and 28 of
the Code of Federal Regulations: purpose and scope (Sec. 124.1);
definitions (Sec. 124.2); scope of authority and mitigation standards
(Sec. 124.3); authorized personnel, contractors, and mutual aid (Sec.
124.4); training and certification (Sec. 124.5); the agency
implementation policy (Sec. 124.6); authorized technologies (Sec.
124.7); the C-UAS Operations Plan (Sec. 124.8); advance coordination,
notification, and authorization (Sec. 124.9); interagency and lead-
agency coordination (Sec. 124.10); real-time air traffic control
notification (Sec. 124.11); detection and warning operations (Sec.
124.12); post-operation reporting (Sec. 124.13); privacy and civil
liberties (Sec. 124.14); protection of sensitive operational
information (Sec. 124.15); compliance and enforcement (Sec. 124.16);
confiscation and forfeiture (Sec. 124.17); activities for evaluation,
testing, training, and pre-operational validation (Sec. 124.18); task
force arrangements and Federal support (Sec. 124.19); rules of
construction (Sec. 124.20); termination (Sec. 124.21); and
severability (Sec. 124.22).
This rule establishes the framework governing SLTT agency C-UAS
operations under 6 U.S.C. 124n(a)(2). This rule provides requirements
for training and certification of SLTT agency personnel, the agency
implementation policy, the C-UAS Operations Plan, advance coordination,
interagency and lead-agency coordination, notification and reporting
requirements, and privacy and data handling protections. The Secretary
of Transportation and the Administrator of the FAA have coordinated in
the development of this rule as required by 6 U.S.C. 124n(d)(3), and
the rule was developed in coordination with the Secretary of Defense as
required by 6 U.S.C. 124n(d)(2)(A)(ii) and section 8606(a)(1) of the
SAFER SKIES Act.
Consistent with the SAFER SKIES Act, the rule does not change the
applicability of the Communications Act, see 47 U.S.C. 301 et seq., or
implementing rules administered by the FCC that relate to spectrum
licensing, equipment authorization, and harmful interference to
authorized services, among other things. SLTT agencies thus remain
subject to applicable provisions that may govern or proscribe
activities otherwise authorized by this rule.
The following discussion describes each provision of the regulatory
text added by this rule to new parts 124 in both titles 6 and 28 of the
Code of Federal Regulations. The two parts are identical.
Section 124.1--Purpose and scope. This section states the purpose
and scope of the new part 124 and its relationship to other laws,
including the statutory provisions displaced by the notwithstanding
clause of 6 U.S.C. 124n(a)(2), provides that this part is the
comprehensive framework for SLTT agency C-UAS operations, and
identifies for SLTT agencies that conduct only detection and warning
operations the provisions of the part principally applicable to them.
As used in this rule, the term ``notwithstanding clause of 6 U.S.C.
124n(a)(2)'' means the provision that permits a certified agency to
take the actions described in 6 U.S.C. 124n(b)(1) without violating the
Federal criminal laws the clause displaces--49 U.S.C. 46502 (aircraft
piracy), 18 U.S.C. 32 (destruction of aircraft), 18 U.S.C. 1030
(computer fraud), 18 U.S.C. 1367 (interference with the operation of a
satellite), and chapters 119 (interception of communications) and 206
(pen registers and trap and trace devices) of title 18--as well as
``the laws of any particular State, local, Tribal, or territorial
jurisdiction.'' In plain terms, protective measures described in 124n,
such as intercepting the radio link that controls a drone or taking
control of a drone away from its operator, are lawful--notwithstanding
the laws mentioned above--when a certified SLTT agency performs them in
compliance with the Act and the regulations this IFR adopts.
For an agency that conducts only detection and warning operations,
the provisions principally applicable are those identified in Sec.
124.1(b): the Detection and Warning Certification requirement of Sec.
124.5(c), the detection and warning policy provisions of Sec.
124.6(g), the authorized technology requirements of Sec. 124.7, the C-
UAS Operations Plan requirement of Sec. 124.8, the operational
conditions of Sec. 124.12, and the privacy and data handling
requirements of Sec. 124.14. The authority to regulate detection and
monitoring activity conducted in reliance on the Act rests on the
statute itself: the opening text of 6 U.S.C. 124n(a)(2) conditions any
action on completion of the training detailed in subsection (d)(2); 6
U.S.C. 124n(d)(2)(A)(ii) requires training and certification before
personnel take any action described in subsection (b)(1), including
detection; 6 U.S.C. 124n(d)(2)(A)(iii) limits the technologies used for
any such action to listed technologies; 6 U.S.C. 124n(e) imposes
privacy requirements; and section 8606(a)(1) of the SAFER SKIES Act
directs publication of regulations governing the authority.
This section also clarifies that the Departments maintain parallel
regulations for ease of use, and that each Department administers and
interprets its own regulations with respect to its programs and
authorities.
Section 124.2--Definitions. This section defines the terms used in
the part, including the two-list technology framework (the Authorized
Technologies List and the Authorized Systems List), the two
certification tiers (Detection and Warning Certification and Mitigation
Certification), the data categories the part regulates (control
communications, raw sensor data, and pattern data), the credible threat
standard, the Agency Approving Official, and the designated Federal C-
UAS coordination portal.
Two definitions reflect policy choices that warrant explanation.
First, the Agency Approving Official must hold a rank not below a
Senior Executive or Senior Official, or its equivalent. The Departments
set the threshold at this level because approving a mitigation
operation, which may involve the use of force against an aircraft, is a
command
[[Page 41470]]
decision that in most agencies rests above the line-supervisor level.
The same senior official also approves the agency's detection and
warning operations, so that authorization of all C-UAS operations under
this part rests with one accountable command official. The reference is
to the agency's senior command or executive ranks, not to any
particular title, and where no equivalent rank exists the agency head
or the agency head's designee may serve. Second, the credible threat
standard governs agency action on a credible threat to the protected
interests the statute enumerates, but the statute does not define the
term. The rule's definition adapts the objective, totality-of-the-
circumstances standard applied in Federal C-UAS operations under 6
U.S.C. 124n(a)(1) since 2018, reflected in the Attorney General's April
2020 Guidance \3\ and the DOJ objective standards for C-UAS
operations,\4\ and is framed on the reasonable-officer model familiar
from use-of-force doctrine, with enumerated indicators drawn from
Federal operational experience.
---------------------------------------------------------------------------
\3\ Memorandum from the Attorney General, Guidance Regarding
Department Activities to Protect Certain Facilities or Assets from
Unmanned Aircraft and Unmanned Aircraft Systems (Apr. 13, 2020),
https://www.justice.gov/archives/ag/page/file/1268401/dl?inline.
\4\ See id. at 5.
---------------------------------------------------------------------------
Section 124.3--Scope of authority and mitigation standards. This
section states the scope of authority, the credible threat
determination, proportionality in the reasonableness of the use of
force, the protective purpose limitation, the mitigation operator
execution requirement, the independent professional judgment of the
certified operator under the totality of the circumstances, and the
airspace awareness function.
The credible threat determination requirement implements the
statutory condition of 6 U.S.C. 124n(a)(2) and requires that the
determination be made and documented before mitigation. The
proportionality standard requires that a mitigation action taken be
reasonable in relation to the threat presented; it reflects the
statute's authorization of actions that are necessary to mitigate the
threat and the reasonable force limitation of 6 U.S.C. 124n(b)(1)(F).
The protective purpose limitation confines the exercise of the
authority to protective ends and forecloses use of the authority as a
general investigative tool, consistent with the structure of 6 U.S.C.
124n(e). The mitigation operator execution requirement provides that
only personnel holding Mitigation Certification may execute mitigation
actions, implementing 6 U.S.C. 124n(d)(2)(A)(i). The independent
professional judgment provision preserves the certified operator's
discretion to decline an action the operator assesses to be unsafe, a
safeguard the Departments adopted from Federal C-UAS practice because
the operator of the system has the best real-time awareness of airspace
and spectrum conditions. The airspace awareness function requires the
operating agency to maintain awareness of manned aircraft in the
vicinity of an operation, implementing the aviation safety coordination
obligations of 6 U.S.C. 124n(b)(4) and (d)(3).
Section 124.4--Authorized personnel, contractors, and mutual aid.
This section limits the exercise of authority to officers and employees
of the SLTT agency, prohibits contractor operation of systems requiring
the authority of the Act, establishes the conditions for mutual aid,
and contains an anti-circumvention provision.
The limitation of operational authority to officers and employees
implements the Act rather than a discretionary policy choice. Congress
defined the personnel who may exercise SLTT agency authority as the
officers and employees of the SLTT agency, 6 U.S.C. 124n(l)(6)(B), in
contrast to the broader personnel definition applicable to Federal
operations under 6 U.S.C. 124n(l)(6)(A), which extends to certain
contractors, detailed personnel, and deputized personnel. The
prohibition on contractor operation of mitigation systems, including
arrangements described as turnkey or managed C-UAS services, follows
from that statutory structure. The rule preserves substantial roles for
the private sector: contractors and vendors may design, manufacture,
sell, install, and maintain C-UAS systems; provide technical support
and system-level operator training; receive operational data for
diagnostics under the conditions of Sec. 124.14(j); and provide
detection services using systems that do not require the authority of
the Act or the relief it provides from certain laws.
Section 124.4 also permits accredited SLTT agencies to provide C-
UAS support to non-accredited SLTT agencies through mutual aid or other
written arrangement. This approach reflects the Departments' judgment
that public safety is better served by strong regional, county,
statewide, and multi-jurisdictional C-UAS programs than by requiring
every small or resource-limited agency to establish a separate, rarely
used capability. The rule therefore allows a non-accredited agency to
request and receive C-UAS support, while ensuring that the accredited
agency remains the C-UAS operating agency and that all actions
requiring 6 U.S.C. 124n authority are performed by properly certified
personnel under the requirements of this part. The Departments invite
comment on these provisions, including the conditions governing mutual
aid.
Section 124.5--Training and certification. This section establishes
the training and certification structure required by 6 U.S.C.
124n(d)(2)(A). It implements the statute's two distinct requirements.
The national-schoolhouse sole-certifying-authority requirement of 6
U.S.C. 124n(d)(2)(A)(i) applies to mitigation under 6 U.S.C.
124n(b)(1)(C), (D), and (F), and the FBI's National Counter-UAS
Training Center (``NCUTC'') is designated as that schoolhouse. The Act
separately requires training and certification before personnel take
any of the actions it authorizes, including detection. The opening text
of 6 U.S.C. 124n(a)(2) permits an agency to act only after completing
the training detailed in subsection (d)(2), and 6 U.S.C.
124n(d)(2)(A)(ii) requires the Attorney General to develop training and
certification procedures that officers must satisfy before taking any
action described in subsection (b)(1). Detection and warning under 6
U.S.C. 124n(b)(1)(A), (B), and (E) are among the actions described in
subsection (b)(1), so the training and certification requirement
reaches them as well as mitigation. The Departments have accordingly
provided for a Detection and Warning Certification requirement for
detection and warning operations conducted with systems that require
the authority of the Act or the relief it provides from certain laws,
but the requirement that training and certification take place
``through a national schoolhouse'' in clause (i) does not extend to
those actions. Thus, the NCUTC delivers the detection and warning
curriculum through an online portal that issues the certification
automatically on completion, rather than at an in-person resident
instruction at the national schoolhouse. Detection activities conducted
with systems that do not require the authority of the Act or the relief
it provides from certain laws are outside this requirement. Examples of
such activities include electro-optical and infrared cameras, acoustic
sensors, and radar operated under FCC authorization. Operating those
systems does not implicate the prohibitions the Act displaces, because
they intercept no communications, so the Act's training requirement
does not attach.
[[Page 41471]]
Online delivery for the detection tier does not create the public
safety risks that warrant resident instruction for mitigation.
Detection and warning do not involve disrupting, taking control of, or
otherwise affecting an aircraft in flight. Although some detection
systems (such as radar) transmit radio frequency energy to sense an
aircraft, such systems cannot interfere with an aircraft's operation,
and the associated risks are legal and privacy compliance risks, which
are knowledge-based and are effectively taught and tested through
structured online instruction with a required detection assessment.
Resident instruction for the detection tier would impose travel and
backfill costs on thousands of agencies without a corresponding safety
benefit and would consume schoolhouse capacity needed for mitigation
training.
This section also establishes the correctional-specific curriculum
and the decertification, suspension, administrative-review, and
reinstatement process. Two choices in this section warrant further
explanation.
First, training and certification for mitigation occur through a
national schoolhouse because Congress required it: 6 U.S.C.
124n(d)(2)(A)(i) conditions the exercise of the mitigation
authorities--that is, authorities at 6 U.S.C. 124n(b)(1)(C), (D), and
(F)--on certification through a national schoolhouse serving as the
sole certifying authority. See 6 U.S.C. 124n(d)(2)(A)(i).
Second, the section provides for suspension of certifications and
agency accreditations. Suspension is the measure section 8605(f)(2) of
the SAFER SKIES Act provides, and the suspension and administrative
review process is described in the discussion of the administrative
review provisions below. Because the rule provides for suspension of
certifications and agency accreditations, the Departments describe the
process and its basis here. A suspension decision is communicated in
writing and specifies the basis for the action and any available
remedial steps. In exigent circumstances that pose a risk to aviation
safety, public safety, or national security, the Director or the
Director's designee may immediately suspend a certification or
accreditation pending administrative review. An individual or agency
that receives a suspension notice may request administrative review
within 30 calendar days. The Attorney General, acting through the
Director, designates a reviewing official from DOJ who did not
participate in or supervise the initial decision; that official
considers the written submissions of both parties, may hold an informal
hearing, and issues a written determination within 60 calendar days
stating the factual findings and the basis for the determination. The
reviewing official may affirm, modify, condition, or reverse the
action, and the determination is final agency action for purposes of
this part. The rule contains no separate revocation action. A
suspension that is affirmed and not cured remains in effect until
reinstatement, and reinstatement of a Mitigation Certification requires
completion of the full course. This process affords affected
individuals and agencies notice and an opportunity to respond before a
neutral reviewing official, while preserving the ability to act
immediately when continued exercise of C-UAS authority would pose a
safety or security risk.
The Departments are considering whether certifications should
expire after a given period of time--such as 36 or 48 months--
conditioned upon additional training requirements to ensure continuing
proficiency and welcome comment on whether certifications should
expire, the length of their validity period, and the requirements for
renewal.
Section 124.6--Agency implementation policy. This section
establishes the agency implementation policy, the legal counsel review,
the portal attestation, and the detection and warning policy for SLTT
agencies conducting only detection and warning operations. An agency's
implementation policy is not subject to pre-approval by the NCUTC; the
agency self-certifies through a portal attestation, and the NCUTC
retains audit and suspension authority. The implementation policy is
the agency-level governing document for the agency's C-UAS program; it
must address command responsibility, integration with the agency's use-
of-force policy, operator rostering and certification verification,
equipment control and maintenance, the privacy procedures required by
Sec. 124.14, and recordkeeping. The legal counsel review requires the
agency's counsel to review the policy for compliance with this part and
with applicable SLTT law before adoption. The portal attestation is the
agency's certification, submitted through the Federal C-UAS
coordination portal, that the policy has been adopted and reviewed. The
detection and warning policy is an abbreviated policy, based on a model
the Departments will publish, for agencies that conduct only detection
and warning operations. The Departments chose self-certification with
audit, rather than Federal pre-approval of each agency policy, for two
reasons. Pre-approval of policies from the thousands of agencies
expected to participate would create a Federal bottleneck, which would
be inconsistent with the independent authority Congress conferred on
certified SLTT agencies, and would add months of delay without a
corresponding compliance benefit. Audit with suspension exposure, by
contrast, preserves accountability: an agency that attests falsely or
maintains a deficient policy is subject to the compliance audit program
of Sec. 124.16 and to suspension under Sec. 124.5.
The rule neither directly requires an SLTT agency to notify its
State government of the agency's adoption of C-UAS capability or of
individual operations, nor prohibits such notification, and nothing in
the rule conditions the exercise of authority under 6 U.S.C. 124n(a)(2)
on State-level notification, endorsement, or approval; Congress
conferred that authority directly on SLTT agencies. The Departments
recognize, however, that Governors, State homeland security advisors,
and State law enforcement agencies have a legitimate interest in
awareness of C-UAS capability within their States, including for
purposes of intrastate and interstate deconfliction, mutual aid
planning, and security planning for major events, and that the
visibility provided through existing channels, such as the State
Administrative Agency structure of DHS's C-UAS grant program, does not
extend to agencies that participate without grant support through that
program. The Departments have therefore included one reference to State
notification requirements under Sec. 124.9(b), if otherwise required
by State law or policy, and invite comment on whether the rule should
provide an additional State-level awareness mechanism and, if so, on
its appropriate form, including whether the Federal Government should
make available to a State-designated point of contact the roster of
attested and accredited agencies within the State, or whether the
agency implementation policy should address notification to a State-
designated point of contact upon adoption of C-UAS capability, and on
how any such mechanism should be structured so that notification does
not operate as a condition on, or approval requirement for, the
exercise of statutory authority.
Section 124.7--Authorized technologies. This section establishes
the two-list technology authorization framework and limits SLTT agency
C-UAS operations to listed technology
[[Page 41472]]
categories and, where the Authorized Systems List is populated, listed
systems. It clarifies that the list requirement applies only to
technologies the operation of which requires the legal relief provided
by the notwithstanding clause of 6 U.S.C. 124n(a)(2). Under the two-
list framework, the Authorized Technologies List identifies the
categories of technology authorized for SLTT agency use, and the
Authorized Systems List identifies specific systems within those
categories. The Authorized Systems List is populated for a category
when the interagency process has assessed and listed specific systems
in that category. Until the Authorized Systems List is populated for a
category, an agency is limited to the listed technology categories of
the Authorized Technologies List, which is the limit 6 U.S.C.
124n(d)(2)(A)(iii) itself imposes; once the Authorized Systems List is
populated for a category, the agency must use a listed system. SLTT
agencies are therefore never free of the list requirement: category-
level limits apply at all times, and system-level limits attach as
listings are completed.
The Departments adopted the two-list structure so that category-
level policy is set through a deliberate interagency process while
system-level additions can keep pace with a rapidly developing market.
It clarifies that the list requirement applies only to technologies the
operation of which requires the legal relief provided by the
notwithstanding clause of 6 U.S.C. 124n(a)(2); technologies an agency
may use lawfully without that relief, such as cameras, radar, and
acoustic sensors, are not subject to the list requirement and remain
available on the same basis as before the Act. Such technologies remain
subject to existing laws and regulations, including FCC and equipment
authorization requirements, FAA requirements, and SLTT law; the Act
neither expands nor restricts their availability.
This section also requires an agency to cease use of a system or
technology category upon an emergency suspension issued through the
interagency process. The detailed mechanics of evaluating, listing, and
maintaining technologies are established through the interagency
process required by 6 U.S.C. 124n(d)(2)(A)(iii) and section 8606(a)(4)
of the SAFER SKIES Act, in which agencies other than the Departments
share responsibility, and are therefore not codified in this part. The
Departments expect the initial Authorized Technologies List to include
radio frequency (``RF'') detection with command-and-control signal
interception, RF disruption (broadband and protocol-specific jamming),
and RF protocol manipulation (command injection and cyber takeover),
and expect the Authorized Systems List to be populated on a phased
basis, drawing first on systems with existing Federal operational
deployment and interagency coordination history under 10 U.S.C. 130i, 6
U.S.C. 124n, 10 U.S.C. 6227 (or its predecessor, 50 U.S.C. 2661), or 50
U.S.C. 3515a, that have been assessed and authorized for operational
use by Federal agencies, and for which the FAA has completed an
assessment of aviation safety risks and for which any necessary
aviation safety mitigations the using agency or the FAA would need to
implement have been identified as operational constraints. Each RF-
emitting system listed on the Authorized Systems List will have
completed a system-level spectrum evaluation through the interagency
process before listing. Accredited agencies would submit nominations
for the Authorized Systems List, and feedback regarding systems on the
list, via an internal process announced via the Federal C-UAS
coordination portal, which houses the list. The Departments expect to
coordinate a 60-day sprint to consider any necessary revisions to the
list following publication of this rule.
Section 124.8--C-UAS Operations Plan. This section establishes the
C-UAS Operations Plan, signed by the Agency Approving Official and
supported by a legal counsel certification, as the instrument
authorizing each detection or mitigation operation, or each combined
detection and mitigation operation, on behalf of the SLTT agency. The
plan must be prepared on a standardized form prescribed by the Attorney
General, appropriately coordinated and deconflicted in accordance with
Sec. Sec. 124.9, 124.10, and 124.11, and establishes the 30-day
operational window, the 365-day standing window for fixed-site
persistent protection, and the renewal process. The Departments chose
these requirements based on the experience of the FBI and the DHS C-UAS
programs since 2018.
The C-UAS Operations Plan serves three functions: it documents the
Agency Approving Official's authorization of mitigation for a defined
location and period, it records the legal counsel certification that
the planned operation complies with this part and applicable law, and
it supplies, in a standardized format, the data elements the Federal
coordination process requires. The form is standardized and prescribed
by the Attorney General so that every plan carries the same data
elements, which permits automated routing through the coordination
portal and consistent FAA airspace review; the Federal C-UAS programs'
experience since 2018 is that nonstandard submissions are the principal
source of coordination delay. The 30-day operational window keeps the
threat assessment, airspace picture, and coordination data underlying a
plan current, while the 365-day standing window for fixed-site
persistent protection, paired with the recurring reviews required
elsewhere in this part, avoids requiring a correctional facility or
other fixed site to resubmit an unchanged plan every month. Renewal is
by updated submission rather than automatic extension so that each
operational period rests on a current authorization.
Section 124.9--Advance coordination, notification, and
authorization. This section establishes the advance coordination and
notification process, conducted through a single submission to the
designated Federal C-UAS coordination portal, operated by the FBI, that
routes the relevant data elements to the FBI and DHS for deconfliction,
to the FAA for airspace safety coordination, and to the FCC for
spectrum coordination. Consistent with 6 U.S.C. 124n, the airspace
process is one of coordination, not approval; however, an SLTT agency
may only conduct C-UAS operations once the C-UAS Operations Plan is
approved under Sec. 124.8. As to the FCC, however, the process is one
of coordination and authorization not mere coordination. Because 6
U.S.C. 124n does not displace 47 U.S.C. 301, an SLTT law enforcement or
correctional agency must obtain the authorization it needs from the FCC
before operating a C-UAS system that emits radio waves (such as certain
radar systems), and FCC coordination alone does not suffice. The
Departments and the FCC will work to establish standing or categorical
authorizations and a vendor equipment authorization pathway that reduce
the need for per-operation FCC approval, and the Departments intend to
pursue these mechanisms as a priority following publication of this
rule. In the interim, an SLTT law enforcement or correctional agency
may operate equipment on the Authorized Technologies List under
existing FCC authorizations and waivers, and the FCC may issue
expedited waivers under its Part 2 authority, including 47 CFR 2.1204,
for equipment already in use and for equipment needed to address a
newly identified or evolving threat. The Departments chose these
requirements
[[Page 41473]]
based on the experience of the FBI and the DHS C-UAS programs since
2018.
Advance coordination is the process by which an agency, before
commencing a mitigation operation or an operation employing an RF-
emitting system, submits the operation's data elements for Federal
deconfliction. Notification is the corresponding transmission of those
elements to the affected Federal entities. The single-submission design
is the central policy choice: the SLTT agency files once, through the
Federal C-UAS coordination portal, and the portal routes the relevant
elements to the FBI for operational deconfliction, to the FAA for
airspace safety coordination, and to the FCC for spectrum coordination.
The alternative, separate filings with each Federal entity, would
multiply the burden on SLTT agencies, produce inconsistent records, and
recreate the sequential processing delays the Federal programs
experienced before consolidated coordination mechanisms were adopted.
This section also requires the SLTT agency to submit a comparable
advance notification to the State if required by State law or policy.
This notification does not operate as a condition on, or approval
requirement for, the exercise of statutory authority. The Departments
welcome comment on this provision, including whether it is more
appropriately included as part of the State implementation policy.
Section 124.10--Interagency and lead-agency coordination. This
section establishes interagency and lead-agency coordination, including
early coordination and the notice of intent for nationally significant
events, tactical coordination under a designated lead C-UAS agency, the
requirement that an agency that does not accept tactical coordination
cannot conduct C-UAS operations within the area and period covered by
the lead-agency designation, coordination of overlapping SLTT
operations, and deconfliction direction when a conflict with a Federal
operation cannot otherwise be resolved. Early coordination is advance
engagement with the FBI and the designated lead C-UAS agency for an
event significant enough to draw multiple C-UAS operators, and the
notice of intent is the submission through which an agency states its
intent to operate at a nationally significant event so that protective
planning can integrate it. Tactical coordination under a designated
lead C-UAS SLTT agency places participating SLTT agencies' C-UAS
activity under a single, integrated operational picture for the event;
the requirement that an agency declining tactical coordination refrain
from operating within the covered area and period, and the reasons that
requirement is consistent with the independent statutory authority
Congress conferred on certified SLTT agencies, are discussed in the
following paragraph. Coordination of overlapping SLTT operations
addresses adjacent or concurrent operations by multiple agencies
outside designated events, and deconfliction direction is the limited
mechanism for resolving a conflict between an SLTT agency operation and
a Federal operation when coordination fails. Each element responds to
the same operational fact, demonstrated repeatedly in Federal C-UAS
operations since 2018: simultaneous uncoordinated C-UAS activity is
mutually interfering, because RF systems interact and multiple
operators may act against the same aircraft.
Paragraph (d) of Sec. 124.10 requires an SLTT agency that does not
accept tactical coordination by a designated lead C-UAS agency to
refrain from conducting C-UAS operations within the geographic area and
time period covered by the designation. The Departments considered
whether that requirement is consistent with the independent character
of the authority Congress provided to certified SLTT agencies in 6
U.S.C. 124n(a)(2) and have concluded that it is. The Act assigns the
Secretary of Homeland Security and Attorney General responsibility for
developing regulations and guidance governing SLTT agency C-UAS
operations, 6 U.S.C. 124n(d)(1); section 8606(a)(1) of the Act, and the
Attorney General for oversight of the exercise of the authority, 6
U.S.C. 124n(d)(2)(B). The Act also requires coordination with the
Administrator of the FAA on matters that might affect aviation safety,
civil aviation and aerospace operations, aircraft airworthiness, or the
use of airspace. 6 U.S.C. 124n(b)(4) and (d)(3). Uncoordinated
simultaneous C-UAS operations, even at a single event, present
unacceptable risks: RF mitigation systems can interfere with one
another and with protective communications, multiple agencies may
attempt conflicting mitigation actions against the same aircraft, and
aviation safety coordination assumes a single integrated operational
picture. The requirement is limited in three respects: it applies only
within the geographic area and time period of a designated lead-agency
event; it does not transfer the SLTT agency's statutory authority,
including the authority to make credible threat determinations; and it
preserves the emergency exception for an imminent risk to human life.
Outside designated events, an SLTT agency's C-UAS operations are
subject only to the coordination processes of Sec. Sec. 124.9,
124.10(e). The Departments invite comment on this approach.
Section 124.11--Real-time air traffic control notification. This
section establishes the requirement of real-time notification to air
traffic control upon activation of any C-UAS system for mitigation
action. The requirement protects aviation safety. Activation of an RF-
emitting mitigation system can affect aircraft operating near the
protected area, by interfering with their communications systems, so
real-time notification allows the FAA and air traffic control to
account for the mitigation action, issue advisories, and deconflict
other aircraft while the system is active. A mitigation action that
does not emit radio frequency energy can likewise affect the airspace
near the protected area, for example by bringing an unmanned aircraft
down or creating falling debris, so the same real-time air traffic
awareness is warranted whether or not the system emits radio frequency
energy. The Departments set the timing at five minutes or as soon as
operationally practicable, rather than a fixed advance-notice
requirement, because mitigation against a credible threat is time-
sensitive and often cannot be predicted far enough in advance to permit
prior notice; the standard requires notification at the earliest point
that does not compromise the protective action. Notification is routed
through a single FAA notification point and follows procedures jointly
established by DHS, DOJ, and the FAA, rather than procedures fixed in
this part, so that the operational mechanics can be adjusted as the air
traffic procedures develop without amending this rule. The SLTT agency
must also provide a follow-up notification confirming the time the
mitigation action terminates. Real-time notification under this section
is distinct from the advance airspace and spectrum coordination
required for a planned operation under Sec. Sec. 124.8 and 124.9; this
section addresses the air traffic awareness that a mitigation action
requires in real time. Paragraph (d) accordingly confirms that
mitigation actions that do not employ RF-emitting systems also require
notification under this section, unless the applicable Department of
Transportation or FAA notification procedures provide otherwise.
Section 124.12--Detection and warning operations. This section
establishes the conditions for detection and warning operations using
systems that require the authority of the Act or the relief it provides
from certain laws,
[[Page 41474]]
which do not require per-operation coordination when no RF-emitting
system is employed, and prohibits any mitigation action by personnel
holding only a Detection and Warning Certification.
The Departments recognize that some SLTT agencies have, before the
effective date of this rule, deployed UAS detection systems, including
systems that do not require the authority and relief provided by the
SAFER SKIES Act. This rule governs operations conducted under 6 U.S.C.
124n(a)(2) on and after the rule's effective date; it does not
adjudicate the lawfulness of detection activity conducted before the
effective date or under legal authorities other than the Act, and
nothing in this rule should be read as a determination that any
particular past deployment was or was not lawful. Prospectively, an
SLTT agency that intends to operate a detection system, the operation
of which requires the authority of the Act or the relief it provides
from certain laws must satisfy the conditions of Sec. 124.12,
including the Detection and Warning Certification, Operations Plan, and
the detection-and-warning policy or implementation policy.
The Departments have structured these requirements to minimize
disruption to existing protective postures: the detection and warning
curriculum is delivered online at no cost through the NCUTC training
portal, and certification issues automatically upon completion, the
detection-and-warning policy is adopted on the SLTT agency's own
attestation without pre-approval, and no per-operation coordination is
required for passive non-emitting systems (systems that do not actively
transmit RF energy). However, systems that involve radio frequency
emissions must be evaluated for compliance with the laws and
regulations administered by the FCC.
These choices balance the competing concerns directly. Safety is
preserved because every operator of a system requiring the Act's
authority or relief from criminal liability completes the required
curriculum and assessment before operating, and because the
certification database gives the Federal Government visibility into who
is operating. Privacy is preserved because the privacy protections of
Sec. 124.14, including minimization and the retention limit, apply in
full to detection operations after the effective date of this rule.
Efficiency and cost are addressed by online delivery at no tuition
cost, automatic certification, attestation without pre-approval, and
the absence of per-operation coordination for passive systems, which
together allow an SLTT agency already operating detection equipment to
come into compliance in days at the cost of approximately one hour of
operator time.
Section 124.13--Post-operation reporting. This section establishes
a reporting requirement within 48 hours after a mitigation action is
taken; the content of the report; consolidated, recurring-venue, and
persistent-protection reporting; a semiannual operational summary; and
the elements compiled to support the biannual congressional report
required by 6 U.S.C. 124n(d)(2)(D), including critical-infrastructure
protection requests and the requests an agency was unable to support.
The 48-hour reporting requirements and the content elements of the
report implement 6 U.S.C. 124n(d)(2)(C)(i), which requires a
notification to the Attorney General and the Secretary of Homeland
Security ``within 48 hours of any mitigation action described in [6
U.S.C. 124n](b)(1)'' containing the date, time, and geographic location
of the action, a description of the credible threat or safety concern,
the type of mitigation capability employed, and any known operational
effects. The submission mechanism implements 6 U.S.C.
124n(d)(2)(C)(ii), which directs the Attorney General and the Secretary
of Homeland Security to establish a streamlined and secure mechanism
for those notifications. Consolidated, recurring-venue, and persistent-
protection reporting are burden-reduction formats the Departments
adopted for agencies that conduct repeated operations at the same venue
or maintain standing fixed-site protection; they preserve every
statutory data element while avoiding duplicative per-event filings.
The semiannual operational summary and the compiled reporting elements
support the report the Attorney General must submit to Congress under 6
U.S.C. 124n(d)(2)(D), including the deployment frequency, location, and
circumstance data and the critical-infrastructure protection
determination that subparagraph requires.
Section 124.14--Privacy and civil liberties. This section
implements the privacy protections of 6 U.S.C. 124n(e), addressing the
First Amendment limitation, the scope of interception and incidental
capture, data collection minimization and periodic review, the 180-day
retention limit for records of communications and its statutory
exceptions, the treatment of State and local retention requirements,
the bases for dissemination of control communications, the
dissemination of pattern data, the protective purpose limitation, the
prohibition on acquiring unlawfully intercepted control communications
from third parties, and the audit trail.
Each element implements 6 U.S.C. 124n(e). The First Amendment
limitation restates the statutory prohibition on exercising the
authority solely to monitor protected activity. The interception and
incidental capture provisions define the scope of permissible
acquisition of control communications and the handling of
communications acquired incidentally. Minimization and periodic review
require procedures limiting acquisition, retention, and use to what the
protective purpose requires. The 180-day retention limit and its
exceptions implement the statutory limit on retaining intercepted
communications, and the SLTT agency retention provision addresses the
interaction of that Federal limit with SLTT records laws. The
dissemination provisions implement the statutory bases on which
intercepted communications may be shared, and the pattern data
provisions govern derived products. The protective purpose limitation
confines use of acquired communications to the protective, law
enforcement, and aviation safety purposes related to the UAS activity.
The third-party acquisition prohibition forecloses obtaining from a
vendor or other third party what the agency could not lawfully
intercept itself, and the audit trail creates the record on which the
compliance audit program and the Attorney General's oversight under 6
U.S.C. 124n(d)(2)(B) operate.
In calibrating these protections, the Departments made several
judgments on which they specifically invite comment. First, the rule
construes the statutory retention exceptions narrowly: an ongoing
security operation justifies continued retention only where a specific,
identified threat supports a discrete protective objective, and a
standing operational window does not by itself qualify. Second, for
standing detection deployments, the rule pairs the narrowest-technical-
configuration requirement with a recurring minimization review,
conducted not less than quarterly, to address the heightened incidental
capture risk of persistent collection. Third, the rule requires that
pattern data satisfy written anonymization standards adopted in the
agency's implementation policy and verified before dissemination
outside the agency, rather than prescribing a single national
anonymization standard, because aggregation thresholds and re-
identification risks vary substantially with jurisdiction size,
population
[[Page 41475]]
density, and event frequency; the adequacy of agency standards is
subject to the compliance audit program of Sec. 124.16. The
Departments invite comment on the operation of the retention exceptions
and their documentation requirements, on whether the rule should
prescribe minimum Federal anonymization standards for pattern data, on
the conditions governing real-time detection feeds, and on whether
additional safeguards are warranted for incidental capture during
standing deployments.
Section 124.15--Protection of sensitive operational information.
This section requires the protection of sensitive operational
information associated with planned or completed operations as well as
protection of sensitive Federal and operational information. The
protected information includes C-UAS Operations Plans, advance
coordination submissions, system capabilities, locations, and coverage
patterns, and the tactical procedures associated with planned or
completed operations. The section requires agencies to handle that
information under access controls and to protect it from public
disclosure to the extent permitted by applicable Federal, State, local,
Tribal, and territorial law. The section uses a two-tier approach.
Information that ties specific system capabilities, vulnerabilities, or
countermeasure effectiveness to a planned or completed operation is
handled as law enforcement sensitive and evaluated for classification
where it reveals a capability gap of national security concern; general
operational coordination information, such as the existence, general
timing, or general coverage area of a deployment, is handled as
Controlled Unclassified Information so that it can be shared with
covered partners, including a State-designated aviation point of
contact, without the added handling a law enforcement sensitive caveat
would impose. The Departments chose these protections because
disclosure of coverage patterns, system locations, or capability
details enables a hostile operator to circumvent protection, and the
operational record of the Federal C-UAS programs shows that adversaries
probe for exactly that information.
Section 124.16--Compliance and enforcement. This section
establishes the compliance audit program contemplated by section
8606(b)(2) of the SAFER SKIES Act and addresses the civil penalties and
civil enforcement that sections 8605(f) and (g) of the Act establish,
including their relationship to suspension. The civil penalties are
established by the statute, not by this section; Sec. 124.16
implements the statutory penalty scheme, as discussed together with the
graduated penalty levels and assessment factors in the following
paragraph. The compliance audit program gives an agency the means to
demonstrate, and the Departments the means to verify, compliance with
the requirements of this part before a violation occurs.
With respect to civil penalties, section 8605(f) of the SAFER SKIES
Act authorizes a civil fine of up to $100,000 per violation or
suspension of C-UAS authority pending review by the Attorney General or
the Secretary of Homeland Security. If a fine is not paid, section
8605(g) authorizes the Attorney General to bring a civil action in a
United States district court to collect such fines and enforce civil
penalties. The rule provides for graduated penalty levels proportionate
to the severity of the violation and enumerates the factors that inform
assessment, including the agency's compliance history, the availability
and quality of compliance assistance from Federal partners, whether the
violation resulted in actual harm, and whether the agency took prompt
corrective action, and it provides that a first violation of a
procedural reporting or notification requirement will not draw a
penalty where the agency demonstrates a good-faith effort to comply and
voluntarily self-reports. The Departments invite comment on the penalty
framework, including the graduated structure, the enumerated factors,
and the treatment of first-time procedural violations.
Section 124.17--Confiscation and forfeiture. This section
implements the confiscation authority of 6 U.S.C. 124n(b)(1)(E) and the
forfeiture provision of 6 U.S.C. 124n(c)(2), addresses in-flight
physical interception, and requires that the response to a suspected
hazardous device delivered by an unmanned aircraft be conducted by a
bomb squad accredited through the Hazardous Devices School.
Confiscation under 6 U.S.C. 124n(b)(1)(E) is the seizure or other
taking of possession of an unmanned aircraft or UAS consistent with the
Act. Forfeiture under 6 U.S.C. 124n(c)(2) follows the law of the
seizing agency's jurisdiction, as the statute directs, so the section
does not create a Federal forfeiture process. The section also notes
that an aircraft on the ground may be seized under traditional law
enforcement authority--that is, ordinary seizure authority such as
seizure incident to arrest or pursuant to a warrant or a recognized
exception to the warrant requirement, without reliance on the Act. In-
flight physical interception is addressed because catching or netting
an aircraft in flight can implicate several of the statutory
authorities at once and carries distinct safety risks; the section
therefore directs that personnel conducting such actions hold
Mitigation Certification. The bomb squad requirement reflects a
deliberate policy choice: an unmanned aircraft that is a potential
hazardous or destructive device is the domain of certified public
safety bomb technicians, not a C-UAS problem, and render-safe response
is a separate discipline with its own national certification structure.
Requiring response by a bomb squad accredited through the Hazardous
Devices School, consistent with the National Guidelines for Bomb
Technicians, keeps that response within the established national
framework rather than creating a parallel one.
Section 124.18--Activities for evaluation, testing, training, and
pre-operational validation. This section establishes the conditions for
operational testing, pre-operational function checks, on-the-job
proficiency training, and pre-operational validation, which are
conducted under FCC coordination and authorization and FAA coordination
and notification. Testing is the evaluation of a system's function and
effects before operational use; proficiency training is recurring
operator practice; and pre-operational validation is the verification,
before a planned operation, that a system performs as expected at the
operating location. These activities are conducted under FCC
coordination and authorization and FAA coordination and notification,
rather than under the authority of the Act, because the Act's authority
is conditioned on a credible threat and these activities, by
definition, lack one. The Departments considered permitting testing
under the Act's authority and rejected that approach as inconsistent
with the statutory predicate; the established Federal mechanisms for
experimental spectrum use and airspace safety coordination are the
lawful and proven path, and they are the same mechanisms the Federal C-
UAS programs use for their own testing.
Section 124.19--Task force arrangements and Federal support. This
section preserves existing task force and deputization arrangements
under 6 U.S.C. 124n(a)(1), provides that the availability of C-UAS
authority through such task force and deputization arrangements neither
requires accreditation under this part nor affects those arrangements,
and establishes the framework for Federal C-UAS support upon SLTT
agency request. The section preserves task force arrangements
[[Page 41476]]
because 6 U.S.C. 124n(a)(1) authority and 6 U.S.C. 124n(a)(2) authority
are separate authorities: an agency with officers who serve as
deputized task force officers under Federal sponsorship may continue
those arrangements without seeking accreditation under this part, and
an accredited agency may still participate in Federal task forces. The
Federal support framework establishes how an SLTT agency may request
Federal C-UAS support, such as coverage of a threat beyond the agency's
certified capabilities. The Departments adopted these provisions to
avoid forcing a transition: agencies operating effectively under
existing task force models, including those supporting major public
events in 2026, should not lose that posture because a separate path
now exists. An agency may also request FBI technical exploitation
support for a seized UAS through its local FBI field office.
Section 124.20--Construction. This section sets out rules of
construction, including that this part creates no enforceable right,
does not authorize action against any aircraft operated with a human
pilot, crew, or passengers onboard, and does not create a new basis of
liability for officers participating in the protection of identified
mass gatherings.
Section 124.21--Termination. This section implements the December
31, 2031, termination date of 6 U.S.C. 124n(j)(2) and provides that
obligations and proceedings arising before termination survive it.
Section 124.22--Severability. This section is a severability
provision. The provisions in this rule are not necessarily interrelated
and can function independent of one another. As such, the Departments
believe that most of the provisions of this IFR can function sensibly
and independently of other provisions. Therefore, in the event that any
provisions in this rule are invalidated by a reviewing court, the
Departments intend the remaining provisions to remain in effect to the
fullest extent possible.
IV. Regulatory Certifications
A. Administrative Procedure Act
For the reasons described below, there is good cause for the
Departments to forgo the APA's notice-and-comment procedures for this
rule because following such procedures is impracticable. Additionally,
the rule is not subject to the delayed-effective date requirement
because it recognizes an exemption or relieves a restriction and
because there is good cause for the rule to be immediately effective.
Notwithstanding the explanation below, the Departments nonetheless
welcome post-promulgation comment on all aspects of this IFR.
1. Good Cause To Forgo Notice and Comment
The Administrative Procedure Act (``APA'') allows an agency to
issue a rule without notice and comment ``when the agency for good
cause finds . . . that notice and public procedure thereon are
impracticable, unnecessary, or contrary to the public interest.'' 5
U.S.C. 553(b)(B). ``[T]he good cause exception is to be narrowly
construed and only reluctantly countenanced.'' Mack Trucks, Inc. v.
EPA, 682 F.3d 87, 93 (D.C. Cir. 2012) (citation and quotation marks
omitted). Courts apply ``the good cause exception to excuse notice and
comment in emergency situations, where delay could result in serious
harm, or when the very announcement of a proposed rule itself could be
expected to precipitate activity by affected parties that would harm
the public welfare.'' Am. Pub. Gas Ass'n v. Dep't of Energy (``APGA''),
72 F.4th 1324, 1340 (D.C. Cir. 2023) (cleaned up); see also California
v. Azar, 911 F.3d 558, 575 (9th Cir. 2018) (``[T]he good cause
exception is usually invoked in emergencies . . . .'').
Following the notice-and-comment procedures for this rule is
impracticable. Impracticability ``is generally confined to emergency
situations in which a rule would respond to an immediate threat to
safety, such as to air travel, or when immediate implementation of a
rule might directly impact public safety.'' NRDC v. NHTSA, 894 F.3d 95,
114 (2d Cir. 2018). For instance, it applies when ``air travel security
agencies would be unable to address threats posing a possible imminent
hazard to aircraft, persons, and property within the United States,''
Mack Trucks, 682 F.3d at 93 (internal quotation marks omitted), ``if a
safety investigation shows that a new safety rule must be put in place
immediately,'' id. (internal quotation marks omitted), or when some
other ``similarly serious threats'' exist, Mid Continent Nail Corp. v.
United States, 846 F.3d 1364, 1380 (Fed. Cir. 2017).
Those circumstances are present here. Recognizing the imminent
threat that unmanned aircraft and UAS pose to public safety, Congress
passed the SAFER SKIES Act to provide a framework for SLTT agencies to
exercise C-UAS authority independently of Federal task forces and
deputization, which limit SLTT agencies to C-UAS activities as part of
Federal actions. See 6 U.S.C. 124n(a)(2). Congress set a timetable for
the Departments to promulgate regulations to govern that authority,
with section 8606(a)(1) of the SAFER SKIES Act directing the Secretary
of Homeland Security and the Attorney General to do so not later than
180 days after the date of enactment, and 6 U.S.C. 124n(d)(2)(A)(ii)
separately requiring the Attorney General to develop the training and
certification procedures within the same 180-day period. The Act was
signed into law on December 18, 2025, placing the statutory deadline in
mid-June 2026. Congress's compressed timetable reflects its own
judgment about the urgency of the threat this authority addresses, and
that deadline, coupled with the exigency that motivated it, supports
the finding here. As explained below in this section, this rule is not
only necessary to fulfill Congress's requirement that the Departments
develop regulations and guidance, but it responds to immediate threats
related to several high-profile events that are or may be the target of
nefarious actors.
This rule responds to an immediate threat to safety because a
growing number of irresponsible operators ignore flight restrictions
and endanger the safety of the airspace and commercial aircraft as they
approach airports. In addition, UAS pose an immediate and growing
threat to public safety, security at prisons, and national security.
For example, they can be used to conduct kinetic attacks using payloads
of explosives. See, e.g., Belfair, Washington, man arrested by FBI in
connection to planned attack on government officials at White House UFC
event, DOJ (June 22, 2026), https://www.justice.gov/usao-wdwa/pr/belfair-washington-man-arrested-fbi-connection-planned-attack-government-officials [https://perma.cc/L557-X9MS] (conspirators planned
to load explosives onto drones and attack the White House UFC event on
one side in order to force attendees to exit where they could be shot
with rifles and other weapons). UAS can also be weaponized with
chemical, biological, or nuclear material, used to conduct espionage,
and used to traffic in controlled substances and contraband cellphones
in prisons. Dep't of Justice, Securing the Skies: Law Enforcement,
Drones, and Public Safety: Hearing Before the S. Comm. on the
Judiciary, 119th Cong. 5 (2025). Furthermore, without this rule, and
specifically the rule's requirement and mechanism to coordinate with
the FAA, air travel security agencies will become ``unable to address
threats posing `a possible imminent hazard to aircraft.' '' Mack
Trucks, 682 F.3d at 93 (quoting Jifry v. FAA, 370 F.3d 1174, 1179 (D.C.
Cir. 2004)).
[[Page 41477]]
The protective need is concrete and increasingly urgent, and this
rule provides necessary mechanisms to address that growing need. Prior
to this IFR, deputized SLTT agency C-UAS personnel that were fully
trained and certified could only be used in connection with a Federal
operation or with Federal assistance--they could not engage in C-UAS
actions on their own, including to protect their own jurisdictions,
without Federal partnership. See 6 U.S.C. 124n(a)(1). This rule allows
the deputized C-UAS Task Force operators to conduct C-UAS operations to
support the missions of their own SLTT agencies and protect their own
``large-scale public gatherings or events, critical infrastructure, or
correctional facilities.'' 6 U.S.C. 124n(a)(2). Furthermore, each
trained and certified C-UAS operator is a force multiplier: one
Mitigation trained and certified SLTT C-UAS operator can activate an
entire SLTT C-UAS team, with the remaining members completing the
online requirements. And, critically, the rule provides a mechanism for
SLTT agencies to both coordinate and to deconflict with the FAA, other
agencies in the Federal Government, and with other SLTT agencies.
The authority Congress provided in 6 U.S.C. 124n(a)(2) is
conditioned on the training, technology, and oversight requirements in
the statute. This rule implements those requirements by establishing a
binding framework under which personnel must complete required training
and certification, SLTT agencies must adopt implementation policies,
and operators must employ authorized technologies and follow
notification and coordination procedures. Without the rule's binding
framework, certification of SLTT agency personnel to exercise authority
under section 124n(a)(2) would at a minimum be substantially more
challenging to monitor and regulate. Specifically, SLTT agencies were
able to participate in C-UAS mitigation operations only through Federal
task force arrangements under 6 U.S.C. 124n(a)(1), which require
Federal sponsorship and individual deputization. Such arrangements
could not scale to the public safety need or the volume of SLTT agency
operations required to address the current threat level. Current task
force arrangements permit SLTT agencies to operate alongside Federal
agencies. Section 124n(a)(2) authority, however, would allow SLTT
agencies to operate independently, which would drastically increase
their capacity in all relevant jurisdictions.
The framework this rule establishes can scale in a way the task
force model cannot. At the detection tier, the NCUTC online curriculum
and automatic certification can train and certify operators nationwide
without resident throughput limits; the Departments expect
approximately 1,500 agencies to certify at that tier within two
years.\5\
---------------------------------------------------------------------------
\5\ The Departments note that DOJ has issued a charging policy
to encourage certain SLTT agencies with assigned duties that include
the security or protection of people, facilities, or assets to
engage in C-UAS detection operations (6 U.S.C. 124n(b)(1)(A)) while
the Departments developed this rule in part to address the threat
posed by unauthorized unmanned aircraft and UAS activity at the
F[eacute]d[eacute]ration Internationale de Football Association
(``FIFA'') World Cup\TM\. Acting Attorney General Blanche,
Memorandum to all Federal Prosecutors, Charging Policy Concerning
Defensive Actions Against Unmanned Aircraft Systems (June 12, 2026),
https://www.justice.gov/olp/media/1450041/dl?inline. Although the
charging policy shields SLTT agencies from chapters 119 and 206 of
Title 18 (the Wiretap Act and the prohibition on pen register and
trap and trace device use), it does not shield them from State,
local, Tribal, or territorial law. In contrast, 6 U.S.C. 124n(a)(2)
does shield SLTT agencies from State, local, Tribal, or territorial
law, so long as they complete the training detailed in subsection
(d)(2). 6 U.S.C. 124n(a)(2) (``notwithstanding the laws of any
particular State, local, Tribal, or territorial jurisdiction, and
after completing the training detailed in subsection (d)(2)''). As a
result, this rule is necessary for SLTT agency detection operations.
---------------------------------------------------------------------------
At the mitigation tier, the NCUTC has trained and certified the
operators of approximately 46 agencies through its resident courses to
date, is conducting additional classes on a continuing schedule, and is
expanding the instructor cadre and course frequency to support broader
SLTT agency enrollment beginning later in 2026. Although deputized SLTT
agencies are critical to Federal operations, deputization is
insufficient to address the public safety need, which necessarily
increases as UAS technologies improve and become more widely
accessible. Unmanned aircraft incursions over stadiums, mass
gatherings, airports, critical infrastructure, and correctional
facilities are documented and recurring, and they present a threat to
public safety, and to the safety-of-flight of manned aircraft and
lawfully operating UAS in the national airspace system; moreover, the
prospect of weaponized drones also presents a threat to national
security.\6\
---------------------------------------------------------------------------
\6\ See, e.g., Jordy Fee-Platt, Man charged with allegedly
flying drone above Levi's Stadium during NFL game, The Athletic
(Feb. 3, 2026), https://www.nytimes.com/athletic/7018723/2026/02/03/drone-operator-charged-levis-stadium/.
---------------------------------------------------------------------------
In addition, Federal C-UAS resources cannot be present at every
site. Congress extended this authority to SLTT agencies precisely
because Federal protective capacity is finite. The record is concrete.
The National Football League's chief security officer told Congress in
December 2024 that unauthorized drone incursions into the restricted
airspace over NFL games grew from roughly a dozen in the 2017 season to
2,537 in 2022 and 2,845 in 2023.\7\ Two of those incursions resulted in
Federal felony charges announced by the United States Attorney for the
District of Maryland: the January 28, 2024, drone flight over M&T Bank
Stadium that forced a temporary suspension of the American Football
Conference Championship game, and a second flight over the same stadium
during a January 11, 2025, playoff game. In December 2024, the United
States Attorney for the Central District of California charged a
Chinese national who flew a drone over Vandenberg Space Force Base for
nearly an hour and photographed the installation after base detection
systems tracked the flight. Drone delivery of contraband into
correctional facilities is the subject of recurring Federal
prosecutions,\8\ including the August 2024 indictments of 23 defendants
in the Southern District of Georgia for conspiracies that used drones
to deliver methamphetamine, marijuana, and contraband cell phones into
State prisons, and earlier prosecutions in the District of Kansas, the
Eastern District of California, and the District of New Jersey
involving drone deliveries of drugs, cell phones, and tobacco into
Federal and State facilities.
---------------------------------------------------------------------------
\7\ Statement of Cathy L. Lanier, Chief Security Officer,
National Football League, before the House Committee on Homeland
Security (Dec. 10, 2024), https://www.congress.gov/118/meeting/house/117754/witnesses/HHRG-118-HM05-Wstate-LanierC-20241210.pdf
[https://perma.cc/V8VQ-KN4J].
\8\ See, e.g., Twelve Indicted in Alleged Drone Smuggling
Conspiracy at Ten Prisons, DOJ (June 24, 2026), https://www.justice.gov/usao-mdga/pr/twelve-indicted-alleged-drone-smuggling-conspiracy-ten-prisons [https://perma.cc/U824-36YY].
---------------------------------------------------------------------------
The exposure is increasing rapidly: the F[eacute]d[eacute]ration
Internationale de Football Association (``FIFA'') World Cup\TM\, the
largest sporting event ever held in the United States, began June 11,
2026, and runs through July 19, 2026, across 11 United States host
cities; and the Nation's semiquincentennial celebrations culminate on
July 4, 2026, in mass gatherings nationwide.\9\
---------------------------------------------------------------------------
\9\ See Holmes Lybrand, Drones and lone wolf attacks are key
concerns as FBI works to secure 11 World Cup cities, CNN (Jun. 13,
2026), https://www.cnn.com/2026/06/13/politics/drones-lone-wolf-attacks-fbi-world-cup.
---------------------------------------------------------------------------
These events proceed under the same stadium and special-event
flight restrictions that the documented incursions repeatedly violated.
Since
[[Page 41478]]
the 2026 FIFA World Cup began, as of June 20, 2026, DHS and the FBI
have recorded over 600 drone incursions into restricted airspace across
host-city venues, and Federal C-UAS teams seized hundreds of
unauthorized drones in multiple host cities.\10\ And the highest-
attendance matches, including the knockout rounds and the final, remain
ahead.
---------------------------------------------------------------------------
\10\ See David Shepardson, US agencies have seized more than 300
drones near World Cup sites, TSA says, Reuters (June 23, 2026),
https://www.reuters.com/sports/soccer/us-agencies-have-seized-more-than-300-drones-near-world-cup-sites-tsa-says-2026-06-23/.
---------------------------------------------------------------------------
The Nation's 250th anniversary observances bring large public
events to multiple major cities on the same days, beginning the first
week of July 2026 and continuing through mid-July, including tall-ship
naval reviews, aircraft fly-overs, and major municipal fireworks
displays. A number of these are federally designated special security
events, including a National Special Security Event. Several involve
planned manned-aircraft operations in the same airspace as the public
gathering, which makes airspace deconfliction of any C-UAS response
especially important. SLTT agencies are already supporting C-UAS
protection at these events and will continue to do so through their
conclusion, but without this rule's framework, they would not be able
to act independently to fully protect their jurisdictions.
The reason these agencies cannot yet operate fully is the nature of
the only mechanism now available to them. Most of the personnel the
NCUTC has trained are already federally deputized, so the constraint is
not the pace of deputization. It is that deputized personnel act under
Federal authority and can exercise the C-UAS authorities that depend on
the Act's legal protections, including mitigation and the use of RF-
emitting systems, only when acting in connection with a Federal
operation or with Federal assistance.\11\ See 6 U.S.C. 124n(a)(1).
Federal resources cannot be present at every one of the simultaneous
events in July 2026, leaving SLTT agencies unable to nimbly protect
their own communities and events under their own authority. This rule
supplies the direct pathway that 6 U.S.C. 124n(a)(2) provides. After
training and certification through the NCUTC and adoption of an
implementation policy, SLTT agencies may exercise these authorities
under their own authority, without case-by-case Federal deputization
and without a Federal operation on scene. Making that pathway effective
on public inspection is what allows these agencies to provide lawful,
coordinated, and full C-UAS coverage during the events described above.
Any delay for notice and comment would therefore frustrate critical
safety and security activities authorized by the Act.
---------------------------------------------------------------------------
\11\ Specifically, deputized personnel must be operating
pursuant to a Federal action or else risk being subject to State,
local, Tribal, or territorial law. Section 124n(a)(1) only provides
relief from certain Federal laws, which makes sense because it
allows deputization of SLTT agency personnel for Federal
operations--thus, relief from State, local, Tribal, and territorial
laws is unnecessary. Section 124n(a)(2), on the other hand, provides
relief from State, local, Tribal, and territorial law, thus
providing relief to SLTT agencies engaged in C-UAS activity outside
Federal operations so long as they are trained and certified. In
other words, the framework in this rule is the key that unlocks SLTT
agencies' ability to fully operate independently under the authority
Congress provided.
---------------------------------------------------------------------------
As noted above, approximately 46 SLTT agencies have already
completed training and certification through the NCUTC and stand ready
to operate, reflecting 61 individually certified officers per NCUTC
certification records; the framework this rule establishes is one of
the remaining requirements, in addition to the establishment of the
list of authorized technologies required by 6 U.S.C.
124n(d)(2)(A)(iii). Delaying this rule's framework for pre-promulgation
notice and comment would leave trained State and local protective
capacity sidelined during the greatest period of need experienced so
far. This rule responds to an increasing pattern of imminent threats to
public safety, and its immediate implementation directly impacts public
safety. See NRDC, 894 F.3d at 114.
Finally, the Departments note that they have been diligently
working to expand Federal and SLTT agency C-UAS capacity via a range of
efforts, of which this rulemaking effort is only one. For instance:
DOJ has prioritized the full enforcement of applicable
civil and criminal laws when drone operators endanger the public,
violate established airspace restrictions, or operate a drone in
furtherance of an element of another crime; \12\
---------------------------------------------------------------------------
\12\ See E.O. 14305, Restoring American Airspace Sovereignty, 90
FR 24719 (June 6, 2025).
---------------------------------------------------------------------------
DOJ, through the FBI, established and continues to expand
the NCUTC through a resident mitigation course and an online detection
and warning curriculum, which has certified 61 officers across
approximately 46 SLTT agencies to date, and is expanding the NCUTC's
instructor cadre and course frequency to meet anticipated nationwide
demand;
DHS, through the Federal Emergency Management Agency
(``FEMA''), noticed and awarded $250 million in Federal funding in FY
2026 to enhance SLTT agency capabilities to detect, identify, track, or
monitor UAS in anticipation of the FIFA World Cup \TM\; \13\
---------------------------------------------------------------------------
\13\ See Counter Unmanned Aircraft Systems Grant Program, FEMA
(June 9, 2026), https://www.fema.gov/grants/preparedness/counter-unmanned-aircraft-systems-grant-program [https://perma.cc/CRC2-9MW5].
---------------------------------------------------------------------------
The Departments planned, coordinated, and led C-UAS
protection across all 11 U.S. host cities for the FIFA World Cup\TM\,
ensuring that trained State and local officers embedded in FBI-led task
forces are able to support C-UAS operations at tournament venues and
associated sites as needed; \14\ and
---------------------------------------------------------------------------
\14\ See FBI, Philadelphia is a `No Drone Zone' Around FIFA
World Cup and Other Special Events This Summer (June 2, 2026),
https://www.fbi.gov/contact-us/field-offices/philadelphia/news/philadelphia-is-a-no-drone-zone-around-fifa-world-cup-and-other-special-events-this-summer.
---------------------------------------------------------------------------
DHS provided ongoing assistance to Federal coordination
teams and SLTT agencies acquiring and implementing C-UAS technologies
in the U.S. host cities by optimizing C-UAS sensor placement,
coordinating memoranda of understanding, conducting site surveys and RF
analyses, enhancing operational strategies, and developing guidance on
C-UAS procurement and field placement.\15\
---------------------------------------------------------------------------
\15\ See, e.g., DHS, Counter-Unmanned Aircraft Systems (C-UAS)
Equipment Placement Field Guidance for State and Local First
Responders (Mar. 9, 2026), https://www.dhs.gov/science-and-technology/publication/c-uas-equipment-placement-field-guidance-responders; DHS, Purchasing Tool for Counter Unmanned Aircraft
Systems (C-UAS) (Dec. 15, 2025), https://www.dhs.gov/science-and-technology/publication/c-uas-purchasing-tool; DHS, S&T Lab is
Working with State and Local Agencies to Counter Drones at the World
Cup (May 7, 2026), https://www.dhs.gov/science-and-technology/news/2026/05/07/st-lab-working-state-and-local-agencies-counter-drones-world-cup.
---------------------------------------------------------------------------
The Departments also note that work on C-UAS matters--including
this rule--was necessarily complicated by the lingering effects of a
43-day Federal Government shutdown that lasted from October 1, 2025,
through November 12, 2025,\16\ and which were compounded
[[Page 41479]]
by a 75-day DHS-specific government shutdown that followed the Act's
enactment and lasted from February 14, 2026, to April 30, 2026.\17\
Despite the challenges caused by funding disruptions and workforce
shutdowns, the Departments have diligently worked to address UAS-
related risks across a range of domains.
---------------------------------------------------------------------------
\16\ See Marc Labonte & Lida R. Weinstock, Cong. Rsch. Serv.,
R48832, The 2025 (FY2026) Government Shutdown: Economic Effects
(Jan. 29, 2026), https://www.congress.gov/crs-product/R48832 (``The
federal government experienced a funding gap beginning on October 1,
2025--the start of FY2026--and ending when the Continuing
Appropriations, Agriculture, Legislative Branch, Military
Construction and Veterans Affairs, and Extensions Act, 2026 (P.L.
119-37), was signed into law on November 12, 2025''); see also Joe
Walsh et al., CBS News, The 2025 U.S. Government Shutdown, by the
Numbers (Nov. 13, 2025), https://www.cbsnews.com/news/2025-government-shutdown-by-numbers/ (``The longest government shutdown
in modern U.S. history came to a close Wednesday night when
President Trump signed a bill to fund the government through Jan.
30--ending a 43-day-long impasse that had imperiled air travel and
left thousands without paychecks.'').
\17\ See Scott Wong et al., Record-long Department of Homeland
Security Shutdown Ends, NBC News (Apr. 30, 2026), https://www.nbcnews.com/politics/congress/congress-expected-end-record-75-day-partial-government-shutdown-rcna342903 (``The House on Thursday
approved a Senate-passed bill that would fund much of the Department
of Homeland Security, ending the record 75-day shutdown of the
sprawling federal agency.'').
---------------------------------------------------------------------------
2. Immediate Effective Date
Additionally, the Departments are making this rule immediately
effective. This rule recognizes an exemption or relieves a restriction
and is thus not subject to the APA's delayed-effective-date
requirement. See 5 U.S.C. 553(d)(1).
Additionally, there is good cause to forgo a delayed effective
date, see 5 U.S.C. 553(d)(3), for the reasons provided for forgoing
notice and comment explained in Section IV.A.1 of this preamble, but
also because no one requires time to comply with the rule's
requirements before it becomes effective. The primary purpose of the
delayed-effective-date requirement is to give people a reasonable time
to prepare to comply with the rule. See U.S. Dep't of Just., Attorney
General's Manual on the Administrative Procedure Act 36 (1947);
Riverbend Farms, Inc. v. Madigan, 958 F.2d 1479, 1485 (9th Cir. 1992)
(holding that the purpose of 5 U.S.C. 553(d) is ``to give affected
parties time to adjust their behavior before the final rule takes
effect''). This rule does not compel SLTT agencies to take any actions
discussed in this rulemaking. Indeed, the requirements this rule sets
forth reflect the procedures taught at the NCUTC, the resident
mitigation courses of which have trained the operators of the SLTT
agencies active to date, and participation remains voluntary at every
step. Upon publication, the NCUTC will transmit this rule to every
agency it has trained. The online detection and warning curriculum,
updated to reflect the rule's data handling, dissemination, and
retention requirements, will be available through the NCUTC training
portal on the effective date; it requires approximately one hour to
complete, and certification issues automatically upon completion.
Section 124.5(n) preserves existing Mitigation Certifications while
previously trained personnel complete that curriculum, so no SLTT
agency loses capability on the effective date and no agency requires
additional lead time to come into compliance. Additionally, some of the
requirements this rule sets forth are already known to the SLTT
agencies who acquired C-UAS technologies using FEMA grant dollars
earlier in FY 2026. Specifically, the FEMA Notice of Funding
Opportunity stipulated that deputized SLTT agency members must enroll
and complete the training course at FBI's NCUTC to employ mitigation
capabilities funded by Federal grant dollars.\18\ Thus, SLTT agency
personnel and their agencies do not require additional time to prepare
to comply.
---------------------------------------------------------------------------
\18\ FEMA, Counter-Unmanned Aircraft Systems Grant Program Fact
Sheet (Nov. 10, 2025), https://www.fema.gov/fact-sheet/counter-unmanned-aircraft-systems-grant-program-fact-sheet [https://perma.cc/6HKW-APHN].
---------------------------------------------------------------------------
B. Regulatory Flexibility Act
The Regulatory Flexibility Act's (``RFA'') regulatory flexibility
analysis requirements apply only to those rules for which an agency is
required to publish a general notice of proposed rulemaking pursuant to
5 U.S.C. 553 or any other law. See 5 U.S.C. 604(a). As discussed
previously, the Departments did not issue a notice of proposed
rulemaking for this action as exempted by 5 U.S.C. 553(b)(B).
Therefore, a regulatory flexibility analysis is not required for this
rule.
C. Executive Orders 12866 and 13563--Regulatory Review
The Office of Management and Budget (``OMB'') has determined that
this rulemaking is a ``significant regulatory action'' under section
3(f) of Executive Order 12866, 58 FR 51735, 51738 (Sept. 30, 1993), but
that it is not a section 3(f)(1) significant action. Accordingly, this
rule has been submitted to OMB for review. This rule has been drafted
and reviewed in accordance with section 1(b) of Executive Order 12866
and section 1(b) Executive Order 13563, 76 FR 3821 (Jan. 18, 2011).
The changes made by this rulemaking are deregulatory in character
and impose no mandate on any SLTT agency. The rule does not require any
agency to acquire C-UAS capability or to conduct C-UAS operations; it
establishes the framework through which agencies may voluntarily obtain
certification and exercise the authority Congress provided, and it
removes, for participating agencies that satisfy its conditions,
exposure to the criminal prohibitions displaced by the notwithstanding
clause of 6 U.S.C. 124n(a)(2). In plain terms, an agency that chooses
to participate and follows the rule's conditions can lawfully take
protective actions against threatening drones that criminal law would
otherwise prohibit; an agency that does not participate is left exactly
where it was before. The principal benefits are the public safety,
critical infrastructure, and correctional security protections that
trained and certified SLTT agencies can provide against UAS threats,
the reduced reliance on limited Federal C-UAS assets that SLTT
participation makes possible, and the immediate availability of a
qualified SLTT law enforcement C-UAS capability for major public
events. The principal costs are the training, equipment, coordination,
and reporting costs that participating agencies, each of which decides
whether the benefits justify those costs in light of its own assessment
of its needs and resources, voluntarily incur. Because participation is
voluntary, and the rule imposes no mandate, the Departments expect the
rule's net effect to be beneficial, with costs falling only on agencies
that have determined the capability to be worth the expense.
D. Executive Order 14192--Unleashing Prosperity Through Deregulation
Executive Order 14192, 90 FR 9065 (Jan. 31, 2025), requires an
agency, unless prohibited by law, to identify at least 10 existing
regulations to be repealed or revised when the agency publicly proposes
for notice and comment, or otherwise promulgates, a new regulation that
qualifies as an Executive Order 14192 regulatory action (defined in OMB
Memorandum M-25-20 as a significant regulatory action as defined in
section 3(f) of Executive Order 12866 that has been finalized and that
imposes total costs greater than zero). In furtherance of this
requirement, section 3(c) of Executive Order 14192 requires that the
incremental costs associated with such new regulations must, to the
extent permitted by law, also be offset by eliminating existing costs
associated with at least 10 prior regulations. 90 FR 9065. This IFR is
an Executive Order 14192 deregulatory action. See OMB Memorandum M-25-
20, ``Guidance Implementing Section 3 of Executive Order 14192, titled
`Unleashing Prosperity Through Deregulation' '' (Mar. 26, 2025).
E. Executive Order 14294--Overcriminalization of Federal Regulations
Executive Order 14294, 90 FR 20363 (May 9, 2025), requires agencies
promulgating regulations with criminal regulatory offenses potentially
subject to
[[Page 41480]]
criminal enforcement to explicitly describe the conduct subject to
criminal enforcement, the authorizing statutes, and the mens rea
standard applicable to each element of those offenses. 90 FR 20363.
This rule does not create a criminal regulatory offense and is thus
exempt from Executive Order 14294 requirements.
F. Executive Order 13132--Federalism
This IFR will not have substantial direct effects on the States, on
the relationship between the national government and the States, or on
the distribution of power and responsibilities among the various levels
of government, as outlined by Executive Order 13132, 64 FR 43255 (Aug.
4, 1999). The IFR implements only a voluntary process for SLTT agencies
to obtain certification to use certain C-UAS capabilities consistent
with the requirements of the SAFER SKIES Act. By virtue of its
``notwithstanding'' provision, the SAFER SKIES Act may preempt the
conflicting laws of any particular SLTT jurisdiction when a duly
qualified SLTT law enforcement or correctional officer takes actions
authorized under 6 U.S.C. 124n(a)(2). This IFR does not materially
expand the preemptive effect of that provision. In developing this
rule, the Departments engaged with SLTT agencies, including through the
NCUTC and through outreach to SLTT agencies, and will continue that
engagement through the comment period. The rule also accommodates State
and local law where Congress did not displace it: Sec. 124.14(h)
addresses the interaction between the Federal retention limit and the
SLTT records retention requirements, and Sec. 124.6(b) requires review
of the interplay of proposed operations and implementing policies with
applicable SLTT law. The Departments specifically invite comment from
SLTT officials on all aspects of this rule, including the coordination
requirements of Sec. 124.10.
G. Executive Order 12988--Civil Justice Reform
This rule meets the applicable standards set forth in sections 3(a)
and 3(b)(2) of Executive Order 12988, 61 FR 4729, 4730-32 (Feb. 5,
1996), to specify provisions in clear language. Pursuant to section
3(b)(1)(I) of the Executive Order, nothing in this rule is intended to
create any legal or procedural rights enforceable against the United
States. See 61 FR 4731.
H. Unfunded Mandates Reform Act of 1995
Title II of the Unfunded Mandates Reform Act of 1995 (2 U.S.C.
1531-38, UMRA) requires each Federal agency to prepare a written
statement assessing the effects of any Federal mandate in a proposed
rule or final rule for which the agency published a proposed rule,
which includes any Federal mandate that may result in a $100 million or
more expenditure (adjusted annually for inflation) in any one year by
State, local, and Tribal governments, in the aggregate, or by the
private sector.
A written statement under UMRA is not required unless an agency has
published a notice of proposed rulemaking. See 2 U.S.C. 1532(a). In
addition, an action is exempt from UMRA if it is necessary for the
national security. See 2 U.S.C. 1503(5). As discussed in Section IV.A.
of this preamble, this rule is exempt from notice and comment
rulemaking procedures and is necessary for the national security.
Accordingly, the Departments have not prepared a written statement in
connection with this rule.
I. Paperwork Reduction Act
This rule contains information collection requirements subject to
review by the Office of Management and Budget under the Paperwork
Reduction Act of 1995, 44 U.S.C. 3501 et seq. The information
collections in this rule are the agency implementation policy, the
detection-and-warning policy, and the portal attestations under Sec.
124.6, feedback on the Authorized Technologies List and Authorized
Systems List described in Sec. 124.7, the C-UAS Operations Plan under
Sec. 124.8, the advance notification and notice of intent under
Sec. Sec. 124.9 and 124.10, the mutual aid documentation under Sec.
124.4, the real-time air traffic control notification under Sec.
124.11, the post-operation reports and semiannual operational summaries
under Sec. 124.13, the testing activities plan under Sec. 124.18, and
the recordkeeping, retention determination, and audit trail
requirements under Sec. 124.14.
The Departments estimate the burden of these collections as
follows, based on an expectation of approximately 1,500 detection-tier
and 150 mitigation-tier participating agencies within the first two
years.
Agency implementation policy: approximately 16 hours for a
mitigation-tier agency to adapt and adopt the model policy the
Departments will publish, including legal review.
Detection-and-warning policy: approximately 4 hours.
Portal attestation: approximately 15 minutes, renewed
annually.
Annual policy renewal: approximately 1 to 2 hours.
Feedback on the lists: approximately 5 minutes for 50
agencies.
C-UAS Operations Plan: for a mitigation operation,
approximately 3 hours per plan on the standardized form, and
approximately 1 hour for a renewal plan incorporating a prior plan by
reference; for a detection and warning operation, approximately 30
minutes per plan.
Advance notification, including the data elements
supporting FAA and FCC coordination: approximately 2 to 6 hours per
mitigation operation, varying with the number and complexity of RF-
emitting systems to be deployed, and expected to trend toward the lower
bound as the Authorized Systems List is populated with systems that
have completed system-level spectrum evaluation.
Notice of intent: approximately 30 minutes.
Mutual aid documentation: approximately 1 hour.
Post-operation report: approximately 45 minutes per
reportable event.
Semiannual operational summary: approximately 1 hour for a
detection-tier agency and 2 hours for a mitigation-tier agency.
Testing activities plan: approximately 2 hours.
Recordkeeping, retention determinations, and audit trail
maintenance: approximately 2 hours per year for a detection-tier agency
and, for a mitigation-tier agency, approximately 2 hours per year plus
approximately 1 hour per mitigation operation, or approximately 17
hours per year at the assumed operational tempo.
On these assumptions, and assuming on average 15 mitigation
operations per mitigation-tier agency per year and 50 detection and
warning operations per detection-tier agency per year, the aggregate
annual burden is approximately 65,000 to 80,000 hours across all
participating agencies, with a central estimate of approximately 72,000
hours, an average of roughly 33 hours per year for a detection-tier
agency and roughly 150 hours per year for a mitigation-tier agency.
Monetized respondent costs will be presented in the supporting
statement using loaded hourly compensation rates derived from Bureau of
Labor Statistics data for law enforcement and correctional personnel.
The Departments invite comment on
[[Page 41481]]
each of these estimates and assumptions.
The FBI and the Justice Management Division of the Department of
Justice will coordinate to finalize the information collection
analysis, prepare the supporting statement, and obtain an OMB control
number for these collections. The Departments invite comment on the
estimated burden of these collections and on ways to minimize that
burden.
J. National Environmental Policy Act
The Departments have analyzed this rule under the National
Environmental Policy Act of 1969 (``NEPA''), 42 U.S.C. 4321 et seq., as
amended by the Fiscal Responsibility Act of 2023, and under their
respective NEPA implementing procedures, including Department of
Homeland Security Directive 023-01 and Instruction Manual 023-01-001-01
and the Department of Justice procedures at 28 CFR part 61. This rule
establishes an administrative and procedural framework consisting of
training and certification requirements, agency policy and attestation
requirements, technology authorization by reference to interagency
lists, coordination and notification procedures, reporting, and privacy
protections. The rule does not authorize, fund, or direct the
construction of facilities, the acquisition or deployment of any
equipment, or any other physical activity, and it has no potential to
result in environmental effects. The rule therefore qualifies for
categorical exclusion under DHS categorical exclusion A3 (rules of a
strictly administrative or procedural nature and rules implementing
statutory requirements without substantive change), and the Departments
have determined that no extraordinary circumstances are present that
would warrant preparation of an environmental assessment or
environmental impact statement.
List of Subjects
6 CFR Part 124
Aircraft, Aviation safety, Critical infrastructure,
Intergovernmental relations, Investigations, Law enforcement officers,
Penalties, Privacy, Reporting and recordkeeping requirements, Security
measures, Seizures and forfeitures, Wiretapping and electronic
surveillance.
28 CFR Part 124
Aircraft, Aviation safety, Critical infrastructure,
Intergovernmental relations, Investigations, Law enforcement officers,
Penalties, Privacy, Reporting and recordkeeping requirements, Security
measures, Seizures and forfeitures, Wiretapping and electronic
surveillance.
DEPARTMENT OF HOMELAND SECURITY
0
Accordingly, for the reasons set forth in the preamble, title 6 of the
Code of Federal Regulations is amended by adding part 124 to read as
follows:
PART 124--COUNTER-UNMANNED AIRCRAFT SYSTEM AUTHORITY FOR STATE,
LOCAL, TRIBAL, AND TERRITORIAL LAW ENFORCEMENT AND CORRECTIONAL
AGENCIES
Sec.
124.1 Purpose and scope.
124.2 Definitions.
124.3 Scope of authority and mitigation standards.
124.4 Authorized personnel, contractors, and mutual aid.
124.5 Training and certification.
124.6 Agency implementation policy.
124.7 Authorized technologies.
124.8 C-UAS Operations Plan.
124.9 Advance coordination, notification, and authorization.
124.10 Interagency and lead-agency coordination.
124.11 Real-time air traffic control notification.
124.12 Detection and warning operations.
124.13 Post-operation reporting.
124.14 Privacy and civil liberties.
124.15 Protection of sensitive operational information.
124.16 Compliance and enforcement.
124.17 Confiscation and forfeiture.
124.18 Activities for evaluation, testing, training, and pre-
operational validation.
124.19 Task force arrangements and Federal support.
124.20 Construction.
124.21 Termination.
124.22 Severability.
Authority: 5 U.S.C. 301; 6 U.S.C. 124n, as amended by the SAFER
SKIES Act (Division H, Title LXXXVI of the National Defense
Authorization Act for Fiscal Year 2026, Pub. L. 119-60, sec. 8601-
8607, 139 Stat. 718, 1938-45 (2025)).
Sec. 124.1 Purpose and scope.
(a) Purpose. This part implements the authority of the Secretary of
Homeland Security and the Attorney General to develop the governance
framework for the exercise of all counter-unmanned aircraft system (C-
UAS) actions by State, local, Tribal, and territorial (SLTT) law
enforcement and correctional agencies and their personnel under 6
U.S.C. 124n(a)(2), as amended by the SAFER SKIES Act. The purpose of
actions taken under this authority is to detect, identify, monitor,
track, warn, and, if necessary, mitigate credible threats posed by
unmanned aircraft or unmanned aircraft systems (UAS) to the safety or
security of people, facilities, or assets; a venue or set of venues
used for large-scale public gatherings or events; critical
infrastructure; or a correctional facility.
(b) Scope. This part applies to all SLTT law enforcement and
correctional agencies, and their personnel seeking to exercise or
exercising authority under 6 U.S.C. 124n(a)(2). This part does not
govern Federal agency operations under 6 U.S.C. 124n(a)(1), nor
deputized SLTT personnel conducting C-UAS as part of an FBI C-UAS task
force, which are subject to separate policies and guidance. An SLTT law
enforcement or correctional agency that conducts only detection and
warning operations using systems the operation of which requires the
authority of the Act or the relief it provides from certain laws is
subject principally to the Detection and Warning Certification
requirement of Sec. 124.5(c), the detection and warning policy
provisions of Sec. 124.6(g), the authorized technology requirements of
Sec. 124.7, the C-UAS Operations Plan requirement of Sec. 124.8, the
operational conditions of Sec. 124.12, and the privacy and data
handling requirements of Sec. 124.14.
(c) Relationship to other laws. As provided in 6 U.S.C. 124n(a)(2),
actions taken by SLTT law enforcement and correctional agencies and
their personnel in compliance with this part may be taken
notwithstanding section 46502 of title 49, United States Code, and
sections 32, 1030, and 1367 and chapters 119 and 206 of title 18,
United States Code, and notwithstanding the laws of any particular
State, local, Tribal, or territorial jurisdiction. Nothing in this part
vests in the Secretary of Homeland Security or the Attorney General any
authority of the Secretary of Transportation or the Administrator of
the Federal Aviation Administration.
(d) Comprehensive framework. This part establishes the complete
framework governing the exercise of authority under 6 U.S.C.
124n(a)(2), including the training and certification procedures
required by 6 U.S.C. 124n(d)(2)(A) and the guidance required by 6
U.S.C. 124n(d)(1) on the matters this part addresses. An SLTT law
enforcement or correctional agency and its personnel exercising
authority under 6 U.S.C. 124n(a)(2) must conduct operations in
accordance with this part. The Attorney General, the Secretary of
Homeland Security, the Secretary of Transportation, and the
Administrator of the Federal Aviation Administration may issue forms,
templates, curricula, and other implementing materials under this part
to the extent consistent with
[[Page 41482]]
law. Where any implementing material addresses a matter also addressed
by this part, this part controls. Nothing in this part limits the
authority of the Secretary of Homeland Security, the Attorney General,
or the Secretary of Transportation to issue guidance under 6 U.S.C.
124n(d)(1) in their respective areas.
(e) Parallel regulations. Consistent with section 8606(a)(1) of the
Act, identical implementing regulations appear at 6 CFR part 124 and 28
CFR part 124. The Department of Homeland Security and Department of
Justice administer and interpret their respective regulations with
respect to their own programs, activities, and solely held authorities.
Any description in these regulations of the other Department's
programs, activities, or solely held authorities is provided for
context and does not itself govern the other Department's exercise of
its statutory authorities.
Sec. 124.2 Definitions.
As used in this part:
Agency accreditation means an agency's eligibility to exercise
authority under this part, established when the agency has adopted the
implementation policy and completed the portal attestation required by
Sec. 124.6(d), deploys only systems within categories on the
Authorized Technologies List and, where populated, on the Authorized
Systems List, and ensures that its personnel hold the certifications
required for the authorities exercised.
Agency Approving Official means the senior official designated by
an SLTT law enforcement or correctional agency in its implementation
policy under Sec. 124.6(a)(1), or in its detection and warning policy
under Sec. 124.6(g), authorized to approve C-UAS operations on behalf
of the agency. The Agency Approving Official must not be below the rank
of a Senior Executive or Senior Official or its equivalent, except that
for an agency in which no equivalent rank exists, the agency head or
the agency head's designee may serve as Agency Approving Official. The
Agency Approving Official may not serve as a mitigation operator for an
operation that official has approved.
Authorized Systems List means the subset of the Authorized
Technologies List that identifies specific systems--including make,
model, and hardware version--that have been authorized for operational
use within one or more technology categories on the Authorized
Technologies List. The Authorized Systems List is populated on a phased
basis. As systems complete interagency assessment, systems may be added
to the Authorized Systems List with appropriate operational limitations
based on the approved capabilities, functions, and hardware version of
the system.
Authorized Technologies List means the list of authorized
technology categories for C-UAS operations by SLTT law enforcement and
correctional agencies, maintained jointly by the Department of Justice,
the Department of Homeland Security, the Department of Defense, the
Department of Transportation and Federal Aviation Administration, the
Federal Communications Commission, and the National Telecommunications
and Information Administration, consistent with 6 U.S.C.
124n(d)(2)(A)(iii) and section 8606(a)(4) of the SAFER SKIES Act.
Control communications means any wire, oral, or electronic
communication used to navigate, command, or otherwise control a UAS or
unmanned aircraft, including telemetry transmitted from the aircraft to
its operator, command-and-control signals transmitted from the operator
to the aircraft, and any video, audio, or other data stream used by the
operator to navigate the aircraft when other navigation telemetry is
unavailable or insufficient. The operational role of a communication,
rather than its packet type or transmission frequency, determines
whether it is a control communication. Whether a communication is a
control communication is determined when captured material is processed
under Sec. 124.14 and does not require an operator to determine in
real time whether a particular video, audio, or data stream is being
used to navigate the aircraft. Control communications also include a
UAS unique identifier (such as a manufacturer device identifier or
serial-correlated number), the operator or take-off location of the
UAS, and the location, velocity, and emergency status of the UAS when
that information is acquired by intercepting a communication from an
unmanned aircraft or unmanned aircraft system pursuant to the relief
provided by 6 U.S.C. 124n. The same information is not a control
communication when it is obtainable without that relief.
Correctional agency has the meaning given in section 8606(c)(2) of
the SAFER SKIES Act.
Correctional facility has the meaning given in 6 U.S.C. 124n(l)(9).
Credible threat means a threat that, based on the totality of
circumstances known to the operator at the time of the determination,
would cause a reasonable person in the operator's position, considering
the operator's training and experience, to conclude that a UAS or
unmanned aircraft poses an articulable risk to the safety or security
of people, a facility, or an asset; a venue or set of venues used for
large-scale public gatherings or events; critical infrastructure; or a
correctional facility.
(1) A credible threat may be based on, but is not limited to:
(i) Specific intelligence, including information from law
enforcement databases, threat assessments, or intelligence community
products;
(ii) Behavioral indicators, including operation in airspace in
which UAS operations have been restricted or prohibited by the Federal
Aviation Administration, operation not in compliance with Federal
Aviation Administration's flight requirements, approach toward a
protected interest, failure to respond to warnings, or evasive
maneuvering inconsistent with normal flight operations;
(iii) Payload or physical configuration indicators, including
observed attachments, modifications, or configurations inconsistent
with ordinary recreational or commercial UAS use that suggest
capability to cause harm or to deliver prohibited items;
(iv) Unauthorized surveillance or reconnaissance of a protected
interest that by law is protected from such activities, or interference
with the operational mission of a protected interest;
(v) Indications that the UAS is being used to gain unauthorized
access to, or to disclose, classified, law enforcement sensitive, or
otherwise lawfully protected information; or
(vi) Pattern-based indicators, including repeated unauthorized UAS
activity at a specific location (such as repeat incursions of national
defense airspace in violation of 49 U.S.C. 46307), which may inform but
do not independently satisfy the credible threat standard.
(2) A credible threat determination rests on the totality of the
circumstances. A single indicator may establish a credible threat where
it is sufficiently probative. For mitigation actions under 6 U.S.C.
124n(b)(1)(C), (D), and (F), the determination must be supported by a
contemporaneous indicator that the specific unmanned aircraft system or
unmanned aircraft at issue poses a current, articulable risk if
unabated. For detection and warning actions under 6 U.S.C.
124n(b)(1)(A) and (B), a credible threat determination may also be
supported by a reasonable basis to anticipate that one or more unmanned
aircraft systems or
[[Page 41483]]
unmanned aircraft poses an articulable risk. Activity protected by the
First Amendment to the Constitution of the United States may not be
considered in making a credible threat determination.
Critical infrastructure has the meaning given in subsection (e) of
the Critical Infrastructures Protection Act of 2001 (Pub. L. 107-56,
sec. 1016, 115 Stat. 272, 400-02 (codified at 42 U.S.C. 5195c)), as
referenced in 6 U.S.C. 124n(l)(10).
Data purge verification means documented confirmation that records
subject to purge have been deleted from all systems on which they were
stored. Verification may be performed through an automated system,
supervisory review, or other documented confirmation process, and must
be recorded in the audit trail required by Sec. 124.14.
Designated Federal C-UAS coordination portal means the electronic
submission system designated by the Attorney General and Secretary of
Homeland Security for advance notifications, notices of intent, C-UAS
Operations Plans, mitigation notifications, post-operation reports, and
other submissions required by this part.
Detection and Warning Certification means certification that
personnel have successfully completed the online detection and warning
training curriculum developed and maintained through the National
Counter-UAS Training Center (NCUTC) and passed the post-course
assessment. A Detection and Warning Certification authorizes the holder
to exercise the authorities described in 6 U.S.C. 124n(b)(1)(A), (B),
and (E). The certification is issued automatically through the NCUTC
training portal upon successful completion of the curriculum and
assessment and recorded in the NCUTC certification database.
Detection and warning operations means operations conducted using
systems the operation of which requires the authority of, or relief
from certain laws under, 6 U.S.C. 124n and involve only the actions
described in 6 U.S.C. 124n(b)(1)(A) and (B). Detection and warning
activity conducted using systems that do not require the authority of 6
U.S.C. 124n (including, for example, electro-optical, infrared,
acoustic sensors, and radar) is not subject to this part. Operation of
RF-emitting C-UAS systems remains subject to applicable Federal
Communications Commission authorization requirements and Federal
Aviation Administration coordination if such emission could impact the
National Airspace System or other systems located at or near airports.
Detection system means a system or technology used to take an
action described in 6 U.S.C. 124n(b)(1)(A) or (B)--that is, to detect,
identify, monitor, or track a UAS or unmanned aircraft, or to warn its
operator, and that has no capability enabled to disrupt or seize
control of, or disable, damage, or destroy a UAS or unmanned aircraft.
FAA-designated coordination mechanism means the program, office, or
process designated by the Administrator of the Federal Aviation
Administration for the coordination of C-UAS operations that might
affect aviation safety, civilian aviation and aerospace operations,
aircraft airworthiness, or the use of the airspace.
Hazardous Devices School means the schoolhouse operated by the
Federal Bureau of Investigation at which public safety bomb technicians
are certified and recertified in accordance with the National
Guidelines for Bomb Technicians, or any successor publication.
Mitigation action means an action described in 6 U.S.C.
124n(b)(1)(C), (D), or (F). Detection and warning, described in 6
U.S.C. 124n(b)(1)(A) and (B), are not mitigation actions.
Mitigation Certification means certification issued by the National
Counter-UAS Training Center upon successful completion of the NCUTC
mitigation training course or a successor course approved by the
Attorney General acting through the Director of the Federal Bureau of
Investigation, authorizing the holder to exercise the authorities
described in 6 U.S.C. 124n(b)(1)(C), (D), and (F), to the extent
consistent with this part and applicable laws, using authorized
technologies within the mitigation technology categories covered by the
approved mitigation courses the holder has completed. A current
Detection and Warning Certification is a prerequisite for obtaining and
maintaining a Mitigation Certification.
Mitigation operation means an operation in which a mitigation
system is deployed for the purpose of taking an action described in 6
U.S.C. 124n(b)(1)(C), (D), or (F), including disrupting, seizing, or
exercising control of, or using reasonable force, if necessary, to
disable, damage, or destroy a UAS or unmanned aircraft, whether or not
a mitigation action is taken during the operation. A mitigation
operation may include elements of detection and warning operations.
Mitigation system means a system or technology used or capable of
being employed to take an action described in 6 U.S.C. 124n(b)(1)(C),
(D), or (F), including disrupting, seizing or exercising control of, or
using force to disable, damage, or destroy a UAS or unmanned aircraft.
A system with both detection and mitigation capability is a mitigation
system while its mitigation capability is enabled.
National Counter-UAS Training Center (NCUTC) means the national
schoolhouse operated by the Federal Bureau of Investigation and
designated by the Attorney General, acting through the Director of the
Federal Bureau of Investigation, as the national training center for
purposes of 6 U.S.C. 124n and as the sole certifying authority for SLTT
C-UAS mitigation operators under 6 U.S.C. 124n(d)(2)(A)(i).
Pattern data means a derived data product reflecting aggregated
trends, frequencies, or statistical observations of UAS activity across
multiple C-UAS operations that has met the anonymization standards
established by the agency's implementation policy and contains no
information identifying any specific aircraft, operator, or natural
person.
Personnel means officers and employees with assigned duties that
include the security or protection of people, facilities, or assets of
SLTT law enforcement and correctional agencies, as defined in 6 U.S.C.
124n(a)(2) and (l)(6)(B). This term does not include contractors of
SLTT law enforcement and correctional agencies.
Raw sensor data means unprocessed or minimally processed data
generated by C-UAS detection or mitigation systems, including radio
frequency signal captures, waveform recordings, radar returns, optical
and infrared imagery, acoustic signatures, full sensor logs, and system
telemetry. Whether a particular item of raw sensor data constitutes a
control communication, and is therefore a record of communications
subject to the retention limit of Sec. 124.14, is determined by its
function.
RF-emitting C-UAS system means any C-UAS system that, when employed
for detection or mitigation purposes, actively transmits radio
frequency energy to detect, disrupt, disable, or seize control of a UAS
or unmanned aircraft. This includes systems employing technologies for
detection-only purposes, such as radars that transmit radio frequency
signals, that may require a radiolocation service license to be issued
from the Federal Communications Commission, and mitigation systems that
employ radio frequency jamming (broadband or protocol-specific
disruption of command-and-control links, video
[[Page 41484]]
downlinks, or navigation signals) and radio frequency protocol
manipulation (command injection or cyber takeover of control signals).
SLTT law enforcement agency has the meaning given in section
8606(c)(1) of the SAFER SKIES Act.
Special Event Assessment Rating means a rating assigned to an event
under the special event assessment process administered by the
Department of Homeland Security, or the equivalent rating under any
successor event rating system.
Sec. 124.3 Scope of authority and mitigation standards.
(a) Scope of authority. An SLTT law enforcement or correctional
agency exercising authority under 6 U.S.C. 124n(a)(2) may take actions
described in 6 U.S.C. 124n(b)(1), which generally include detection,
warning, and mitigation, that are necessary to address or eliminate a
credible threat that a UAS or unmanned aircraft poses to the safety or
security of people, a facility, or an asset; a venue or set of venues
used for large-scale public gatherings or events; critical
infrastructure; or a correctional facility. These statutory categories
are functional and are not a prescribed list of property types. The
determination of whether a specific property falls within these
categories is made by the agency's Agency Approving Official,
consistent with this part and 6 U.S.C. 124n. No ``covered facility or
asset'' designation under 6 U.S.C. 124n(l)(3) is required for SLTT law
enforcement or correctional agency operations; however, a risk-based
assessment is required as part of the Operations Plan, as outlined in
Sec. 124.8. Whether the property falls within a section 124n(a)(2)
category is a separate question from the credible threat determination.
The credible threat determination required by paragraph (b) of this
section must be made before any mitigation action.
(b) Credible threat determination for mitigation actions. Before
taking any mitigation action, personnel must reasonably determine,
under the totality of the circumstances, that a credible threat exists,
as defined in Sec. 124.2. The determination must be made in real time
by the certified and trained personnel closest to the operational
situation and documented as part of the post-operation report required
by Sec. 124.13. An established pattern of unauthorized UAS activity at
a specific location is relevant to the totality of the circumstances
and may, in combination with a contemporaneous indicator--including,
for example, a new detection event at the same location during a period
consistent with the established pattern--support a credible threat
determination. A contemporaneous indicator need not independently
establish a threat. Considered with the totality of the circumstances,
which may include an established pattern of unauthorized UAS activity,
an intelligence indicator, or other contextual information, the
contemporaneous indicator must provide a present-tense basis for
concluding that the specific aircraft at issue poses a current risk.
This operational standard governs individual mitigation decisions by
authorized personnel in the application of reasonable force under the
totality of the circumstances and does not limit the information or
analysis that may be considered at the approval level in determining
whether to authorize a C-UAS operation for a specific event or
facility.
(c) Proportionality. Mitigation actions must be proportionate to
the credible threat identified. Personnel must employ the least
disruptive effective means of mitigation available under the totality
of the circumstances. If equipment is available and time permits, a
warning to the remote pilot-in-command should precede any mitigation
action. Before taking any mitigation action that may result in the
disabling, damage, or destruction of an unmanned aircraft, personnel
must consider whether the threat posed by the UAS outweighs the risk of
collateral harm to public safety. A mitigation action that creates a
greater risk to public safety than the threat it is intended to address
is not proportionate and must not be taken. Where a non-mitigation
measure is sufficient to eliminate the threat, seizure or destruction
of the aircraft should be avoided when feasible. The risk of collateral
harm to public safety includes the risk of falling debris, damage to
persons or property on the ground, disruption to communications
systems, and risks to aviation safety, civilian aviation and aerospace
operations, aircraft airworthiness, or the use of the airspace.
(d) Protective purpose limitation. The authority of 6 U.S.C.
124n(a)(2) is limited to the protection of people, facilities, and
assets; a venue or set of venues used for large-scale public gatherings
or events; critical infrastructure; and correctional facilities from
credible threats posed by unmanned aircraft and UAS. C-UAS authority
under this part may not be exercised for the sole purpose of collecting
evidence for criminal prosecution or as a substitute for the authority
provided by chapter 119 or 206 of title 18, United States Code.
Evidence obtained incidental to lawful protective C-UAS operations may
be used in subsequent criminal proceedings consistent with applicable
law.
(e) Mitigation operator requirement. (1) The person who takes a
mitigation action, including activating an RF-emitting system,
executing a cyber-based takeover, or otherwise causing a C-UAS system
to affect or otherwise impact the flight, control, or communications of
a UAS or unmanned aircraft, must hold a current Mitigation
Certification covering the technology category being employed, and must
possess a valid 14 CFR part 107 remote pilot certificate. This
requirement is not satisfied by supervision of an uncertified person by
a certified operator; the certified operator must be the individual who
directly executes the mitigation command or function.
(2) Support functions that do not involve the initiation of
mitigation actions, such as detection system monitoring, threat triage
and prioritization, ground intercept team dispatch, communications, and
administrative functions, do not require Mitigation Certification, but
must be performed by personnel trained in accordance with the agency's
implementation policy and, where the support function involves
operation of systems requiring the authority of 6 U.S.C. 124n(a)(2) or
the relief it provides from certain laws, by personnel holding a
current Detection and Warning Certification.
(3) For operations involving multiple personnel performing distinct
roles, the agency's implementation policy must define the roles and
responsibilities of each position, identify which positions require
Mitigation Certification, and which require Detection and Warning
Certification only, and establish the communication and concurrence
procedures between the mitigation operator and other personnel.
(f) Independent professional judgment. (1) The certified mitigation
operator retains independent professional judgment on whether to
initiate a mitigation action.
(2) A supervisor, commander, or other official, regardless of rank,
may provide operational direction, tactical context, and coordination
guidance to the operator, and may direct the operator to withhold or
cease mitigation when broader operational considerations warrant.
(3) A supervisor, commander, or other official may not direct a
certified operator to initiate a mitigation action when the operator
has determined that
[[Page 41485]]
the credible threat standard is not met or that the proportionality
requirement of paragraph (c) of this section is not satisfied.
(4) The agency's implementation policy must address the chain of
command for mitigation decisions and must make clear that non-certified
personnel, regardless of rank, may not direct mitigation actions that
override the certified operator's professional judgment on whether the
conditions for mitigation are present.
(5) An operator who declines to initiate mitigation based on a
good-faith professional determination that the conditions for
mitigation are not met may not be subjected to adverse employment
action for that decision.
(g) Airspace awareness. (1) For operations where known authorized
manned or unmanned aviation is operating or anticipated in or near the
area of operations, the agency's implementation policy or C-UAS
Operations Plan must designate a person or position responsible for
maintaining real-time awareness of known authorized aviation within the
operational area and for ensuring that this information is communicated
to personnel authorized to initiate mitigation actions before any
mitigation is executed. For purposes of this paragraph, known
authorized aviation means any manned or unmanned aircraft that has been
identified in the C-UAS Operations Plan, communicated to the C-UAS team
during the operation, or otherwise confirmed as lawfully operating in
or near the area of operations. The designated person, or the
individual filling the designated position, must have the ability to
communicate directly with the mitigation operator. No mitigation action
may be initiated without reasonable efforts to confirm that the target
is not a known authorized aircraft.
(2) The scope and formality of this role must be commensurate with
the complexity of the aviation environment. For operations with minimal
or no known authorized aviation, this role may be performed as an
additional duty by the certified operator or other command post
personnel; for operations with significant aviation activity, the
agency must designate a dedicated individual with airspace awareness
and coordination responsibilities. When a target cannot be correlated
with any known, authorized aircraft and meets the credible threat
standard, mitigation may proceed.
Sec. 124.4 Authorized personnel, contractors, and mutual aid.
(a) Officers and employees. The authority provided by 6 U.S.C.
124n(a)(2) may be exercised only by SLTT law enforcement or
correctional agency personnel. No SLTT law enforcement or correctional
agency may delegate or transfer the exercise of C-UAS mitigation
authority to any person or entity that is not an officer or employee of
the agency.
(b) Prohibition on contractor exercise. Contractors may provide
technical support, system maintenance, and training assistance, but may
not operate C-UAS mitigation systems, make credible threat
determinations, or execute mitigation actions. An arrangement in which
a contractor exercises de facto operational control of a C-UAS
mitigation system during an operation, including an arrangement
described as a turnkey, managed service, or operator-provided C-UAS
service, constitutes an unauthorized delegation of authority and is
grounds for suspension of accreditation or certification under Sec.
124.5(i). Detection services that do not require the authority of the
Act or the relief it provides from certain laws may be provided by
contractors.
(c) Mutual aid and regional C-UAS support. (1) An SLTT law
enforcement or correctional agency accredited under 6 U.S.C. 124n(d)(2)
may provide C-UAS support to another SLTT law enforcement or
correctional agency, including an agency that is not accredited under
this part, under a mutual aid agreement, memorandum of understanding,
request for assistance, task force arrangement, or other written
arrangement authorized by applicable State, local, Tribal, or
territorial law.
(2) When the requesting or host agency is not accredited under 6
U.S.C. 124n(d)(2), the accredited agency providing C-UAS support is the
C-UAS operating agency for purposes of this part and is responsible for
compliance with the applicable requirements of this part.
(3) Personnel of a non-accredited requesting or host agency may
support the operation through ordinary law enforcement, correctional,
public safety, evidence-handling, perimeter-security, ground-intercept,
evacuation, traffic-control, or incident-command functions. Such
personnel may not exercise C-UAS authority under 6 U.S.C. 124n(a)(2),
operate systems whose operation requires the authority of or relief
from certain laws under 6 U.S.C. 124n, make a credible-threat
determination, or initiate any mitigation action, unless those
personnel independently satisfy the requirements of this part, hold the
applicable certification under Sec. 124.5, and are expressly
designated in the accredited C-UAS operating agency's C-UAS Operations
Plan to perform that function. Personnel so designated operate under
that agency's implementation policy, Agency Approving Official
approval, supervision, and compliance responsibility. An individual
certification does not, by itself, authorize personnel to exercise 6
U.S.C. 124n(a)(2) authority, and this designation must be established
in advance through the C-UAS Operations Plan and the mutual-aid
arrangement under paragraph (c)(4) of this section.
(4) The written mutual aid arrangement must identify the requesting
or host agency, the accredited agency providing C-UAS support, the
legal basis for the accredited agency's personnel to operate in the
host jurisdiction, the allocation of operational responsibilities, and
the handling of C-UAS-derived information consistent with Sec. Sec.
124.14 and 124.15.
(5) For multi-jurisdictional operations, the participating agencies
must identify a lead C-UAS agency for tactical C-UAS coordination. The
lead C-UAS agency must be an accredited agency unless the operation is
conducted under Federal authority pursuant to Sec. 124.19. A non-
accredited requesting or host agency may serve as the lead public
safety, law enforcement, correctional, or incident-command agency for
the overall event or incident, but may not serve as the lead C-UAS
agency unless accredited under this part.
(6) An accredited agency may enter into standing regional, county,
statewide, or other multi-jurisdictional arrangements to provide
recurring or on-call C-UAS support to non-accredited agencies. A
standing arrangement does not itself authorize a mitigation operation;
each mitigation operation remains subject to the applicable
requirements of this part.
(7) Nothing in this part requires a small, rural, or otherwise
resource-limited SLTT law enforcement or correctional agency to acquire
C-UAS equipment, obtain accreditation, or establish an independent C-
UAS program in order to receive C-UAS support from an accredited
agency.
(d) Anti-circumvention. (1) No SLTT law enforcement or correctional
agency, officer, employee, contractor, vendor, or other person may
structure or use a mutual aid, regional support, managed-service,
technical-support, or other
[[Page 41486]]
arrangement to evade the requirements of this part.
(2) Prohibited circumvention includes using an accredited agency as
a nominal sponsor while a non-accredited agency, contractor, vendor, or
other entity exercises de facto operational control of C-UAS activity
requiring the authority of or relief from certain laws under 6 U.S.C.
124n; allowing personnel who lack the certifications required by Sec.
124.5 to exercise C-UAS authority; using systems outside the
requirements of Sec. 124.7; avoiding the coordination, reporting,
privacy, sensitive-information, or compliance requirements of this
part; or acquiring third-party intercepted communications in a manner
inconsistent with Sec. 124.14(i).
(3) A mutual aid, regional support, statewide support, county
support, or multi-jurisdictional C-UAS arrangement is not circumvention
merely because the requesting or host agency is not accredited,
provided that the C-UAS operating agency is accredited, the personnel
exercising C-UAS authority hold the required certifications, and the
operation is conducted in compliance with this part.
Sec. 124.5 Training and certification.
(a) Training and certification structure. This section establishes
the training and certification structure implementing the requirements
of 6 U.S.C. 124n(d)(2)(A). Detection and Warning Certification governs
training for detection and warning operations under 6 U.S.C.
124n(b)(1)(A) and (B). Mitigation Certification governs training and
certification for mitigation operations under 6 U.S.C. 124n(b)(1)(C),
(D), and (F). A current Detection and Warning Certification is a
prerequisite both for initial enrollment in the mitigation training
course and for mitigation recertification.
(b) Agency implementation policy. Before conducting any operations
under this part, an SLTT law enforcement or correctional agency must
adopt an agency implementation policy or detection and warning policy
and complete the portal attestation in accordance with Sec. 124.6, and
must authorize each operation by a C-UAS Operations Plan in accordance
with Sec. 124.8, consistent with the other requirements and
obligations of this part and applicable laws and policies.
(c) Detection and Warning Certification. The Attorney General,
acting through the Director of the Federal Bureau of Investigation,
will develop and maintain through the NCUTC an online training
curriculum for detection and warning operations, accessible through a
secure web-based training portal. The curriculum includes the
confiscation authority of 6 U.S.C. 124n(b)(1)(E), evidence
preservation, and chain of custody. Only those personnel who have
completed the curriculum and passed the post-course assessment may
exercise the authorities described in 6 U.S.C. 124n(b)(1)(A), (B), and
(E). Upon successful completion, the NCUTC training portal
automatically issues a Detection and Warning Certification. Detection
and Warning Certification is issued only by the NCUTC, and detection
and warning training or certification obtained from another agency or a
private entity does not satisfy this requirement. Detection and warning
activity conducted using systems that do not require the authority of 6
U.S.C. 124n is not subject to this requirement. Upon successful
completion, the training portal records the individual's name, agency,
date of completion, and certification status in the NCUTC certification
database, which is the system of record for all certifications issued
under this section. Each agency must maintain a roster of its certified
personnel drawn from the NCUTC certification database and must verify
the certification status of personnel assigned to C-UAS operations.
Vendor-specific and system-level operator training is the
responsibility of each agency through its own training procedures and
is not part of the detection and warning curriculum.
(d) Mitigation training and certification. (1) The Attorney
General, acting through the Director of the Federal Bureau of
Investigation, designates the NCUTC as the national schoolhouse and
sole certifying authority for personnel exercising mitigation
authorities under 6 U.S.C. 124n(b)(1)(C), (D), and (F), as required by
6 U.S.C. 124n(d)(2)(A)(i). Only personnel who hold a valid Mitigation
Certification may exercise these authorities. The NCUTC mitigation
training program consists of the mitigation training course and such
advanced and supplemental courses as the Attorney General, acting
through the Director of the Federal Bureau of Investigation, approves.
Each course is evaluated on a pass or fail basis and requires
demonstrated proficiency in each mitigation technology category it
covers; a person who does not demonstrate proficiency in each category
does not pass that course. A person obtains Mitigation Certification by
passing the mitigation training course and may extend the scope of that
certification to additional mitigation technology categories by passing
an advanced or supplemental course covering those additional
categories. Failure to pass a particular advanced or supplemental
course does not affect the scope of a certification already held.
(2) A person who holds a current Mitigation Certification under
this paragraph (d) may conduct mitigation operations at a correctional
facility. An abbreviated Correctional Mitigation Certification, limited
to correctional-facility operations, is available for personnel who
will operate only at correctional facilities.
(3) The mitigation training course under this paragraph is
delivered at the NCUTC. The Attorney General, acting through the
Director of the Federal Bureau of Investigation, may authorize the
Federal Law Enforcement Training Centers or another qualified Federal
training provider to deliver the mitigation training course at one or
more additional sites, provided the NCUTC retains approval authority
over curriculum and standards, exercises oversight of the delivery, and
issues all certifications upon verified completion. Any such
authorization is at the sole discretion of the Attorney General, acting
through the Director, confers no entitlement on any agency or training
provider, and may be modified or withdrawn at any time.
(e) Correctional mitigation training and certification. The NCUTC
offers an abbreviated Correctional Mitigation Certification for
personnel who will conduct mitigation operations only at correctional
facilities. The correctional course of instruction is shorter than the
mitigation training course under paragraph (d) of this section because
the fixed perimeter and persistent-threat environment of a correctional
facility reduce the operational setup and mission-planning instruction
required. The correctional course of instruction addresses the
persistent-threat environment, perimeter operations, and the legal and
safety considerations of correctional settings. A person who holds only
the Correctional Mitigation Certification may conduct mitigation
operations at a correctional facility but may not conduct other
mitigation operations under this part. The NCUTC may arrange for the
Federal Law Enforcement Training Centers or another qualified training
provider to deliver the correctional curriculum, provided the NCUTC
retains approval authority over curriculum and standards, exercises
oversight of the delivery, and issues all certifications upon verified
completion.
(f) Training standards. The mitigation training course, as
administered by the
[[Page 41487]]
NCUTC, will include instruction on the legal, operational, and
technological aspects of C-UAS operations as required by section
8606(b)(1) of the SAFER SKIES Act, including FAA coordination and
airspace procedures, spectrum coordination requirements, real-time air
traffic control notification procedures, FBI and DHS notification
requirements, and the operational use of authorized mitigation
technologies. The Attorney General, in coordination with the Secretary
of Homeland Security, the Secretary of Defense, the Secretary of
Transportation, and the Administrator of the Federal Aviation
Administration, will approve training program standards and may approve
additional courses of instruction for specialized C-UAS operations. The
mitigation training course must include scenario-based instruction on
the application of the credible threat standard.
(g) Eligible personnel. Personnel eligible for Mitigation
Certification or Detection and Warning Certification must have assigned
duties that include the security or protection of people, facilities,
or assets, as specified in 6 U.S.C. 124n(a)(2), and must be officers or
employees of an SLTT law enforcement or correctional agency accredited
by the Attorney General acting through the Director of the Federal
Bureau of Investigation. The NCUTC, under the authority of the Attorney
General, may establish additional attendance prerequisites.
(h) Sufficiency of certification. Successful completion of the
applicable training requirement, combined with the use of systems
within technology categories on the Authorized Technologies List and
specific systems on the Authorized Systems List where populated, and
compliance with the requirements of this part, satisfies the training
and certification prerequisites of 6 U.S.C. 124n(d)(2)(A) for the
exercise of the corresponding authorities under 6 U.S.C. 124n(a)(2).
(i) Suspension. The Attorney General, acting through the Director
of the Federal Bureau of Investigation or the Director's designee, may
suspend the Mitigation Certification or Detection and Warning
Certification of any individual, or the accreditation of any SLTT law
enforcement or correctional agency, for failure to comply with the
requirements of this part, violation of the conditions of
certification, or for any conduct that demonstrates unfitness to
exercise C-UAS authority. Suspension of a certification or
accreditation under this section is distinct from suspension of C-UAS
authority by the Attorney General or the Secretary of Homeland Security
under section 8605(f) of the SAFER SKIES Act, which is addressed in
Sec. 124.16. Neither a suspension of certification under this section
nor an enforcement action against an individual under section 8605(f)
of the SAFER SKIES Act prevents or bars the responsible agency from
taking any additional actions it deems necessary to address the
circumstances that led to suspension or enforcement action by the
Attorney General or designee.
(j) Suspension notice. A suspension will be communicated in writing
and will specify the basis for the action and any available remedial
steps. The suspension notice must include the factual basis for the
action in sufficient detail to enable the affected individual or agency
to respond. In exigent circumstances, the Director of the Federal
Bureau of Investigation or the Director's designee may immediately
suspend a certification or accreditation pending administrative review
without the requisite written notice when continued exercise of C-UAS
authority poses a risk to aviation safety, public safety, or national
security. In such cases, the Director or the Director's designee must
provide the requisite notice within 3 days of the suspension.
(k) Administrative review. An individual or agency that receives a
suspension notice may request administrative review within 30 calendar
days of receipt. The Attorney General, acting through the Director of
the Federal Bureau of Investigation, will designate a reviewing
official of the Department of Justice who did not participate in or
supervise the initial decision. The affected party may submit
documentary evidence and written witness statements in support of its
response. The reviewing official will consider the written submissions
of both parties, may conduct an informal hearing at the reviewing
official's discretion, and will issue a written determination within 60
calendar days of receipt of the request, stating the factual findings
and the basis for the determination. The reviewing official may affirm
the action, modify its terms, impose conditions for reinstatement, or
reverse the action. A suspension that is affirmed remains in effect
until reinstatement under paragraph (m) of this section or the
expiration of the suspended certification or accreditation, whichever
occurs first.
(l) Conditions. The Attorney General, acting through the Director
of the Federal Bureau of Investigation, may issue a certification or
accreditation subject to conditions, and may modify the conditions of a
certification or accreditation, consistent with the standards and
procedures applicable to suspension under this section.
(m) Reinstatement. An individual or agency whose certification or
accreditation has been suspended may apply for reinstatement after
completing the remedial steps specified in the suspension notice or the
reviewing official's determination. An individual Mitigation
Certification may alternatively be reinstated upon the successful
recompletion of the full mitigation training course.
(n) Transition for previously trained personnel. Personnel holding
a Mitigation Certification issued by the NCUTC before the effective
date of this part must complete the detection and warning curriculum
under paragraph (c) of this section by September 29, 2026. During that
period, the Mitigation Certification remains valid, and the Detection
and Warning Certification prerequisite for Mitigation Certification is
deemed satisfied. An agency's accreditation is not affected while its
personnel complete the curriculum during the transition period.
Sec. 124.6 Agency implementation policy.
(a) Requirement. Before conducting any operations under this part,
each SLTT law enforcement or correctional agency must adopt and
maintain an agency implementation policy governing the exercise of
authority under 6 U.S.C. 124n(a)(2). The agency implementation policy
is comprehensive. It governs all operations the agency conducts under
this part, including detection and warning operations, and it addresses
the detection and warning matters listed in paragraph (g) of this
section. An agency that adopts and maintains an agency implementation
policy under this paragraph is not required to adopt a separate policy
under paragraph (g) of this section. An agency that conducts only
detection and warning operations may instead adopt the abbreviated
policy under paragraph (g) of this section. The agency implementation
policy must, at a minimum:
(1) Designate an Agency Approving Official meeting the requirements
of Sec. 124.2;
(2) Designate the personnel authorized to exercise C-UAS authority
and describe the recurrent training requirements applicable to such
personnel;
(3) Establish procedures consistent with Sec. 124.14 for the
handling, retention, and dissemination of data acquired during C-UAS
operations, including written anonymization standards specifying the
aggregation thresholds, identifier suppression, and
[[Page 41488]]
re-identification risk assessment used to qualify a data product as
pattern data;
(4) Include provisions for public notification regarding the
potential use of C-UAS authority within the agency's jurisdiction;
(5) Ensure compliance with the requirements of this part; and
(6) Detail standing tactical procedures governing the execution of
C-UAS operations, including engagement protocols that account for the
risk to persons and property on the surface and in the air before
engagement, escalation procedures, use of force considerations, ground
intercept team procedures, render safe procedures, evidence collection
and chain-of-custody procedures, communications procedures, system
operating procedures, data handling and purge procedures consistent
with the retention requirements of this part, operation plan
requirements, and post-operation procedures that incorporate data purge
verification.
(b) Legal counsel review. The implementation policy must be
reviewed and concurred in by the agency's legal counsel before adoption
and upon each annual renewal. The review must specifically address the
privacy and civil liberties requirements of this part, including the
data retention, minimization, and dissemination provisions, and the
interplay of proposed C-UAS operations and implementing policies with
applicable State, local, Tribal, or territorial law. For an agency that
has a designated official responsible for the agency's privacy and
civil liberties compliance, regardless of title, the implementation
policy must also be reviewed by that official.
(c) Alternative certification for agencies without in-house
counsel. For an agency without in-house counsel, the review required by
paragraph (b) of this section may alternatively be satisfied by review
and certification by a State, local, territorial, or Tribal attorney's
office that the implementation policy addresses each element required
by paragraph (a) of this section. An agency obtaining a certification
under this paragraph (c) must document the basis for using this
paragraph (c). Certification pursuant to this paragraph (c) does not
relieve the agency of any compliance obligation under this part.
(d) Portal attestation. Upon adoption of the implementation policy,
the agency head or designee must certify compliance through the Federal
C-UAS coordination portal by attesting that the agency has adopted an
implementation policy addressing each element required by paragraph (a)
of this section. The portal records the certifying official, agency,
and date of attestation. The implementation policy is not subject to
pre-approval by the NCUTC. The NCUTC retains authority to audit
implementation policies and to suspend certification or accreditation
under Sec. 124.5. The attestation must be renewed annually.
(e) Retention and availability. The agency must retain the
implementation policy and make it available to the Attorney General or
the Secretary of Homeland Security, or their designee, upon request,
including during compliance audits under Sec. 124.16.
(f) Operating without attestation. An agency that conducts
operations under this part without a current portal attestation is in
violation of this part, and the absence of an attestation constitutes
grounds for compliance action under Sec. 124.16.
(g) Detection and warning policy. An SLTT law enforcement or
correctional agency that conducts only detection and warning operations
requiring the authority of, or the relief from certain laws provided
by, 6 U.S.C. 124n may adopt a detection and warning policy in lieu of
the implementation policy required by paragraph (a) of this section. A
detection and warning policy must satisfy the requirements of this
section, except that it need not include the standing tactical
procedures of paragraph (a)(6) of this section. The agency must
designate an Agency Approving Official under paragraph (a)(1) of this
section and complete the portal attestation under paragraph (d) of this
section, which must be renewed annually. For purposes of that
attestation, a detection and warning policy need address only the
elements of paragraph (a) of this section that apply to detection and
warning operations.
Sec. 124.7 Authorized technologies.
(a) Two-list authorization framework. The technology authorization
framework consists of two complementary lists. The Authorized
Technologies List identifies the technology categories authorized for
SLTT law enforcement and correctional agency C-UAS operations. The
Authorized Systems List identifies specific systems, at the make and
model level, that have completed interagency evaluation within those
technology categories and stated operating restrictions. Both lists are
maintained jointly by the Department of Justice, the Department of
Homeland Security, the Department of Defense, the Department of
Transportation and Federal Aviation Administration, the Federal
Communications Commission, and the National Telecommunications and
Information Administration, consistent with 6 U.S.C. 124n(d)(2)(A)(iii)
and section 8606(a)(4) of the SAFER SKIES Act.
(b) General requirement. An SLTT law enforcement or correctional
agency exercising authority under 6 U.S.C. 124n(a)(2) may deploy only
systems within technology categories listed on the Authorized
Technologies List. When the Authorized Systems List has been populated
for a given technology category, the agency may deploy only specific
systems listed on the Authorized Systems List within that category,
subject to the advance coordination requirements of Sec. 124.9. For
technology categories on the Authorized Technologies List for which the
Authorized Systems List has not yet been populated, the agency may
deploy specific systems within those categories provided that an
operator holds Mitigation Certification covering that technology
category and has completed manufacturer or vendor training on the
specific system to be deployed, subject to the advance coordination
requirements of Sec. 124.9.
(c) Scope of the list requirement. When operating under the
authorities or statutory reliefs in 6 U.S.C. 124n(a)(2), SLTT law
enforcement or correctional agencies may employ only listed technology
categories, and, where the Authorized Systems List is populated, listed
systems. Technology that an SLTT law enforcement or correctional agency
may lawfully employ without the authorities or reliefs provided by 6
U.S.C. 124n(a)(2) is not subject to the requirements of this section
and remains available to agencies on the same basis as before the SAFER
SKIES Act. The detection and warning training curriculum will address
the distinction between technology categories subject to and not
subject to this section.
(d) Mitigation technology and training alignment. An SLTT law
enforcement or correctional agency may employ mitigation systems only
in those technology categories covered by the NCUTC mitigation courses
completed by its mitigation-certified personnel. NCUTC may create an
additional mitigation module covering the technology category when a
new technology category is added to the Authorized Technologies List.
Mitigation-certified personnel who completed the NCUTC mitigation
course prior to the addition of this new content must successfully
complete additional NCUTC training on the new technology category prior
to using any system on the Authorized Systems List under that category.
[[Page 41489]]
(e) Scope of interception authority. Systems may be used to
intercept communications to or from an unmanned aircraft or UAS only to
the extent necessary to support an action described in 6 U.S.C.
124n(b)(1). Any interception, acquisition, maintenance, use of, or
access to communications to or from an unmanned aircraft or UAS under
this section must be conducted in a manner consistent with the First
and Fourth Amendments to the Constitution of the United States and
applicable provisions of Federal law.
(f) Maintenance of the lists. The Authorized Technologies List and
Authorized Systems List, including the criteria and procedures for
evaluating, listing, renewing, suspending, and removing technology
categories and systems, are established and maintained through the
interagency process described in 6 U.S.C. 124n(d)(2)(A)(iii) and
section 8606(a)(4) of the SAFER SKIES Act. The Authorized Systems List
is updated by that interagency process and published on the designated
interagency C-UAS portal. Each RF-emitting system listed on the
Authorized Systems List will have completed a system-level spectrum
evaluation through the interagency process before listing, addressing
potential interference with non-Federal spectrum users, compatibility
with Federal spectrum users, and potential interference with aviation
safety systems. System-level evaluations are reviewed and renewed at
intervals determined through the interagency process and upon any
system change to its operating capabilities, functions, radio frequency
characteristics, or power levels that may alter its radio frequency
characteristics, capabilities, functions, or assessed configurations.
Minor updates that do not alter a system's performance, capabilities,
functions, radio frequency characteristics, or assessed configurations
do not require renewed evaluation.
(g) Emergency suspension. Upon receipt of an emergency suspension
notice issued through the interagency process for the Authorized
Technologies List and Authorized Systems List, an SLTT law enforcement
or correctional agency must immediately cease deployment of the
affected system or technology category. Grounds for emergency
suspension include discovery of a critical safety defect,
identification of a supply chain compromise or cybersecurity
vulnerability, a determination that a system's radio frequency
characteristics differ materially from those evaluated during spectrum
evaluation, or a finding by any agency participating in the interagency
process that continued deployment poses an unacceptable risk. The SLTT
law enforcement or correctional agency may not resume deployment of the
affected system or technology category until the suspension is lifted
or the system or category is restored to the applicable list, and the
agency must comply with any conditions attached to the lifting of the
suspension or the restoration of the system or category to the
applicable list.
Sec. 124.8 C-UAS Operations Plan.
(a) Requirement and function. Each mitigation operation, and each
detection and warning operation conducted under this part using systems
that require the authority of, or relief from certain laws under, 6
U.S.C. 124n, must be authorized by a C-UAS Operations Plan signed by
the agency's Agency Approving Official. Section 124.12 sets out the
conditions specific to detection and warning operations. The signed C-
UAS Operations Plan is the instrument authorizing the operation on
behalf of the SLTT law enforcement or correctional agency and certifies
that the operation is consistent with the agency's implementation or
detection and warning policy, that the operators are agency personnel
who hold the required training and certification, and that the risk-
based assessment factors of paragraph (e) of this section have been
addressed. The agency may not commence mitigation operations until both
the advance coordination process under Sec. 124.9 and the signed C-UAS
Operations Plan are complete.
(b) Legal counsel certification. The C-UAS Operations Plan must
include a certification by the agency's legal counsel or, for an agency
without in-house counsel, the applicable prosecuting authority, that
the plan has been reviewed for legal sufficiency. The certification may
take the form of a signature block, stamp, or attestation on the plan.
(c) Form. The C-UAS Operations Plan must be prepared on the
standardized form prescribed by the Attorney General. The form is
structured to use short-answer fields, selection-based fields, and map
or diagram attachments, and does not require narrative legal analysis
or repetition of standing procedures addressed in the agency's
implementation policy. The form may use conditional fields keyed to the
type of operation, so that each operation completes only the fields
applicable to it; for a detection and warning operation, the fields
specific to mitigation, such as mitigation-system parameters and render
safe planning, do not apply.
(d) Content. The C-UAS Operations Plan must address, at a minimum
and to the extent applicable to the operation:
(1) Operation identification, including the submitting agency,
points of contact, the Agency Approving Official, the operation type,
planned dates, geographic location, venue type, any Special Event
Assessment Rating or National Special Security Event designation, and
the identification of any mutual aid agencies;
(2) Systems and airspace, including the systems to be deployed by
reference to the Authorized Systems List or Authorized Technologies
List category; a description of each system's configuration and the
hardware version, firmware revision, and software version of each
system as deployed; RF-emitting system parameters; class of airspace;
and anticipated flight restrictions;
(3) Coordination confirmation, including operator certification
status, compliance with the agency implementation policy, the legal
counsel certification, and compliance with the privacy and civil
liberties requirements of this part; and
(4) Operational planning elements, including deployment
configuration and spectrum deconfliction, personnel and team
assignments, render safe and contingency planning, known authorized
manned and unmanned aviation and deconfliction processes and
procedures, communications, investigative response and data handling,
and demobilization.
(e) Risk-based assessment. The C-UAS Operations Plan must address
the following factors: potential impacts to aviation safety, civilian
aviation and aerospace operations, aircraft airworthiness, or the use
of the airspace; procedures to comply with any technical and siting
limitations; options for mitigating identified potential impacts;
potential consequences if potential impacts are not mitigated; the
ability to provide reasonable advance notice to aircraft operators of
both manned and unmanned aircraft; the setting and character of the
facility or asset; for National Special Security Events and Special
Event Assessment Rating events, the event characteristics; and the
potential consequences to public safety if UAS threats are not
mitigated. For National Special Security Events and Special Event
Assessment Rating events, a plan that identifies the systems, airspace
environment, and coordination elements from which the assessment can be
derived satisfies this paragraph without separately addressing each
factor in narrative form. Nothing in
[[Page 41490]]
this part may be interpreted as limiting the authority of the
Administrator of the Federal Aviation Administration to manage the
navigable airspace, assess potential aviation safety risks, and
implement such mitigations as the Administrator determines appropriate.
(f) Timing and submission. The C-UAS Operations Plan must be
completed before the commencement of operations and submitted to the
Federal Bureau of Investigation and Department of Homeland Security
through the designated Federal C-UAS coordination portal as a
supplement to the advance notification not fewer than 7 calendar days
before the commencement of operations, or as early as practicable when
the applicable notification timeline does not permit 7 calendar days.
For a detection and warning operation that is not subject to the
advance notification requirement of Sec. 124.9, the C-UAS Operations
Plan must be submitted through the designated Federal C-UAS
coordination portal before the commencement of operations, for
situational awareness and recordkeeping; such submission is not an
advance notification under Sec. 124.9 and does not trigger Federal
Aviation Administration or Federal Communications Commission
coordination. The plan may be updated after submission to reflect
changes resulting from Federal Aviation Administration or Federal
Communications Commission coordination. Material updates must be
resubmitted promptly. Federal Aviation Administration and Federal
Communications Commission coordination is valid for the system
configuration and the firmware and software version coordinated for the
operation. A change in configuration, firmware, or software version
does not require re-coordination if it does not materially change the
system's radio frequency emission characteristics, its operating
frequencies and power levels, or other factors potentially impacting
aviation safety from those previously coordinated. A change that would
operate outside the frequencies or power levels coordinated for the
operation requires re-coordination before deployment; a summary of the
change must be provided to the Federal Aviation Administration and
Federal Communications Commission to determine if re-coordination is
necessary. The Federal Aviation Administration and the Federal
Communications Commission may identify by guidance categories of
configuration, firmware, or software changes that are deemed to
materially affect radio frequency emission characteristics and require
re-coordination. Federal review of the C-UAS Operations Plan is for
deconfliction and situational awareness purposes and does not
constitute approval or disapproval of the operation. For an event,
area, or period in which a high volume of simultaneous operations is
anticipated, the Federal Bureau of Investigation, in coordination with
the Federal Aviation Administration, may establish an earlier
submission deadline for affected operations and will communicate that
deadline to affected agencies in advance through the designated portal
or the lead C-UAS agency.
(g) Relationship to implementation policy. The C-UAS Operations
Plan is an event-specific or operation-specific document. Standing
tactical procedures required by Sec. 124.6(a) must be addressed in the
agency's implementation policy, and the C-UAS Operations Plan must
reference the implementation policy by title and version rather than
repeating standing procedures.
(h) Operational windows. (1) An individual C-UAS Operations Plan
may authorize operations for a period not to exceed 30 consecutive
calendar days, except as provided in paragraph (h)(2) of this section.
For operations requiring a longer duration, the agency must submit a
renewal plan before the expiration of the current operational window;
the renewal plan may incorporate the prior plan by reference and
address only material changes. The agency must submit a renewal plan,
through the designated Federal C-UAS coordination portal under Sec.
124.8(f), before the expiration of the current operational window.
(2) For fixed-site facilities for which SLTT law enforcement and
correctional agencies conduct ongoing persistent-protection operations,
including correctional facilities, critical infrastructure sites, other
permanent facilities with a continuing C-UAS mission, and venues where
the agency expects to provide recurring C-UAS coverage within the
authorization period, the Agency Approving Official may authorize a
standing operational window of up to 365 calendar days, renewable upon
submission of a renewal plan. The advance notification for a standing
operational window must specify the venue and anticipated events or
coverage periods; for a detection and warning operation not subject to
the advance notification requirement of Sec. 124.9, the C-UAS
Operations Plan must specify the venue, the area covered, which may be
stated as a radius around the site, and the anticipated coverage
periods. Material changes, including a new event, new systems, or a
changed threat environment, require an update to the advance
notification under Sec. 124.9(a) or, for such a detection and warning
operation, an updated C-UAS Operations Plan. Federal coordination
requirements continue to apply to each event within a standing window,
including lead C-UAS agency coordination under Sec. 124.10 and per-
event coordination among the Department of Transportation, the Federal
Aviation Administration, and the Federal Communications Commission.
(3) No C-UAS Operations Plan may authorize an indefinite or open-
ended operational window.
Sec. 124.9 Advance coordination, notification, and authorization.
(a) Advance notification. (1) Before conducting any mitigation
operation under 6 U.S.C. 124n(a)(2), an SLTT law enforcement or
correctional agency must submit an advance notification through the
designated Federal C-UAS coordination portal not fewer than 30 calendar
days before the commencement of the operational period. When 30
calendar days is not feasible, the agency must submit the advance
notification as early as the circumstances permit, with sufficient lead
time to allow the Federal Bureau of Investigation, the Department of
Homeland Security, the Department of Transportation, the Federal
Aviation Administration, and the Federal Communications Commission to
complete their respective reviews, and must include a brief explanation
of the circumstances that prevented submission within the 30-day
standard.
(2) The advance notification is a coordination document that routes
the relevant data elements to each recipient agency through a single
submission. The advance notification is not a request for approval by
the Department of Justice or the Department of Homeland Security, and
the absence of a response from the Department of Justice or the
Department of Homeland Security does not affect the agency's authority
to proceed.
(3) The advance notification must identify the submitting SLTT law
enforcement or correctional agency, the planned dates and geographic
location of the operation, the systems to be deployed by reference to
the Authorized Systems List or Authorized Technologies List category,
RF-emitting system parameters, a characterization of the airspace and
operational environment, and confirmation of
[[Page 41491]]
operator certification status and compliance with the agency
implementation policy and the privacy requirements of this part.
(b) C-UAS Operations Plan. Each mitigation operation must also be
authorized by a C-UAS Operations Plan in accordance with Sec. 124.8.
The agency may not commence mitigation operations until both the
advance coordination process under this section and the signed C-UAS
Operations Plan are complete. The SLTT law enforcement or correctional
agency must also submit a comparable advance notification to the State
if required by State law or policy.
(c) FBI and DHS notification and routing. The Attorney General,
through the Federal Bureau of Investigation and the Department of
Homeland Security, receives the advance notification for purposes of
deconflicting planned SLTT law enforcement or correctional agency C-UAS
operations with any ongoing or planned Federal C-UAS, law enforcement,
or national security operations. Until the portal is fully established,
an SLTT law enforcement or correctional agency must notify the Federal
Bureau of Investigation and Department of Homeland Security through a
channel designated by the Federal Bureau of Investigation and
Department of Homeland Security for that purpose.
(d) DOT/FAA coordination. Before conducting any mitigation
operation, an SLTT law enforcement or correctional agency must
coordinate with the Department of Transportation and the Federal
Aviation Administration through the coordination mechanism the Federal
Aviation Administration has designated. The agency must provide the
systems to be deployed, the geographic coordinates of each proposed
deployment and enforcement location, the expected duration of the
operation, and a characterization of the airspace environment. The
Administrator of the Federal Aviation Administration may establish such
flight restrictions as the Administrator determines necessary in his
sole discretion for reasons of aviation safety. The absence of a formal
flight restriction does not preclude mitigation action in exigent
circumstances when a credible threat exists and the requirements of
this part are otherwise satisfied.
(e) Categorical FAA determinations. The Federal Aviation
Administration may issue categorical determinations for specific
combinations of authorized technologies, geographic locations, and
airspace environments. When a proposed mitigation operation falls
within the parameters of a categorical determination by the Federal
Aviation Administration, individual case-by-case Federal Aviation
Administration coordination is not required, provided the agency
operates within the conditions specified in the determination and
notifies the Federal Aviation Administration through the Federal
Aviation Administration-designated coordination mechanism.
(f) FCC authorization. Before deploying any C-UAS system (whether
detection and warning only or mitigation) that involves the emission of
radio waves, an SLTT law enforcement or correctional agency must obtain
authorization to use that system consistent with Title III of the
Communications Act of 1934, as amended. The system must comply with any
relevant regulations, policies, and guidance administered by the
Federal Communications Commission, and an SLTT law enforcement or
correctional agency must submit a request to the Federal Communications
Commission through the advance notification process and as directed by
the Federal Communications Commission. The Federal Communications
Commission will also issue waivers, as appropriate, to C-UAS equipment
vendors and manufacturers to allow them to import and sell C-UAS
mitigation equipment that employs radio frequency interdiction
technologies or electronic counter measures to authorized SLTT law
enforcement and correctional agencies.
(g) Emergency exception. When a credible threat poses an imminent
risk to human life and advance coordination under this section is not
practicable, an SLTT law enforcement or correctional agency may take
mitigation action. The agency must complete the notifications required
by this section as soon as practicable, and in any event within two
hours of the action. If the mitigation action involves an RF-emitting
C-UAS system, the agency must additionally comply with the real-time
notification requirements of Sec. 124.11. Each invocation of this
exception must be documented in the post-operation report with a
specific explanation of why advance coordination was not feasible. This
exception may not be invoked as a routine alternative to advance
coordination, and a pattern of repeated invocations may result in
compliance review under Sec. 124.16, accreditation or certification
suspension, and penalties under section 8605(f) of the SAFER SKIES Act.
The compliance audit program will establish the criteria for
identifying patterns of emergency invocations that warrant review.
(h) Federal coordination. Before conducting any operation under
this part within a security or protection mission overseen by a Federal
Government entity, or within an area, facility, waterway, or other area
over which a Federal Government entity exercises a security or
protection responsibility, the agency must coordinate with that Federal
Government entity through the advance coordination process under Sec.
124.9 before conducting the operation. The Federal Aviation
Administration's general regulatory authority over the navigable
airspace does not by itself trigger this requirement; airspace safety
coordination is addressed in Sec. 124.8 and Sec. 124.11.
(i) Detection and warning operations. Detection and warning
operations that do not actively transmit radio frequency energy and do
not affect aviation safety are not subject to the advance coordination
requirements of this section.
Sec. 124.10 Interagency and lead-agency coordination.
(a) Early coordination and notice of intent. For operations in
support of National Special Security Events, events rated Special Event
Assessment Rating 1 through 3, or other events where Federal C-UAS
operations are anticipated, an SLTT law enforcement or correctional
agency should notify the local FBI field office of its intent to
provide C-UAS coverage as early as practicable and before the 30-day
advance notification standard of Sec. 124.9. The designated Federal C-
UAS coordination portal includes a notice-of-intent function that
allows an agency to register its intent to cover a future event without
completing the full advance notification. A notice of intent is
informational only and does not trigger the advance coordination
process, the Federal Aviation Administration or Federal Communications
Commission review, or any timeline obligation.
(b) Special event coordination. When the Federal Bureau of
Investigation receives an SLTT law enforcement or correctional agency
advance notification or notice of intent for an event at which Federal
C-UAS operations are also planned or under consideration, the Federal
Bureau of Investigation will present the notification to the
interagency C-UAS coordination process maintained by the Department of
Justice and the Department of Homeland Security, will serve as the
conduit for SLTT law enforcement and correctional agency equities in
that process, and will communicate the results to the SLTT law
enforcement or
[[Page 41492]]
correctional agency, including any Federal operational parameters or
deconfliction requirements that may affect the SLTT law enforcement or
correctional agency C-UAS operation. The interagency coordination
process does not approve or disapprove SLTT law enforcement or
correctional agency C-UAS operations.
(c) Tactical coordination under a lead C-UAS agency. An SLTT law
enforcement or correctional agency conducting C-UAS operations at an
event or location for which a lead C-UAS agency has been designated
must operate under the tactical coordination of the lead C-UAS agency
for the duration of the event. Tactical coordination includes the
assignment of system deployment locations, operating frequencies,
detection and mitigation sectors, ground intercept team sectors, render
safe locations, communications channels, and risk to persons and
property on the surface or in the air. The SLTT law enforcement or
correctional agency's C-UAS Operations Plan for the event must be
developed in coordination with the lead C-UAS agency and must conform
to the lead agency's overall C-UAS operational framework for the event.
An SLTT law enforcement or correctional agency coordinating with a lead
C-UAS agency acts under its own certified authority under 6 U.S.C.
124n(a)(2); tactical coordination merely integrates the SLTT law
enforcement or correctional agency C-UAS operation into a unified C-UAS
posture. Where geographic responsibilities are divided among multiple
Federal agencies, the SLTT law enforcement or correctional agency must
coordinate with the sector-level lead Federal agency responsible for
the geographic area in which the SLTT law enforcement or correctional
agency intends to operate. Whenever Federal and SLTT operations will be
conducted at the same event, or whenever the Federal and SLTT
operations will overlap in geographic area and time, the Federal agency
will be the lead C-UAS agency. An SLTT law enforcement or correctional
agency may serve as the lead C-UAS agency only where multiple SLTT
agencies are operating in the same area and no Federal agency is
involved.
(d) Coordination required. An SLTT law enforcement or correctional
agency that does not accept tactical coordination by the designated
lead C-UAS agency may not conduct C-UAS operations, including detection
and warning operations using systems requiring the authority of and
relief from certain laws under the Act, within the geographic area and
time period covered by the lead-agency designation.
(e) Overlapping SLTT operations. When the Federal Bureau of
Investigation and Department of Homeland Security receive advance
notifications from two or more SLTT law enforcement or correctional
agencies for C-UAS operations that overlap in geographic area and time,
the Federal Bureau of Investigation and Department of Homeland Security
will notify all affected SLTT law enforcement and correctional agencies
of the overlap. The affected agencies must designate a lead C-UAS
agency for the overlapping area and time period, or establish a joint
operational coordination arrangement, before any agency commences
mitigation operations in the overlapping area. The designation or
arrangement must be documented and provided to the Federal Bureau of
Investigation and Department of Homeland Security. If the agencies
cannot reach agreement within 48 hours of the Federal Bureau of
Investigation and Department of Homeland Security's notification, the
Federal Bureau of Investigation and Department of Homeland Security may
designate operational parameters for the overlapping area, including
frequency deconfliction assignments and geographic boundaries for each
agency's mitigation operations.
(f) Deconfliction direction. If the deconfliction process
identifies a conflict between a planned SLTT law enforcement or
correctional agency C-UAS operation and an ongoing or planned Federal
C-UAS, law enforcement, or national security operation that cannot be
resolved through coordination, the Department of Justice, acting
through the Federal Bureau of Investigation and in coordination with
the Department of Homeland Security, may direct the SLTT law
enforcement or correctional agency to modify the operational parameters
of, or postpone, the planned operation until the conflict is resolved.
(g) Emergency exception preserved. This section does not affect an
SLTT agency's authority to respond to an imminent risk to human life
under Sec. 124.9(g), including at an event with a designated lead C-
UAS agency; however, the agency must notify the lead C-UAS agency
immediately upon taking emergency action and must coordinate with the
lead agency as soon as practicable thereafter.
(h) The requirements in paragraphs (a) through (g) of this section
are established under the Attorney General's oversight authority
pursuant to 6 U.S.C. 124n(d)(1) and the coordination obligations of 6
U.S.C. 124n(b)(4) and (d)(3); they do not transfer or diminish the SLTT
agency's statutory authority and relief from certain laws under 6
U.S.C. 124n(a)(2).
Sec. 124.11 Real-time air traffic control notification.
(a) Notification required. Any SLTT law enforcement or correctional
agency, or its personnel, that activates a C-UAS system for mitigation
purposes must, within five minutes of activation or as soon as
operationally practicable, provide verbal or electronic notification to
the notification point designated by the Federal Aviation
Administration for real-time C-UAS coordination, using the procedures
established under paragraph (b) of this section. Detection and warning
operations do not require notification or coordination under this
section.
(b) Notification procedures. An SLTT law enforcement or
correctional agency must comply with the notification and reporting
procedures jointly established by the Department of Homeland Security,
the Department of Justice, and the Federal Aviation Administration for
real-time communication to air traffic control of C-UAS mitigation
actions using a radio frequency-emitting C-UAS system. The notification
must identify the type of C-UAS action, the time of activation, and the
location. The NCUTC will include training on these notification
procedures in the mitigation training course.
(c) Notification upon termination. Upon termination of the
mitigation action, the SLTT law enforcement or correctional agency must
provide a follow-up notification to the designated Federal Aviation
Administration notification point confirming the time of termination.
(d) Non-RF mitigation. Mitigation actions that do not involve radio
frequency-emitting systems do require notification under this section
unless the Department of Transportation or Federal Aviation
Administration's applicable notification procedures established under
this section provide otherwise. Such actions remain subject to the
advance coordination and post-operation reporting requirements of
Sec. Sec. 124.9 and 124.13.
Sec. 124.12 Detection and warning operations.
(a) Scope. This section governs detection and warning operations
using systems whose operation requires the authority of and relief from
certain laws under 6 U.S.C. 124n(a)(2). Detection and warning activity
conducted using systems that do not require the authority
[[Page 41493]]
of the Act or the relief it provides from certain laws is not subject
to this part.
(b) Conditions. An SLTT law enforcement or correctional agency may
conduct detection and warning operations under this section if:
(1) All personnel conducting detection and warning operations hold
a current Detection and Warning Certification;
(2) The agency deploys only systems within technology categories
listed on the Authorized Technologies List and, where populated,
specific systems listed on the Authorized Systems List;
(3) The agency has adopted an implementation policy under Sec.
124.6(a) or a detection and warning policy under Sec. 124.6(g), has
completed the applicable portal attestation, and has authorized the
operation by a C-UAS Operations Plan under Sec. 124.8; and
(4) The agency complies with the privacy, data handling, and
retention requirements of Sec. 124.14.
(c) Coordination. No per-operation (that is, for each individual
deployment or activation of a C-UAS system) advance notification,
Federal Aviation Administration coordination, or Federal Communications
Commission coordination is required for detection and warning
operations that employ only systems that do not emit radio frequency
energy and do not affect aviation safety. Such operations must be
authorized by a C-UAS Operations Plan under Sec. 124.8, which
documents operational authority, data handling and retention, and legal
review. For detection and warning operations involving RF-emitting
systems, such as active warning broadcast systems, the advance
coordination requirements of Sec. 124.9 apply, and the operation must
be authorized by a C-UAS Operations Plan under Sec. 124.8.
(d) Reporting. The 48-hour reporting requirement of Sec. 124.13
does not require per-event reporting of detection and warning
operations. Each SLTT law enforcement or correctional agency conducting
detection and warning operations under this section must report
detection activity in the semiannual operational summary required by
Sec. 124.13, including the detection systems deployed by Authorized
Technologies List category, the locations at which systems were
deployed, the total number of detection events recorded, instances of
retention of records of communication beyond 180 days, and any data-
sharing arrangements. A physical seizure or confiscation under 6 U.S.C.
124n(b)(1)(E) that results from a detection and warning operation is a
6 U.S.C. 124n action, but it is documented through the agency's normal
evidence-handling procedures and is not separately reported under this
part. The recovery of a crashed or abandoned unmanned aircraft that
does not involve the use of 6 U.S.C. 124n authority is not a 6 U.S.C.
124n confiscation and is not subject to the reporting requirements of
this part.
(e) Prohibition on mitigation. Personnel holding only a Detection
and Warning Certification are not authorized to take any mitigation
action or any other action that affects an unmanned aircraft in flight,
regardless of the operator's ultimate objective. If a detection
operation identifies a credible threat requiring mitigation, this rule
requires that the agency respond through mitigation-certified personnel
operating under Sec. Sec. 124.8 and 124.9 or through coordination with
Federal C-UAS assets. This prohibition is absolute and is not subject
to the emergency exception of Sec. 124.9(g), which is available only
to an agency with mitigation-certified personnel and authorized
mitigation capability.
Sec. 124.13 Post-operation reporting.
(a) Report required. Any SLTT law enforcement or correctional
agency exercising authority under 6 U.S.C. 124n(a)(2) must submit a
post-operation report as required by 6 U.S.C. 124n(d)(2)(C)(i) within
48 hours of whichever occurs first:
(1) Taking any mitigation action described in 6 U.S.C.
124n(b)(1)(C), (D), or (F);
(2) Any confiscation of an unmanned aircraft or UAS under 6 U.S.C.
124n(b)(1)(E); or
(3) The conclusion of an operation where notification was provided.
(b) Other confiscations. A confiscation that does not occur
pursuant to 6 U.S.C. 124n(b)(1)(E) may be documented through the
agency's normal evidence-handling procedures and does not need to be
separately reported under this part.
(c) Content. The post-operation report must contain:
(1) Confirmation whether the planned operation did or did not occur
as notified;
(2) The date, time, and geographic location of the reportable
action;
(3) A brief description of the credible threat that a UAS or
unmanned aircraft posed to the safety or security of people, a
facility, or an asset; a venue or set of venues used for large-scale
public gatherings or events; critical infrastructure; or a correctional
facility necessitating the action;
(4) The type of capability employed, including the specific system
or systems used by reference to the Authorized Systems List and
Authorized Technologies List category, or where the Authorized Systems
List had not yet been populated for a particular Authorized
Technologies List category at the time of the action, the Authorized
Technologies List category; and in all cases the make, model, hardware
version, firmware revision, and software version of the system or
systems as deployed;
(5) Any known operational effects, including the seizure,
disabling, damage, or destruction of a UAS or unmanned aircraft; any
reported effects on other aviation systems, spectrum users, or persons
and property on the surface or in the air; any aviation accident;
whether a temporary flight restriction was granted or denied; and any
other harm, damage, or loss to a person or to private property;
(6) Any issues, anomalies, or deviations encountered during the
operation; and
(7) Summary operational statistics, including the number of UAS
detected, counted as confirmed detections attributable to a distinct
unmanned aircraft and reported in good faith with reasonable
deduplication; warnings issued; mitigation actions taken; UAS or
unmanned aircraft seized or confiscated; and any criminal charges,
citations, regulatory enforcement actions, or arrests resulting from
the operation.
(d) Submission mechanism. Reports must be submitted through the
designated Federal C-UAS coordination portal. Submission through the
portal satisfies the notification requirement to both the Attorney
General and the Secretary of Homeland Security, as the portal routes
reports to the Federal Bureau of Investigation and Department of
Homeland Security automatically.
(e) Immediate notification for unintended consequences. If a
detection, warning, or mitigation action results in unintended
consequences, including interference with manned aviation or lawfully
operating UAS, property damage, injury, or system malfunction affecting
third parties, the SLTT law enforcement or correctional agency must
immediately notify the Federal Bureau of Investigation and Department
of Homeland Security by the most expedient means available, in addition
to the 48-hour post-operation report. The Federal Bureau of
Investigation will notify the Office of the Deputy Attorney General,
the Department of Transportation, the Federal Aviation Administration,
the Federal Communications Commission, and other affected agencies as
appropriate.
[[Page 41494]]
(f) Consolidated reporting. Where multiple reportable events occur
within a 48 hour period, an SLTT law enforcement or correctional agency
may submit a single consolidated post-operation report covering all
actions taken during the period, due within 48 hours of the first
reportable event, provided that each action is documented with the data
elements required by paragraph (c) of this section and that any action
resulting in unintended consequences is reported immediately under
paragraph (e) of this section.
(g) Recurring venue reporting. For recurring venue operations
conducted under a standing operational window authorized by Sec.
124.8(h), each discrete event within the authorization period must be
reported separately.
(h) Semiannual operational summary. Each SLTT law enforcement or
correctional agency exercising authority under this part must submit a
semiannual operational summary through the designated Federal C-UAS
coordination portal, covering total operations conducted, mitigation
actions taken, detection activity, instances of retention of records of
communication beyond 180 days, instances in which control
communications were disclosed outside the originating agency organized
by the legal basis for their disclosure, compliance issues identified,
and lessons learned. The summary must also report the requests the
agency received for C-UAS protection from critical infrastructure or
airport owners or operators that are not SLTT law enforcement or
correctional agencies, the number of those requests to which it
provided protection, and the number it was unable to support as well as
the reasons it was unable to provide support.
(i) Reporting to support congressional and oversight requirements.
The Federal Bureau of Investigation will compile information from post-
operation reports and semiannual summaries to support the biannual
report required by 6 U.S.C. 124n(d)(2)(D) and the semiannual briefings
required by 6 U.S.C. 124n(g), in coordination with the Secretary of
Homeland Security and the Secretary of Transportation. The compilation
will include:
(1) The frequency, location, and circumstances of SLTT law
enforcement and correctional agencies' mitigation deployments and the
types of mitigation employed;
(2) A list of any aviation security or safety incidents, and any
aviation accidents, that occurred due to SLTT law enforcement and
correctional agencies' deployment of C-UAS technologies;
(3) Recommendations for improving SLTT law enforcement and
correctional agencies' C-UAS training, oversight, compliance, and
execution, and the compliance audits required by section 8606(b)(2) of
the SAFER SKIES Act; and
(4) A determination whether SLTT law enforcement and correctional
agencies are able to fully protect critical infrastructure from the UAS
threat and, if not, recommendations on how to expand C-UAS authorities
to critical infrastructure owners. This determination is informed by
the protection-request data reported under paragraph (h) of this
section.
(5) Instances in which records of communications were retained
beyond 180 days, or in which control communications were disclosed
outside the originating agency.
Sec. 124.14 Privacy and civil liberties.
(a) General. In exercising authority under 6 U.S.C. 124n(a)(2), an
SLTT law enforcement or correctional agency and its personnel must
comply with the requirements of 6 U.S.C. 124n(e), including the
implementation of privacy protections with respect to the interception,
acquisition, access, maintenance, use, and dissemination of
communications, consistent with the First and Fourth Amendments to the
Constitution of the United States and applicable provisions of Federal
law. All operations under this part must comply with the requirements
of the Fourth Amendment and the policies of the applicable SLTT law
enforcement or correctional agency with respect to searches and
seizures, and individual searches and seizures conducted during C-UAS
operations remain subject to the Fourth Amendment reasonableness
requirement.
(b) First Amendment. No C-UAS authority under this part may be used
solely to seize, monitor, deter, interfere with, or disrupt individuals
exercising rights protected by the First Amendment to the Constitution
of the United States. When C-UAS operations are conducted at events or
locations where individuals are exercising First Amendment rights,
personnel must take affirmative steps to minimize the collection,
retention, and dissemination of information about those individuals,
and must not use C-UAS-derived information to identify, track, or build
records on individuals based on their exercise of protected rights.
(c) Scope of interception. Communications may be intercepted or
acquired only to the extent necessary to support an action described in
6 U.S.C. 124n(b)(1).
(1) Material captured that is not control communications is
incidental capture. Agencies must configure systems to minimize
incidental capture, and incidentally captured material determined not
to be relevant to a C-UAS, law enforcement, or national security
purpose must not be reviewed, retained, or disseminated and must be
purged as soon as practicable.
(2) During the contemporaneous C-UAS operation, personnel may view
incidentally captured material only to the extent necessary for C-UAS
detection, tracking, identification, or mitigation purposes and may not
use it for general surveillance or monitoring. If it becomes apparent
that the captured video, audio, or other data stream is not control
communications, the interception of such communications must be
discontinued, and the interception of incidentally captured material
must be documented in the post-operation report. When a system's
configuration permits adjustment of the scope of interception, such as
frequency range, geographic coverage, or signal type, operators must
use the narrowest configuration consistent with operational
effectiveness.
(3) For standing detection deployments exceeding 30 days, the
agency must conduct a review, not less than quarterly, to confirm that
the scope of interception remains proportionate to the operational
need, that incidental collection of non-UAS communications is being
minimized, and that data handling and purge procedures are being
executed on schedule. The review may be conducted on a program-wide
basis for facilities.
(4) Where identifying the threat requires processing the control
signaling of all unmanned aircraft in range, the control communications
of an unmanned aircraft determined not to pose a threat may not be
retained or used beyond what is needed to make the threat determination
and must be purged on the same schedule as other incidental material.
(d) Records of communications and retention. (1) Control
communications captured, recorded, or maintained by SLTT C-UAS systems
constitute records of communications to or from a UAS within the
meaning of 6 U.S.C. 124n(e)(3) and must be maintained only for as long
as necessary, and in no event for more than 180 days, unless the Agency
Approving Official or the agency's chief legal officer determines that
maintenance of such records is necessary to investigate or prosecute a
violation of law, to directly support an
[[Page 41495]]
ongoing security operation, for the purpose of any litigation, or is
required under Federal, State, local, Tribal, or territorial law,
consistent with 6 U.S.C. 124n(e)(3).
(2) Data retained under the ongoing security operation exception
must be reviewed at 90-day intervals and purged when the operation
concludes, unless another exception applies.
(3) When an agency determines that records of communications will
be retained beyond 180 days under any exception, the agency must notify
the Federal Bureau of Investigation through the portal within 30 days
of the determination.
(4) Pattern data, once extracted and recorded independently, is not
a record of communications and is not subject to the 180-day limit.
Data generated by systems whose operation does not implicate the
electronic surveillance laws referenced in the notwithstanding clause
of 6 U.S.C. 124n(a)(2) is likewise not subject to the 180-day limit.
(5) For data retained under the investigation or prosecution
exception, the existence of an open investigative or prosecutorial case
file documenting the data as evidence satisfies the required
determination. For data retained under any other exception, the Agency
Approving Official or the agency's chief legal officer must document
the specific basis for retention. If an agency has neither an Agency
Approving Official nor a chief legal officer, an official holding a
rank not below a Senior Executive or Senior Official, or its
equivalent, must document the specific basis for retention.
(6) A standing operational window authorized under Sec. 124.8(h)
does not itself constitute an ongoing security operation for purposes
of the retention exception; that exception applies only when a
specific, identified threat or other intelligence justifies continued
retention of specific records to support a discrete protective
objective, and the 90-day review must assess whether the specific
security basis for retention continues to exist.
(7) The exception for retention required under Federal, State,
local, Tribal, or territorial law applies when a specific provision of
law affirmatively requires retention of the particular type of data at
issue, not when a general records retention schedule incidentally
encompasses C-UAS data.
(e) Dissemination. (1) Control communications acquired under this
part may be disclosed outside the disseminating agency only as
authorized by 6 U.S.C. 124n(e)(4): when necessary to investigate or
prosecute a violation of law; to support the Department of Defense, a
Federal law enforcement agency, or the enforcement activities of a
regulatory agency of the Federal Government in connection with a
criminal or civil investigation of, or any regulatory, statutory, or
other enforcement action relating to an action described in 6 U.S.C.
124n(b)(1); or as otherwise required by law.
(2) This part does not prohibit the use, as evidence in a
subsequent proceeding, of information lawfully obtained incidental to
an SLTT law enforcement or correctional agency C-UAS operation,
consistent with applicable law.
(3) At the time of any dissemination of control communications, the
disseminating agency must document, in the audit trail required by
paragraph (g) of this section, the 6 U.S.C. 124n(e)(4) basis for the
dissemination, the category of recipient, whether the handling caveat
required by paragraph (f) of this section was conveyed, and whether the
dissemination included control communications.
(4) A real-time detection feed is governed by the substantive
character of the data it transmits. A feed that transmits control
communications acquired under this part is subject to the requirements
of this section applicable to such data and the limitations under 6
U.S.C. 124n(e)(1), (2), and (4). A feed that transmits only data
described in paragraph (e)(6) of this section is not subject to those
limitations.
(5) Pattern data that contains no control communications may be
disseminated consistent with the agency's standard data handling and
information sharing policies and applicable law. Before disseminating
pattern data beyond the agency, the disseminating agency must verify
anonymization in accordance with its implementation policy and screen
the product for operationally sensitive information that would reveal
specific coverage patterns, capabilities, gaps, or methods. Public
release of pattern data products requires approval at the level
designated by the agency's implementation policy.
(6) Data not acquired using the authorities or reliefs provided by
6 U.S.C. 124n, including data generated by systems whose operation does
not implicate the electronic surveillance laws referenced in the
notwithstanding clause of 6 U.S.C. 124n(a)(2), is not subject to the
disclosure limitations of paragraph (e)(1) of this section and may be
shared consistent with the agency's standard data handling and
information sharing policies and applicable law. Sharing for
situational awareness with recipients that are not law enforcement or
correctional agencies, including critical infrastructure owners or
operators and the public, is limited to data described in this
paragraph, unless the disclosure of control communications is
authorized under paragraph (e)(1) of this section.
(f) Protective purpose limitation. Because the authority of 6
U.S.C. 124n(a)(2) is limited to mitigation of a credible threat, an
SLTT law enforcement or correctional agency may disseminate control
communications acquired pursuant to the agency's authorities and
statutory reliefs under 6 U.S.C. 124n(a)(2) only for law enforcement
action arising from the UAS activity that prompted the C-UAS operation,
or for aviation safety. An SLTT law enforcement or correctional agency
may not disseminate such control communications for use in an
investigation or enforcement action unrelated to UAS activity unless
the communications are independently obtainable through lawful means
not dependent on the authorities and statutory reliefs under 6 U.S.C.
124n(a)(2). At the time of dissemination, the disseminating agency must
communicate the protective purpose for which the control communications
are being shared.
(g) Audit trail. Each SLTT law enforcement or correctional agency
exercising authority under this part must maintain an audit trail
sufficient to document each instance in which C-UAS authority was
exercised, the basis for the action, the disposition of any data
acquired, and any dissemination of data under this part. The audit
trail must be searchable and accessible to compliance auditors,
protected against unauthorized modification or deletion, and retained
for a minimum of 6 years. The agency's implementation policy must
specify the format and system of records for the audit trail.
(h) State and local retention conflicts. When an SLTT law
enforcement or correctional agency determines that a State, local,
Tribal, or territorial records retention requirement applicable to law
enforcement or correctional agency records encompasses C-UAS
communications data and the agency cannot comply with both the 180-day
retention limit and that retention requirement, the agency must retain
the data for the period required by the applicable law and must apply
the handling restrictions of this part, including the prohibition on
use for unrelated law enforcement purposes and the dissemination
restrictions of this section, for the full duration of retention.
[[Page 41496]]
(i) Third-party acquisition. An SLTT law enforcement or
correctional agency may not request, purchase, subscribe to, or
operationally rely on intercepted UAS control communications acquired
by any actor lacking lawful authority and relief from certain otherwise
applicable laws for the underlying interception, regardless of whether
the agency directed or facilitated the original interception. An agency
acquiring UAS intelligence from a third-party source must document the
source's lawful authority and relief from otherwise applicable laws for
any intercepted content and must apply the retention and dissemination
requirements of this section to data so acquired. The agency's
implementation policy must specify procedures for evaluating third-
party source authority and relief from certain otherwise applicable
laws, which must include review and concurrence by appropriate State,
local, territorial, or Tribal legal counsel.
(j) Vendor data sharing. An SLTT law enforcement or correctional
agency may provide operational raw sensor data to system vendors for
purposes of system diagnostics, troubleshooting, and performance
validation, provided that any communications content is removed before
disclosure and the data is used solely for the specific purpose
identified. The agency's implementation policy must establish the
conditions for vendor data sharing consistent with this paragraph and
applicable privacy protections.
Sec. 124.15 Protection of sensitive operational information.
(a) Sensitive system information. Information that links the
specific capabilities, vulnerabilities, operating parameters, or
countermeasure effectiveness of C-UAS systems to planned or completed
operations, including deployment locations, operating radio
frequencies, tactical employment methods, and threat-specific
mitigation approaches, must be treated as law enforcement sensitive,
protected from public disclosure to the extent permitted by applicable
law, and, where the information reveals a capability gap of national
security concern, evaluated for classification. Other operational
coordination information associated with a planned or completed
operation, such as the existence, general timing, or general coverage
area of a deployment, must be handled as Controlled Unclassified
Information and may be shared with covered Federal and SLTT law
enforcement and correctional partners, including a State-designated
aviation point of contact, for a lawful government purpose. General
technical specifications and evaluation data not associated with a
specific planned or completed operation are not subject to these
handling requirements. All information described in this paragraph
remains subject to any applicable classification, export control, or
proprietary restriction.
(b) Protection from disclosure. An SLTT law enforcement or
correctional agency must take the steps available under applicable
State, local, Tribal, or territorial law to protect operationally
sensitive information from disclosure through public records requests
or civil discovery, and should coordinate with the prosecuting
authority in criminal prosecutions arising from C-UAS operations to
limit testimony and pleadings to the information necessary to establish
the elements of the offense. Nothing in this section requires an agency
to take any action inconsistent with applicable State, local, Tribal,
or territorial public records law.
(c) Markings. Advance notifications, C-UAS Operations Plans, post-
operation reports, and compliance audit records must be marked with
appropriate sensitivity designations.
(d) Permitted disclosures. This section does not prohibit
disclosure of sensitive system information to authorized Federal
officials, to other participating SLTT agencies in the course of
operational coordination, or to the public to the extent required by
statute or court order.
Sec. 124.16 Compliance and enforcement.
(a) Compliance audits. The Attorney General, in coordination with
the Secretary of Homeland Security and the Administrator of the Federal
Aviation Administration, will periodically conduct compliance audits of
SLTT law enforcement and correctional agencies exercising authority
under 6 U.S.C. 124n(a)(2), as required by 6 U.S.C. 124n(d)(2)(B) and
section 8606(b)(2) of the SAFER SKIES Act, to oversee compliance with
this part and the privacy protections of 6 U.S.C. 124n(e) as well as to
prevent misuse of C-UAS authority. The audit program will include
review of post-operation reports, advance notification records, and
agency implementation policies. The FAA will participate with respect
to the aviation safety, airspace safety coordination, and deconfliction
aspects of the compliance audits conducted under this section.
(b) Civil fines and penalties. An SLTT law enforcement or
correctional agency, or its personnel authorized to take mitigation
actions under 6 U.S.C. 124n(a)(2), that knowingly engages in such
actions without Federal coordination as required by 6 U.S.C. 124n and
the SAFER SKIES Act, including the advance coordination required by
Sec. 124.9, the real-time air traffic control notification required by
Sec. 124.11, and the post-action notification to the Attorney General
and the Secretary of Homeland Security required by 6 U.S.C.
124n(d)(2)(C) and implemented by Sec. 124.13(a), may be subject to a
civil fine of up to $100,000 per violation, or suspension of C-UAS
authority pending review by the Attorney General or the Secretary of
Homeland Security, as provided in section 8605(f) of the SAFER SKIES
Act. Civil penalties will be assessed in accordance with graduated
penalty levels proportionate to the severity of the violation and the
factors set forth in this part, including the agency's compliance
history, the availability and quality of compliance assistance from
Federal partners, whether the violation resulted in actual harm, and
whether the agency took prompt corrective action. A civil penalty will
not be assessed for a first violation of a procedural reporting or
notification requirement when the agency demonstrates a good-faith
effort to comply and voluntarily self-reports the deficiency.
Violations of requirements of this part other than the Federal
coordination requirements described in this paragraph do not give rise
to civil penalties under section 8605(f) of the SAFER SKIES Act; they
are addressed through the compliance audit program of this section,
certification and accreditation suspension under Sec. 124.5, and any
other remedy available under law.
(c) Civil enforcement. The Attorney General is authorized to bring
a civil action in a United States district court to collect fines and
enforce civil penalties imposed under this section against any agency
or individual, as provided in section 8605(g) of the SAFER SKIES Act.
(d) Relationship to certification or accreditation suspension. In
addition to civil penalties, the Attorney General or designee may
suspend a Mitigation Certification, Detection and Warning
Certification, or accreditation under Sec. 124.5(i) for violations of
this part. Certification or accreditation suspension may be imposed
independently of or in conjunction with other actions described in this
section.
Sec. 124.17 Confiscation and forfeiture.
(a) Confiscation authority. (1) An SLTT law enforcement or
correctional agency and its personnel may seize or
[[Page 41497]]
otherwise confiscate a UAS or unmanned aircraft as described in 6
U.S.C. 124n(b)(1)(E). This authority is contingent on a credible threat
and applies to the physical taking of possession of an unmanned
aircraft that is no longer active in flight or any other UAS component,
such as a ground control station.
(2) This authority does not require Mitigation Certification, the
use of systems on the Authorized Technologies List or Authorized
Systems List, or advance coordination under Sec. 124.9. However,
personnel exercising confiscation authority under 6 U.S.C.
124n(b)(1)(E) must hold a current Detection and Warning Certification
issued by the NCUTC. An officer who seizes an unmanned aircraft or any
other UAS component under traditional law enforcement authority,
including an abandoned or crashed unmanned aircraft, does not require
Detection and Warning Certification.
(3) Any action that employs C-UAS technology to disrupt or seize
control of, damage, disable, or destroy the unmanned aircraft or UAS is
an action under 6 U.S.C. 124n(b)(1)(C), (D), or (F) and requires
Mitigation Certification.
(4) Personnel exercising confiscation authority should follow
standard law enforcement evidence handling procedures, including
maintaining chain of custody, preserving digital evidence stored on the
aircraft or its flight controller, and observing applicable hazardous
materials precautions.
(5) This part does not affect the authority of any law enforcement
or correctional officer to take physical custody of an unmanned
aircraft or UAS under traditional law enforcement authority independent
of 6 U.S.C. 124n. Traditional law enforcement authority refers to the
seizure authorities generally available to law enforcement under
applicable Federal, State, local, Tribal, or territorial law, including
seizure incident to arrest, seizure of evidence or contraband pursuant
to a warrant or a recognized exception to the warrant requirement, and
seizure of abandoned property. Once an unmanned aircraft or UAS is on
the ground and confiscated, subsequent law enforcement actions,
including threat assessment, render safe procedures, evidence
collection, and search warrant execution, are governed by traditional
legal authorities, including Fourth Amendment requirements and
applicable exigency or emergency doctrines, rather than by 6 U.S.C.
124n.
(6) When a C-UAS operation involves a known or suspected unmanned
aircraft being used as a delivery mechanism for a hazardous device, the
response to the hazardous device must be conducted by a public safety
bomb squad accredited through the Hazardous Devices School, consistent
with the National Guidelines for Bomb Technicians or any successor
publication.
(7) The physical act of interception of a third-party unmanned
aircraft while it is in flight, such as catching or netting an aircraft
by hand or using a non-electronic physical device to capture it in the
air, implicates 6 U.S.C. 124n(b)(1)(D), (E), or (F). Personnel
conducting such actions must therefore hold a Mitigation Certification.
This does not apply to the erection of physical barriers that a drone
operator has an obligation to avoid, such as netting affixed to a
physical structure.
(b) Forfeiture. Any UAS or unmanned aircraft seized by an SLTT law
enforcement or correctional agency pursuant to 6 U.S.C. 124n(a)(2) is
subject to forfeiture under the laws of the seizing agency's
jurisdiction, as provided in 6 U.S.C. 124n(c)(2).
Sec. 124.18 Activities for evaluation, testing, training, and pre-
operational validation.
(a) Scope and legal basis. An SLTT law enforcement or correctional
agency that holds current accreditation under this part may conduct
operational acceptance testing of acquired systems and systems under
procurement consideration, on-the-job proficiency training, and
interoperability training exercises to maintain C-UAS operational
readiness. Testing and training do not and must not involve the
mitigation of a credible threat and are not conducted under the
authority of 6 U.S.C. 124n(a)(2). The operation of RF-emitting systems
during testing and training is conducted under applicable Federal
Communications Commission authorization and Federal Aviation
Administration coordination requirements, and only against controlled
test targets owned or operated by, or operated with the consent of, the
SLTT law enforcement or correctional agency. An SLTT law enforcement or
correctional agency acting pursuant to this section may utilize only
authorized technologies under Sec. 124.7. The SLTT law enforcement or
correctional agency is responsible for verifying that all necessary
Federal Aviation Administration authorizations or regulatory relief for
operation of any unmanned aircraft or UAS, including unmanned aircraft
or UAS forming part of a C-UAS system, have been obtained prior to any
testing, training, or exercises. Compliance with this section is a
condition of maintaining certification and accreditation under this
part.
(b) Personnel. Only personnel holding a current Mitigation
Certification may operate mitigation systems during evaluation testing,
training, and exercises. Testing, training, and exercises may not be
used to train or evaluate uncertified personnel on the operation of
mitigation systems. Contractors and vendor representatives may provide
technical support and instruction on system-specific procedures but may
not independently operate mitigation systems against test targets.
(c) Evaluation testing and training activities plan. Before
conducting testing, training, or exercises involving RF-emitting C-UAS
mitigation systems, the agency must prepare a written activities plan
specifying the date, time, and location; the purpose; the systems and
equipment to be used; the test, training, or exercise targets; the
assigned operators; safety controls; privacy measures; the types of
data to be collected and their planned disposition; documentation of
Federal Aviation Administration and Federal Communications Commission
spectrum coordination for the C-UAS activities, and documentation of
any necessary Federal Aviation Administration authorizations or
regulatory relief for the operator of the target unmanned aircraft or
UAS and for the operation any unmanned aircraft or UAS that form part
of the C-UAS system. The activities plan must be approved by the Agency
Approving Official or designee and reviewed by the agency's legal
counsel.
(d) Coordination. Testing, training, and exercises, involving RF-
emitting systems, or systems that may affect aviation safety, civilian
aviation and aerospace operations, aircraft airworthiness, or the use
of the airspace, require advance coordination with the Federal Aviation
Administration and, for spectrum authorization, with the Federal
Communications Commission.
(e) Privacy within evaluation testing and training. The agency must
favor testing, training, and exercise locations and activities that
minimize exposure to non-participating third parties. The agency must
not intentionally target, monitor, or collect the communications of
non-participating third parties. Communications incidentally collected
from non-participating third parties must be purged at the conclusion
of the testing, training, or exercise activity, or as soon as
practicable thereafter.
(f) Mitigation restriction. During testing, training, and
exercises, the agency may not intentionally mitigate
[[Page 41498]]
any UAS or unmanned aircraft that is not a controlled test target,
unless necessary to protect against an imminent risk to human life or
as part of an approved C-UAS Operations Plan. An action taken to
protect against an imminent risk to human life must comply with the
emergency exception set forth in Sec. 124.9(g).
(g) Pre-operational validation. Before commencing mitigation
operations at an event or facility, an agency may conduct pre-
operational validation or equipment functional checks within the
operational window and airspace restrictions already coordinated
through the advance notification process under Sec. 124.9. The C-UAS
Operations Plan must document the pre-operational validation plan and
required notifications. No separate authorization from the Department
of Homeland Security or the Department of Justice beyond the advance
notification is required.
(h) Participation in Federal RTTE. Personnel holding active
Mitigation Certification may participate in research, testing,
training, and evaluation (RTTE) events conducted by Federal components
under 6 U.S.C. 124n(b)(3). Personnel may engage with systems in
mitigation technology categories beyond those for which they hold an
active Mitigation Certification or that are not on the ATL or ASL as
part of the event. Participants act under the Federal component's
authority and supervision.
Sec. 124.19 Task force arrangements and Federal support.
(a) Task force and deputization arrangements preserved. Task force
and deputization arrangements under 6 U.S.C. 124n(a)(1) are not
affected by this part. An SLTT law enforcement or correctional agency
participating in such an arrangement may continue that participation
indefinitely, so long as the deputizing Federal agency continues to
have C-UAS authority and relief from certain laws under 6 U.S.C.
124n(a)(1). Nothing in this part requires an agency to seek
accreditation under this part, conditions any task force or
deputization arrangement on accreditation, or terminates or limits any
such arrangement.
(b) Concurrent authority. The availability of independent SLTT law
enforcement and correctional agency authority under 6 U.S.C. 124n(a)(2)
does not preclude continued participation in C-UAS task forces or
deputization arrangements under 6 U.S.C. 124n(a)(1). An SLTT law
enforcement or correctional agency and its officers may exercise
independent authority and participate in Federal task force operations
concurrently or at different times as operational circumstances
warrant. Task force operations are governed by the policies applicable
to the sponsoring Federal component.
(c) Federal support. An SLTT law enforcement or correctional agency
may request C-UAS support from an authorized Department of Justice or
Department of Homeland Security component. Such support, when provided,
constitutes a Federal operation under 6 U.S.C. 124n(a)(1) and is
governed by the policies applicable to the supporting component, and
the requesting agency's personnel participating in the operation do so
under the Federal component's authority and supervision, consistent
with applicable task force or deputization arrangements. No formal
gubernatorial request is required under this part. Support from the
Department of Defense, when available, is governed by the Department of
Defense's own authorities, including 10 U.S.C. 130i and 2564, and
applicable Department of Defense policies, not by this part.
Sec. 124.20 Construction.
(a) No private right. This part is not intended to, does not, and
may not be relied upon to create any right or benefit, substantive or
procedural, enforceable at law or in equity by any party against the
United States, its departments, agencies, or entities, its officers,
employees, or agents, or any other person.
(b) Manned aircraft. Nothing in this part authorizes the use of C-
UAS authority against any aircraft or aircraft system operated with a
human pilot, crew, or passengers onboard.
(c) Mass gatherings. Consistent with 6 U.S.C. 124n(h)(5), nothing
in this part provides a new basis of liability for any State, local,
territorial, or Tribal law enforcement officer who participates in the
protection of a mass gathering identified by the Secretary of Homeland
Security or the Attorney General under 6 U.S.C. 124n(l)(3)(C)(iii)(II),
acts within the scope of the officer's authority, and does not exercise
the authority granted to the Secretary of Homeland Security and the
Attorney General by 6 U.S.C. 124n.
(d) Statutory scope. Nothing in this part alters the scope of the
authority of, or the statutory reliefs under 6 U.S.C. 124n(a)(2). A
determination that an action does not comply with this part may give
rise to administrative, civil, or other consequences provided by law,
but does not by itself determine whether the action falls outside the
scope of the statutory authorization in, or the relief from criminal
liability available under, 6 U.S.C. 124n. Such a determination will be
made by the Attorney General, in coordination with the Secretary of
Homeland Security and other appropriate officials.
Sec. 124.21 Termination.
(a) Termination. Absent additional statutory authority, the
authority of SLTT law enforcement and correctional agencies and their
personnel under 6 U.S.C. 124n(a)(2) will terminate on December 31,
2031, as provided in 6 U.S.C. 124n(j)(2).
(b) Savings. Termination under paragraph (a) of this section does
not affect any obligation, proceeding, or liability that arose before
the termination date. Recordkeeping, retention, audit, reporting, and
enforcement obligations with respect to operations conducted before the
termination date, and any administrative or civil proceeding arising
from those operations, survive the termination of authority under this
part and remain in effect until satisfied or otherwise resolved.
Sec. 124.22 Severability.
If any provision of this part, or the application of any provision
to any person, entity, or circumstance, is held to be invalid or
unenforceable by a court of competent jurisdiction, the remainder of
this part, and the application of its provisions to any other persons,
entities, or circumstances, shall not be affected and shall remain in
full force and effect.
DEPARTMENT OF JUSTICE
0
Accordingly, for the reasons set forth in the preamble, and by the
authority vested in the Assistant Attorney General for the Office of
Legal Policy by Attorney General Order Number 6966-2026, title 28 of
the Code of Federal Regulations is amended by adding part 124 to read
as follows:
PART 124--COUNTER-UNMANNED AIRCRAFT SYSTEM AUTHORITY FOR STATE,
LOCAL, TRIBAL, AND TERRITORIAL LAW ENFORCEMENT AND CORRECTIONAL
AGENCIES
Sec.
124.1 Purpose and scope.
124.2 Definitions.
124.3 Scope of authority and mitigation standards.
124.4 Authorized personnel, contractors, and mutual aid.
124.5 Training and certification.
124.6 Agency implementation policy.
124.7 Authorized technologies.
124.8 C-UAS Operations Plan.
124.9 Advance coordination, notification, and authorization.
[[Page 41499]]
124.10 Interagency and lead-agency coordination.
124.11 Real-time air traffic control notification.
124.12 Detection and warning operations.
124.13 Post-operation reporting.
124.14 Privacy and civil liberties.
124.15 Protection of sensitive operational information.
124.16 Compliance and enforcement.
124.17 Confiscation and forfeiture.
124.18 Activities for evaluation, testing, training, and pre-
operational validation.
124.19 Task force arrangements and Federal support.
124.20 Construction.
124.21 Termination.
124.22 Severability.
Authority: 5 U.S.C. 301; 6 U.S.C. 124n, as amended by the SAFER
SKIES Act (Division H, Title LXXXVI of the National Defense
Authorization Act for Fiscal Year 2026, Pub. L. 119-60, sec. 8601-
8607, 139 Stat. 718, 1938-45 (2025)).
Sec. 124.1 Purpose and scope.
(a) Purpose. This part implements the authority of the Secretary of
Homeland Security and the Attorney General to develop the governance
framework for the exercise of all counter-unmanned aircraft system (C-
UAS) actions by State, local, Tribal, and territorial (SLTT) law
enforcement and correctional agencies and their personnel under 6
U.S.C. 124n(a)(2), as amended by the SAFER SKIES Act. The purpose of
actions taken under this authority is to detect, identify, monitor,
track, warn, and, if necessary, mitigate credible threats posed by
unmanned aircraft or unmanned aircraft systems (UAS) to the safety or
security of people, facilities, or assets; a venue or set of venues
used for large-scale public gatherings or events; critical
infrastructure; or a correctional facility.
(b) Scope. This part applies to all SLTT law enforcement and
correctional agencies, and their personnel seeking to exercise or
exercising authority under 6 U.S.C. 124n(a)(2). This part does not
govern Federal agency operations under 6 U.S.C. 124n(a)(1), nor
deputized SLTT personnel conducting C-UAS as part of an FBI C-UAS task
force, which are subject to separate policies and guidance. An SLTT law
enforcement or correctional agency that conducts only detection and
warning operations using systems the operation of which requires the
authority of the Act or the relief it provides from certain laws is
subject principally to the Detection and Warning Certification
requirement of Sec. 124.5(c), the detection and warning policy
provisions of Sec. 124.6(g), the authorized technology requirements of
Sec. 124.7, the C-UAS Operations Plan requirement of Sec. 124.8, the
operational conditions of Sec. 124.12, and the privacy and data
handling requirements of Sec. 124.14.
(c) Relationship to other laws. As provided in 6 U.S.C. 124n(a)(2),
actions taken by SLTT law enforcement and correctional agencies and
their personnel in compliance with this part may be taken
notwithstanding section 46502 of title 49, United States Code, and
sections 32, 1030, and 1367 and chapters 119 and 206 of title 18,
United States Code, and notwithstanding the laws of any particular
State, local, Tribal, or territorial jurisdiction. Nothing in this part
vests in the Secretary of Homeland Security or the Attorney General any
authority of the Secretary of Transportation or the Administrator of
the Federal Aviation Administration.
(d) Comprehensive framework. This part establishes the complete
framework governing the exercise of authority under 6 U.S.C.
124n(a)(2), including the training and certification procedures
required by 6 U.S.C. 124n(d)(2)(A) and the guidance required by 6
U.S.C. 124n(d)(1) on the matters this part addresses. An SLTT law
enforcement or correctional agency and its personnel exercising
authority under 6 U.S.C. 124n(a)(2) must conduct operations in
accordance with this part. The Attorney General, the Secretary of
Homeland Security, the Secretary of Transportation, and the
Administrator of the Federal Aviation Administration may issue forms,
templates, curricula, and other implementing materials under this part
to the extent consistent with law. Where any implementing material
addresses a matter also addressed by this part, this part controls.
Nothing in this part limits the authority of the Secretary of Homeland
Security, the Attorney General, or the Secretary of Transportation to
issue guidance under 6 U.S.C. 124n(d)(1) in their respective areas.
(e) Parallel regulations. Consistent with section 8606(a)(1) of the
Act, identical implementing regulations appear at 6 CFR part 124 and 28
CFR part 124. The Department of Homeland Security and Department of
Justice administer and interpret their respective regulations with
respect to their own programs, activities, and solely held authorities.
Any description in these regulations of the other Department's
programs, activities, or solely held authorities is provided for
context and does not itself govern the other Department's exercise of
its statutory authorities.
Sec. 124.2 Definitions.
As used in this part:
Agency accreditation means an agency's eligibility to exercise
authority under this part, established when the agency has adopted the
implementation policy and completed the portal attestation required by
Sec. 124.6(d), deploys only systems within categories on the
Authorized Technologies List and, where populated, on the Authorized
Systems List, and ensures that its personnel hold the certifications
required for the authorities exercised.
Agency Approving Official means the senior official designated by
an SLTT law enforcement or correctional agency in its implementation
policy under Sec. 124.6(a)(1), or in its detection and warning policy
under Sec. 124.6(g), authorized to approve C-UAS operations on behalf
of the agency. The Agency Approving Official must not be below the rank
of a Senior Executive or Senior Official or its equivalent, except that
for an agency in which no equivalent rank exists, the agency head or
the agency head's designee may serve as Agency Approving Official. The
Agency Approving Official may not serve as a mitigation operator for an
operation that official has approved.
Authorized Systems List means the subset of the Authorized
Technologies List that identifies specific systems--including make,
model, and hardware version--that have been authorized for operational
use within one or more technology categories on the Authorized
Technologies List. The Authorized Systems List is populated on a phased
basis. As systems complete interagency assessment, systems may be added
to the Authorized Systems List with appropriate operational limitations
based on the approved capabilities, functions, and hardware version of
the system.
Authorized Technologies List means the list of authorized
technology categories for C-UAS operations by SLTT law enforcement and
correctional agencies, maintained jointly by the Department of Justice,
the Department of Homeland Security, the Department of Defense, the
Department of Transportation and Federal Aviation Administration, the
Federal Communications Commission, and the National Telecommunications
and Information Administration, consistent with 6 U.S.C.
124n(d)(2)(A)(iii) and section 8606(a)(4) of the SAFER SKIES Act.
Control communications means any wire, oral, or electronic
communication used to navigate, command, or otherwise control a UAS or
unmanned aircraft, including telemetry transmitted from the aircraft to
its operator, command-and-control signals
[[Page 41500]]
transmitted from the operator to the aircraft, and any video, audio, or
other data stream used by the operator to navigate the aircraft when
other navigation telemetry is unavailable or insufficient. The
operational role of a communication, rather than its packet type or
transmission frequency, determines whether it is a control
communication. Whether a communication is a control communication is
determined when captured material is processed under Sec. 124.14 and
does not require an operator to determine in real time whether a
particular video, audio, or data stream is being used to navigate the
aircraft. Control communications also include a UAS unique identifier
(such as a manufacturer device identifier or serial-correlated number),
the operator or take-off location of the UAS, and the location,
velocity, and emergency status of the UAS when that information is
acquired by intercepting a communication from an unmanned aircraft or
unmanned aircraft system pursuant to the relief provided by 6 U.S.C.
124n. The same information is not a control communication when it is
obtainable without that relief.
Correctional agency has the meaning given in section 8606(c)(2) of
the SAFER SKIES Act.
Correctional facility has the meaning given in 6 U.S.C. 124n(l)(9).
Credible threat means a threat that, based on the totality of
circumstances known to the operator at the time of the determination,
would cause a reasonable person in the operator's position, considering
the operator's training and experience, to conclude that a UAS or
unmanned aircraft poses an articulable risk to the safety or security
of people, a facility, or an asset; a venue or set of venues used for
large-scale public gatherings or events; critical infrastructure; or a
correctional facility.
(1) A credible threat may be based on, but is not limited to:
(i) Specific intelligence, including information from law
enforcement databases, threat assessments, or intelligence community
products;
(ii) Behavioral indicators, including operation in airspace in
which UAS operations have been restricted or prohibited by the Federal
Aviation Administration, operation not in compliance with Federal
Aviation Administration's flight requirements, approach toward a
protected interest, failure to respond to warnings, or evasive
maneuvering inconsistent with normal flight operations;
(iii) Payload or physical configuration indicators, including
observed attachments, modifications, or configurations inconsistent
with ordinary recreational or commercial UAS use that suggest
capability to cause harm or to deliver prohibited items;
(iv) Unauthorized surveillance or reconnaissance of a protected
interest that by law is protected from such activities, or interference
with the operational mission of a protected interest;
(v) Indications that the UAS is being used to gain unauthorized
access to, or to disclose, classified, law enforcement sensitive, or
otherwise lawfully protected information; or
(vi) Pattern-based indicators, including repeated unauthorized UAS
activity at a specific location (such as repeat incursions of national
defense airspace in violation of 49 U.S.C. 46307), which may inform but
do not independently satisfy the credible threat standard.
(2) A credible threat determination rests on the totality of the
circumstances. A single indicator may establish a credible threat where
it is sufficiently probative. For mitigation actions under 6 U.S.C.
124n(b)(1)(C), (D), and (F), the determination must be supported by a
contemporaneous indicator that the specific unmanned aircraft system or
unmanned aircraft at issue poses a current, articulable risk if
unabated. For detection and warning actions under 6 U.S.C.
124n(b)(1)(A) and (B), a credible threat determination may also be
supported by a reasonable basis to anticipate that one or more unmanned
aircraft systems or unmanned aircraft poses an articulable risk.
Activity protected by the First Amendment to the Constitution of the
United States may not be considered in making a credible threat
determination.
Critical infrastructure has the meaning given in subsection (e) of
the Critical Infrastructures Protection Act of 2001 (Pub. L. 107-56,
sec. 1016, 115 Stat. 272, 400-02 (codified at 42 U.S.C. 5195c)), as
referenced in 6 U.S.C. 124n(l)(10).
Data purge verification means documented confirmation that records
subject to purge have been deleted from all systems on which they were
stored. Verification may be performed through an automated system,
supervisory review, or other documented confirmation process, and must
be recorded in the audit trail required by Sec. 124.14.
Designated Federal C-UAS coordination portal means the electronic
submission system designated by the Attorney General and Secretary of
Homeland Security for advance notifications, notices of intent, C-UAS
Operations Plans, mitigation notifications, post-operation reports, and
other submissions required by this part.
Detection and Warning Certification means certification that
personnel have successfully completed the online detection and warning
training curriculum developed and maintained through the National
Counter-UAS Training Center (NCUTC) and passed the post-course
assessment. A Detection and Warning Certification authorizes the holder
to exercise the authorities described in 6 U.S.C. 124n(b)(1)(A), (B),
and (E). The certification is issued automatically through the NCUTC
training portal upon successful completion of the curriculum and
assessment and recorded in the NCUTC certification database.
Detection and warning operations means operations conducted using
systems the operation of which requires the authority of, or relief
from certain laws under, 6 U.S.C. 124n and involve only the actions
described in 6 U.S.C. 124n(b)(1)(A) and (B). Detection and warning
activity conducted using systems that do not require the authority of 6
U.S.C. 124n (including, for example, electro-optical, infrared,
acoustic sensors, and radar) is not subject to this part. Operation of
RF-emitting C-UAS systems remains subject to applicable Federal
Communications Commission authorization requirements and Federal
Aviation Administration coordination if such emission could impact the
National Airspace System or other systems located at or near airports.
Detection system means a system or technology used to take an
action described in 6 U.S.C. 124n(b)(1)(A) or (B)--that is, to detect,
identify, monitor, or track a UAS or unmanned aircraft, or to warn its
operator, and that has no capability enabled to disrupt or seize
control of, or disable, damage, or destroy a UAS or unmanned aircraft.
FAA-designated coordination mechanism means the program, office, or
process designated by the Administrator of the Federal Aviation
Administration for the coordination of C-UAS operations that might
affect aviation safety, civilian aviation and aerospace operations,
aircraft airworthiness, or the use of the airspace.
Hazardous Devices School means the schoolhouse operated by the
Federal Bureau of Investigation at which public safety bomb technicians
are certified and recertified in accordance with the National
Guidelines for Bomb Technicians, or any successor publication.
[[Page 41501]]
Mitigation action means an action described in 6 U.S.C.
124n(b)(1)(C), (D), or (F). Detection and warning, described in 6
U.S.C. 124n(b)(1)(A) and (B), are not mitigation actions.
Mitigation Certification means certification issued by the National
Counter-UAS Training Center upon successful completion of the NCUTC
mitigation training course or a successor course approved by the
Attorney General acting through the Director of the Federal Bureau of
Investigation, authorizing the holder to exercise the authorities
described in 6 U.S.C. 124n(b)(1)(C), (D), and (F), to the extent
consistent with this part and applicable laws, using authorized
technologies within the mitigation technology categories covered by the
approved mitigation courses the holder has completed. A current
Detection and Warning Certification is a prerequisite for obtaining and
maintaining a Mitigation Certification.
Mitigation operation means an operation in which a mitigation
system is deployed for the purpose of taking an action described in 6
U.S.C. 124n(b)(1)(C), (D), or (F), including disrupting, seizing, or
exercising control of, or using reasonable force, if necessary, to
disable, damage, or destroy a UAS or unmanned aircraft, whether or not
a mitigation action is taken during the operation. A mitigation
operation may include elements of detection and warning operations.
Mitigation system means a system or technology used or capable of
being employed to take an action described in 6 U.S.C. 124n(b)(1)(C),
(D), or (F), including disrupting, seizing or exercising control of, or
using force to disable, damage, or destroy a UAS or unmanned aircraft.
A system with both detection and mitigation capability is a mitigation
system while its mitigation capability is enabled.
National Counter-UAS Training Center (NCUTC) means the national
schoolhouse operated by the Federal Bureau of Investigation and
designated by the Attorney General, acting through the Director of the
Federal Bureau of Investigation, as the national training center for
purposes of 6 U.S.C. 124n and as the sole certifying authority for SLTT
C-UAS mitigation operators under 6 U.S.C. 124n(d)(2)(A)(i).
Pattern data means a derived data product reflecting aggregated
trends, frequencies, or statistical observations of UAS activity across
multiple C-UAS operations that has met the anonymization standards
established by the agency's implementation policy and contains no
information identifying any specific aircraft, operator, or natural
person.
Personnel means officers and employees with assigned duties that
include the security or protection of people, facilities, or assets of
SLTT law enforcement and correctional agencies, as defined in 6 U.S.C.
124n(a)(2) and (l)(6)(B). This term does not include contractors of
SLTT law enforcement and correctional agencies.
Raw sensor data means unprocessed or minimally processed data
generated by C-UAS detection or mitigation systems, including radio
frequency signal captures, waveform recordings, radar returns, optical
and infrared imagery, acoustic signatures, full sensor logs, and system
telemetry. Whether a particular item of raw sensor data constitutes a
control communication, and is therefore a record of communications
subject to the retention limit of Sec. 124.14, is determined by its
function.
RF-emitting C-UAS system means any C-UAS system that, when employed
for detection or mitigation purposes, actively transmits radio
frequency energy to detect, disrupt, disable, or seize control of a UAS
or unmanned aircraft. This includes systems employing technologies for
detection-only purposes, such as radars that transmit radio frequency
signals, that may require a radiolocation service license to be issued
from the Federal Communications Commission, and mitigation systems that
employ radio frequency jamming (broadband or protocol-specific
disruption of command-and-control links, video downlinks, or navigation
signals) and radio frequency protocol manipulation (command injection
or cyber takeover of control signals).
SLTT law enforcement agency has the meaning given in section
8606(c)(1) of the SAFER SKIES Act.
Special Event Assessment Rating means a rating assigned to an event
under the special event assessment process administered by the
Department of Homeland Security, or the equivalent rating under any
successor event rating system.
Sec. 124.3 Scope of authority and mitigation standards.
(a) Scope of authority. An SLTT law enforcement or correctional
agency exercising authority under 6 U.S.C. 124n(a)(2) may take actions
described in 6 U.S.C. 124n(b)(1), which generally include detection,
warning, and mitigation, that are necessary to address or eliminate a
credible threat that a UAS or unmanned aircraft poses to the safety or
security of people, a facility, or an asset; a venue or set of venues
used for large-scale public gatherings or events; critical
infrastructure; or a correctional facility. These statutory categories
are functional and are not a prescribed list of property types. The
determination of whether a specific property falls within these
categories is made by the agency's Agency Approving Official,
consistent with this part and 6 U.S.C. 124n. No ``covered facility or
asset'' designation under 6 U.S.C. 124n(l)(3) is required for SLTT law
enforcement or correctional agency operations; however, a risk-based
assessment is required as part of the Operations Plan, as outlined in
Sec. 124.8. Whether the property falls within a section 124n(a)(2)
category is a separate question from the credible threat determination.
The credible threat determination required by paragraph (b) of this
section must be made before any mitigation action.
(b) Credible threat determination for mitigation actions. Before
taking any mitigation action, personnel must reasonably determine,
under the totality of the circumstances, that a credible threat exists,
as defined in Sec. 124.2. The determination must be made in real time
by the certified and trained personnel closest to the operational
situation and documented as part of the post-operation report required
by Sec. 124.13. An established pattern of unauthorized UAS activity at
a specific location is relevant to the totality of the circumstances
and may, in combination with a contemporaneous indicator--including,
for example, a new detection event at the same location during a period
consistent with the established pattern--support a credible threat
determination. A contemporaneous indicator need not independently
establish a threat. Considered with the totality of the circumstances,
which may include an established pattern of unauthorized UAS activity,
an intelligence indicator, or other contextual information, the
contemporaneous indicator must provide a present-tense basis for
concluding that the specific aircraft at issue poses a current risk.
This operational standard governs individual mitigation decisions by
authorized personnel in the application of reasonable force under the
totality of the circumstances and does not limit the information or
analysis that may be considered at the approval level in determining
whether to authorize a C-UAS operation for a specific event or
facility.
(c) Proportionality. Mitigation actions must be proportionate to
the credible threat identified. Personnel must employ the least
disruptive effective
[[Page 41502]]
means of mitigation available under the totality of the circumstances.
If equipment is available and time permits, a warning to the remote
pilot-in-command should precede any mitigation action. Before taking
any mitigation action that may result in the disabling, damage, or
destruction of an unmanned aircraft, personnel must consider whether
the threat posed by the UAS outweighs the risk of collateral harm to
public safety. A mitigation action that creates a greater risk to
public safety than the threat it is intended to address is not
proportionate and must not be taken. Where a non-mitigation measure is
sufficient to eliminate the threat, seizure or destruction of the
aircraft should be avoided when feasible. The risk of collateral harm
to public safety includes the risk of falling debris, damage to persons
or property on the ground, disruption to communications systems, and
risks to aviation safety, civilian aviation and aerospace operations,
aircraft airworthiness, or the use of the airspace.
(d) Protective purpose limitation. The authority of 6 U.S.C.
124n(a)(2) is limited to the protection of people, facilities, and
assets; a venue or set of venues used for large-scale public gatherings
or events; critical infrastructure; and correctional facilities from
credible threats posed by unmanned aircraft and UAS. C-UAS authority
under this part may not be exercised for the sole purpose of collecting
evidence for criminal prosecution or as a substitute for the authority
provided by chapter 119 or 206 of title 18, United States Code.
Evidence obtained incidental to lawful protective C-UAS operations may
be used in subsequent criminal proceedings consistent with applicable
law.
(e) Mitigation operator requirement. (1) The person who takes a
mitigation action, including activating an RF-emitting system,
executing a cyber-based takeover, or otherwise causing a C-UAS system
to affect or otherwise impact the flight, control, or communications of
a UAS or unmanned aircraft, must hold a current Mitigation
Certification covering the technology category being employed, and must
possess a valid 14 CFR part 107 remote pilot certificate. This
requirement is not satisfied by supervision of an uncertified person by
a certified operator; the certified operator must be the individual who
directly executes the mitigation command or function.
(2) Support functions that do not involve the initiation of
mitigation actions, such as detection system monitoring, threat triage
and prioritization, ground intercept team dispatch, communications, and
administrative functions, do not require Mitigation Certification, but
must be performed by personnel trained in accordance with the agency's
implementation policy and, where the support function involves
operation of systems requiring the authority of 6 U.S.C. 124n(a)(2) or
the relief it provides from certain laws, by personnel holding a
current Detection and Warning Certification.
(3) For operations involving multiple personnel performing distinct
roles, the agency's implementation policy must define the roles and
responsibilities of each position, identify which positions require
Mitigation Certification, and which require Detection and Warning
Certification only, and establish the communication and concurrence
procedures between the mitigation operator and other personnel.
(f) Independent professional judgment. (1) The certified mitigation
operator retains independent professional judgment on whether to
initiate a mitigation action.
(2) A supervisor, commander, or other official, regardless of rank,
may provide operational direction, tactical context, and coordination
guidance to the operator, and may direct the operator to withhold or
cease mitigation when broader operational considerations warrant.
(3) A supervisor, commander, or other official may not direct a
certified operator to initiate a mitigation action when the operator
has determined that the credible threat standard is not met or that the
proportionality requirement of paragraph (c) of this section is not
satisfied.
(4) The agency's implementation policy must address the chain of
command for mitigation decisions and must make clear that non-certified
personnel, regardless of rank, may not direct mitigation actions that
override the certified operator's professional judgment on whether the
conditions for mitigation are present.
(5) An operator who declines to initiate mitigation based on a
good-faith professional determination that the conditions for
mitigation are not met may not be subjected to adverse employment
action for that decision.
(g) Airspace awareness. (1) For operations where known authorized
manned or unmanned aviation is operating or anticipated in or near the
area of operations, the agency's implementation policy or C-UAS
Operations Plan must designate a person or position responsible for
maintaining real-time awareness of known authorized aviation within the
operational area and for ensuring that this information is communicated
to personnel authorized to initiate mitigation actions before any
mitigation is executed. For purposes of this paragraph, known
authorized aviation means any manned or unmanned aircraft that has been
identified in the C-UAS Operations Plan, communicated to the C-UAS team
during the operation, or otherwise confirmed as lawfully operating in
or near the area of operations. The designated person, or the
individual filling the designated position, must have the ability to
communicate directly with the mitigation operator. No mitigation action
may be initiated without reasonable efforts to confirm that the target
is not a known authorized aircraft.
(2) The scope and formality of this role must be commensurate with
the complexity of the aviation environment. For operations with minimal
or no known authorized aviation, this role may be performed as an
additional duty by the certified operator or other command post
personnel; for operations with significant aviation activity, the
agency must designate a dedicated individual with airspace awareness
and coordination responsibilities. When a target cannot be correlated
with any known, authorized aircraft and meets the credible threat
standard, mitigation may proceed.
Sec. 124.4 Authorized personnel, contractors, and mutual aid.
(a) Officers and employees. The authority provided by 6 U.S.C.
124n(a)(2) may be exercised only by SLTT law enforcement or
correctional agency personnel. No SLTT law enforcement or correctional
agency may delegate or transfer the exercise of C-UAS mitigation
authority to any person or entity that is not an officer or employee of
the agency.
(b) Prohibition on contractor exercise. Contractors may provide
technical support, system maintenance, and training assistance, but may
not operate C-UAS mitigation systems, make credible threat
determinations, or execute mitigation actions. An arrangement in which
a contractor exercises de facto operational control of a C-UAS
mitigation system during an operation, including an arrangement
described as a turnkey, managed service, or operator-provided C-UAS
service, constitutes an unauthorized delegation of authority and is
grounds for suspension of accreditation or certification under Sec.
124.5(i). Detection services that do not require the
[[Page 41503]]
authority of the Act or the relief it provides from certain laws may be
provided by contractors.
(c) Mutual aid and regional C-UAS support. (1) An SLTT law
enforcement or correctional agency accredited under 6 U.S.C. 124n(d)(2)
may provide C-UAS support to another SLTT law enforcement or
correctional agency, including an agency that is not accredited under
this part, under a mutual aid agreement, memorandum of understanding,
request for assistance, task force arrangement, or other written
arrangement authorized by applicable State, local, Tribal, or
territorial law.
(2) When the requesting or host agency is not accredited under 6
U.S.C. 124n(d)(2), the accredited agency providing C-UAS support is the
C-UAS operating agency for purposes of this part and is responsible for
compliance with the applicable requirements of this part.
(3) Personnel of a non-accredited requesting or host agency may
support the operation through ordinary law enforcement, correctional,
public safety, evidence-handling, perimeter-security, ground-intercept,
evacuation, traffic-control, or incident-command functions. Such
personnel may not exercise C-UAS authority under 6 U.S.C. 124n(a)(2),
operate systems whose operation requires the authority of or relief
from certain laws under 6 U.S.C. 124n, make a credible-threat
determination, or initiate any mitigation action, unless those
personnel independently satisfy the requirements of this part, hold the
applicable certification under Sec. 124.5, and are expressly
designated in the accredited C-UAS operating agency's C-UAS Operations
Plan to perform that function. Personnel so designated operate under
that agency's implementation policy, Agency Approving Official
approval, supervision, and compliance responsibility. An individual
certification does not, by itself, authorize personnel to exercise 6
U.S.C. 124n(a)(2) authority, and this designation must be established
in advance through the C-UAS Operations Plan and the mutual-aid
arrangement under paragraph (c)(4) of this section.
(4) The written mutual aid arrangement must identify the requesting
or host agency, the accredited agency providing C-UAS support, the
legal basis for the accredited agency's personnel to operate in the
host jurisdiction, the allocation of operational responsibilities, and
the handling of C-UAS-derived information consistent with Sec. Sec.
124.14 and 124.15.
(5) For multi-jurisdictional operations, the participating agencies
must identify a lead C-UAS agency for tactical C-UAS coordination. The
lead C-UAS agency must be an accredited agency unless the operation is
conducted under Federal authority pursuant to Sec. 124.19. A non-
accredited requesting or host agency may serve as the lead public
safety, law enforcement, correctional, or incident-command agency for
the overall event or incident, but may not serve as the lead C-UAS
agency unless accredited under this part.
(6) An accredited agency may enter into standing regional, county,
statewide, or other multi-jurisdictional arrangements to provide
recurring or on-call C-UAS support to non-accredited agencies. A
standing arrangement does not itself authorize a mitigation operation;
each mitigation operation remains subject to the applicable
requirements of this part.
(7) Nothing in this part requires a small, rural, or otherwise
resource-limited SLTT law enforcement or correctional agency to acquire
C-UAS equipment, obtain accreditation, or establish an independent C-
UAS program in order to receive C-UAS support from an accredited
agency.
(d) Anti-circumvention. (1) No SLTT law enforcement or correctional
agency, officer, employee, contractor, vendor, or other person may
structure or use a mutual aid, regional support, managed-service,
technical-support, or other arrangement to evade the requirements of
this part.
(2) Prohibited circumvention includes using an accredited agency as
a nominal sponsor while a non-accredited agency, contractor, vendor, or
other entity exercises de facto operational control of C-UAS activity
requiring the authority of or relief from certain laws under 6 U.S.C.
124n; allowing personnel who lack the certifications required by Sec.
124.5 to exercise C-UAS authority; using systems outside the
requirements of Sec. 124.7; avoiding the coordination, reporting,
privacy, sensitive-information, or compliance requirements of this
part; or acquiring third-party intercepted communications in a manner
inconsistent with Sec. 124.14(i).
(3) A mutual aid, regional support, statewide support, county
support, or multi-jurisdictional C-UAS arrangement is not circumvention
merely because the requesting or host agency is not accredited,
provided that the C-UAS operating agency is accredited, the personnel
exercising C-UAS authority hold the required certifications, and the
operation is conducted in compliance with this part.
Sec. 124.5 Training and certification.
(a) Training and certification structure. This section establishes
the training and certification structure implementing the requirements
of 6 U.S.C. 124n(d)(2)(A). Detection and Warning Certification governs
training for detection and warning operations under 6 U.S.C.
124n(b)(1)(A) and (B). Mitigation Certification governs training and
certification for mitigation operations under 6 U.S.C. 124n(b)(1)(C),
(D), and (F). A current Detection and Warning Certification is a
prerequisite both for initial enrollment in the mitigation training
course and for mitigation recertification.
(b) Agency implementation policy. Before conducting any operations
under this part, an SLTT law enforcement or correctional agency must
adopt an agency implementation policy or detection and warning policy
and complete the portal attestation in accordance with Sec. 124.6, and
must authorize each operation by a C-UAS Operations Plan in accordance
with Sec. 124.8, consistent with the other requirements and
obligations of this part and applicable laws and policies.
(c) Detection and Warning Certification. The Attorney General,
acting through the Director of the Federal Bureau of Investigation,
will develop and maintain through the NCUTC an online training
curriculum for detection and warning operations, accessible through a
secure web-based training portal. The curriculum includes the
confiscation authority of 6 U.S.C. 124n(b)(1)(E), evidence
preservation, and chain of custody. Only those personnel who have
completed the curriculum and passed the post-course assessment may
exercise the authorities described in 6 U.S.C. 124n(b)(1)(A), (B), and
(E). Upon successful completion, the NCUTC training portal
automatically issues a Detection and Warning Certification. Detection
and Warning Certification is issued only by the NCUTC, and detection
and warning training or certification obtained from another agency or a
private entity does not satisfy this requirement. Detection and warning
activity conducted using systems that do not require the authority of 6
U.S.C. 124n is not subject to this requirement. Upon successful
completion, the training portal records the individual's name, agency,
date of completion, and certification status in the NCUTC certification
database, which is the system of record for all certifications issued
under this section. Each agency must maintain a roster of
[[Page 41504]]
its certified personnel drawn from the NCUTC certification database and
must verify the certification status of personnel assigned to C-UAS
operations. Vendor-specific and system-level operator training is the
responsibility of each agency through its own training procedures and
is not part of the detection and warning curriculum.
(d) Mitigation training and certification. (1) The Attorney
General, acting through the Director of the Federal Bureau of
Investigation, designates the NCUTC as the national schoolhouse and
sole certifying authority for personnel exercising mitigation
authorities under 6 U.S.C. 124n(b)(1)(C), (D), and (F), as required by
6 U.S.C. 124n(d)(2)(A)(i). Only personnel who hold a valid Mitigation
Certification may exercise these authorities. The NCUTC mitigation
training program consists of the mitigation training course and such
advanced and supplemental courses as the Attorney General, acting
through the Director of the Federal Bureau of Investigation, approves.
Each course is evaluated on a pass or fail basis and requires
demonstrated proficiency in each mitigation technology category it
covers; a person who does not demonstrate proficiency in each category
does not pass that course. A person obtains Mitigation Certification by
passing the mitigation training course and may extend the scope of that
certification to additional mitigation technology categories by passing
an advanced or supplemental course covering those additional
categories. Failure to pass a particular advanced or supplemental
course does not affect the scope of a certification already held.
(2) A person who holds a current Mitigation Certification under
this paragraph (d) may conduct mitigation operations at a correctional
facility. An abbreviated Correctional Mitigation Certification, limited
to correctional-facility operations, is available for personnel who
will operate only at correctional facilities.
(3) The mitigation training course under this paragraph is
delivered at the NCUTC. The Attorney General, acting through the
Director of the Federal Bureau of Investigation, may authorize the
Federal Law Enforcement Training Centers or another qualified Federal
training provider to deliver the mitigation training course at one or
more additional sites, provided the NCUTC retains approval authority
over curriculum and standards, exercises oversight of the delivery, and
issues all certifications upon verified completion. Any such
authorization is at the sole discretion of the Attorney General, acting
through the Director, confers no entitlement on any agency or training
provider, and may be modified or withdrawn at any time.
(e) Correctional mitigation training and certification. The NCUTC
offers an abbreviated Correctional Mitigation Certification for
personnel who will conduct mitigation operations only at correctional
facilities. The correctional course of instruction is shorter than the
mitigation training course under paragraph (d) of this section because
the fixed perimeter and persistent-threat environment of a correctional
facility reduce the operational setup and mission-planning instruction
required. The correctional course of instruction addresses the
persistent-threat environment, perimeter operations, and the legal and
safety considerations of correctional settings. A person who holds only
the Correctional Mitigation Certification may conduct mitigation
operations at a correctional facility but may not conduct other
mitigation operations under this part. The NCUTC may arrange for the
Federal Law Enforcement Training Centers or another qualified training
provider to deliver the correctional curriculum, provided the NCUTC
retains approval authority over curriculum and standards, exercises
oversight of the delivery, and issues all certifications upon verified
completion.
(f) Training standards. The mitigation training course, as
administered by the NCUTC, will include instruction on the legal,
operational, and technological aspects of C-UAS operations as required
by section 8606(b)(1) of the SAFER SKIES Act, including FAA
coordination and airspace procedures, spectrum coordination
requirements, real-time air traffic control notification procedures,
FBI and DHS notification requirements, and the operational use of
authorized mitigation technologies. The Attorney General, in
coordination with the Secretary of Homeland Security, the Secretary of
Defense, the Secretary of Transportation, and the Administrator of the
Federal Aviation Administration, will approve training program
standards and may approve additional courses of instruction for
specialized C-UAS operations. The mitigation training course must
include scenario-based instruction on the application of the credible
threat standard.
(g) Eligible personnel. Personnel eligible for Mitigation
Certification or Detection and Warning Certification must have assigned
duties that include the security or protection of people, facilities,
or assets, as specified in 6 U.S.C. 124n(a)(2), and must be officers or
employees of an SLTT law enforcement or correctional agency accredited
by the Attorney General acting through the Director of the Federal
Bureau of Investigation. The NCUTC, under the authority of the Attorney
General, may establish additional attendance prerequisites.
(h) Sufficiency of certification. Successful completion of the
applicable training requirement, combined with the use of systems
within technology categories on the Authorized Technologies List and
specific systems on the Authorized Systems List where populated, and
compliance with the requirements of this part, satisfies the training
and certification prerequisites of 6 U.S.C. 124n(d)(2)(A) for the
exercise of the corresponding authorities under 6 U.S.C. 124n(a)(2).
(i) Suspension. The Attorney General, acting through the Director
of the Federal Bureau of Investigation or the Director's designee, may
suspend the Mitigation Certification or Detection and Warning
Certification of any individual, or the accreditation of any SLTT law
enforcement or correctional agency, for failure to comply with the
requirements of this part, violation of the conditions of
certification, or for any conduct that demonstrates unfitness to
exercise C-UAS authority. Suspension of a certification or
accreditation under this section is distinct from suspension of C-UAS
authority by the Attorney General or the Secretary of Homeland Security
under section 8605(f) of the SAFER SKIES Act, which is addressed in
Sec. 124.16. Neither a suspension of certification under this section
nor an enforcement action against an individual under section 8605(f)
of the SAFER SKIES Act prevents or bars the responsible agency from
taking any additional actions it deems necessary to address the
circumstances that led to suspension or enforcement action by the
Attorney General or designee.
(j) Suspension notice. A suspension will be communicated in writing
and will specify the basis for the action and any available remedial
steps. The suspension notice must include the factual basis for the
action in sufficient detail to enable the affected individual or agency
to respond. In exigent circumstances, the Director of the Federal
Bureau of Investigation or the Director's designee may immediately
suspend a certification or accreditation pending administrative review
without the requisite written notice when continued exercise of C-UAS
authority poses a risk to aviation safety, public safety, or national
security. In such cases, the Director or the Director's
[[Page 41505]]
designee must provide the requisite notice within 3 days of the
suspension.
(k) Administrative review. An individual or agency that receives a
suspension notice may request administrative review within 30 calendar
days of receipt. The Attorney General, acting through the Director of
the Federal Bureau of Investigation, will designate a reviewing
official of the Department of Justice who did not participate in or
supervise the initial decision. The affected party may submit
documentary evidence and written witness statements in support of its
response. The reviewing official will consider the written submissions
of both parties, may conduct an informal hearing at the reviewing
official's discretion, and will issue a written determination within 60
calendar days of receipt of the request, stating the factual findings
and the basis for the determination. The reviewing official may affirm
the action, modify its terms, impose conditions for reinstatement, or
reverse the action. A suspension that is affirmed remains in effect
until reinstatement under paragraph (m) of this section or the
expiration of the suspended certification or accreditation, whichever
occurs first.
(l) Conditions. The Attorney General, acting through the Director
of the Federal Bureau of Investigation, may issue a certification or
accreditation subject to conditions, and may modify the conditions of a
certification or accreditation, consistent with the standards and
procedures applicable to suspension under this section.
(m) Reinstatement. An individual or agency whose certification or
accreditation has been suspended may apply for reinstatement after
completing the remedial steps specified in the suspension notice or the
reviewing official's determination. An individual Mitigation
Certification may alternatively be reinstated upon the successful
recompletion of the full mitigation training course.
(n) Transition for previously trained personnel. Personnel holding
a Mitigation Certification issued by the NCUTC before the effective
date of this part must complete the detection and warning curriculum
under paragraph (c) of this section by September 29, 2026. During that
period, the Mitigation Certification remains valid, and the Detection
and Warning Certification prerequisite for Mitigation Certification is
deemed satisfied. An agency's accreditation is not affected while its
personnel complete the curriculum during the transition period.
Sec. 124.6 Agency implementation policy.
(a) Requirement. Before conducting any operations under this part,
each SLTT law enforcement or correctional agency must adopt and
maintain an agency implementation policy governing the exercise of
authority under 6 U.S.C. 124n(a)(2). The agency implementation policy
is comprehensive. It governs all operations the agency conducts under
this part, including detection and warning operations, and it addresses
the detection and warning matters listed in paragraph (g) of this
section. An agency that adopts and maintains an agency implementation
policy under this paragraph is not required to adopt a separate policy
under paragraph (g) of this section. An agency that conducts only
detection and warning operations may instead adopt the abbreviated
policy under paragraph (g) of this section. The agency implementation
policy must, at a minimum:
(1) Designate an Agency Approving Official meeting the requirements
of Sec. 124.2;
(2) Designate the personnel authorized to exercise C-UAS authority
and describe the recurrent training requirements applicable to such
personnel;
(3) Establish procedures consistent with Sec. 124.14 for the
handling, retention, and dissemination of data acquired during C-UAS
operations, including written anonymization standards specifying the
aggregation thresholds, identifier suppression, and re-identification
risk assessment used to qualify a data product as pattern data;
(4) Include provisions for public notification regarding the
potential use of C-UAS authority within the agency's jurisdiction;
(5) Ensure compliance with the requirements of this part; and
(6) Detail standing tactical procedures governing the execution of
C-UAS operations, including engagement protocols that account for the
risk to persons and property on the surface and in the air before
engagement, escalation procedures, use of force considerations, ground
intercept team procedures, render safe procedures, evidence collection
and chain-of-custody procedures, communications procedures, system
operating procedures, data handling and purge procedures consistent
with the retention requirements of this part, operation plan
requirements, and post-operation procedures that incorporate data purge
verification.
(b) Legal counsel review. The implementation policy must be
reviewed and concurred in by the agency's legal counsel before adoption
and upon each annual renewal. The review must specifically address the
privacy and civil liberties requirements of this part, including the
data retention, minimization, and dissemination provisions, and the
interplay of proposed C-UAS operations and implementing policies with
applicable State, local, Tribal, or territorial law. For an agency that
has a designated official responsible for the agency's privacy and
civil liberties compliance, regardless of title, the implementation
policy must also be reviewed by that official.
(c) Alternative certification for agencies without in-house
counsel. For an agency without in-house counsel, the review required by
paragraph (b) of this section may alternatively be satisfied by review
and certification by a State, local, territorial, or Tribal attorney's
office that the implementation policy addresses each element required
by paragraph (a) of this section. An agency obtaining a certification
under this paragraph (c) must document the basis for using this
paragraph (c). Certification pursuant to this paragraph (c) does not
relieve the agency of any compliance obligation under this part.
(d) Portal attestation. Upon adoption of the implementation policy,
the agency head or designee must certify compliance through the Federal
C-UAS coordination portal by attesting that the agency has adopted an
implementation policy addressing each element required by paragraph (a)
of this section. The portal records the certifying official, agency,
and date of attestation. The implementation policy is not subject to
pre-approval by the NCUTC. The NCUTC retains authority to audit
implementation policies and to suspend certification or accreditation
under Sec. 124.5. The attestation must be renewed annually.
(e) Retention and availability. The agency must retain the
implementation policy and make it available to the Attorney General or
the Secretary of Homeland Security, or their designee, upon request,
including during compliance audits under Sec. 124.16.
(f) Operating without attestation. An agency that conducts
operations under this part without a current portal attestation is in
violation of this part, and the absence of an attestation constitutes
grounds for compliance action under Sec. 124.16.
(g) Detection and warning policy. An SLTT law enforcement or
correctional agency that conducts only detection and warning operations
requiring the authority of, or the relief from certain laws provided
by, 6 U.S.C. 124n may adopt a detection and warning policy in
[[Page 41506]]
lieu of the implementation policy required by paragraph (a) of this
section. A detection and warning policy must satisfy the requirements
of this section, except that it need not include the standing tactical
procedures of paragraph (a)(6) of this section. The agency must
designate an Agency Approving Official under paragraph (a)(1) of this
section and complete the portal attestation under paragraph (d) of this
section, which must be renewed annually. For purposes of that
attestation, a detection and warning policy need address only the
elements of paragraph (a) of this section that apply to detection and
warning operations.
Sec. 124.7 Authorized technologies.
(a) Two-list authorization framework. The technology authorization
framework consists of two complementary lists. The Authorized
Technologies List identifies the technology categories authorized for
SLTT law enforcement and correctional agency C-UAS operations. The
Authorized Systems List identifies specific systems, at the make and
model level, that have completed interagency evaluation within those
technology categories and stated operating restrictions. Both lists are
maintained jointly by the Department of Justice, the Department of
Homeland Security, the Department of Defense, the Department of
Transportation and Federal Aviation Administration, the Federal
Communications Commission, and the National Telecommunications and
Information Administration, consistent with 6 U.S.C. 124n(d)(2)(A)(iii)
and section 8606(a)(4) of the SAFER SKIES Act.
(b) General requirement. An SLTT law enforcement or correctional
agency exercising authority under 6 U.S.C. 124n(a)(2) may deploy only
systems within technology categories listed on the Authorized
Technologies List. When the Authorized Systems List has been populated
for a given technology category, the agency may deploy only specific
systems listed on the Authorized Systems List within that category,
subject to the advance coordination requirements of Sec. 124.9. For
technology categories on the Authorized Technologies List for which the
Authorized Systems List has not yet been populated, the agency may
deploy specific systems within those categories provided that an
operator holds Mitigation Certification covering that technology
category and has completed manufacturer or vendor training on the
specific system to be deployed, subject to the advance coordination
requirements of Sec. 124.9.
(c) Scope of the list requirement. When operating under the
authorities or statutory reliefs in 6 U.S.C. 124n(a)(2), SLTT law
enforcement or correctional agencies may employ only listed technology
categories, and, where the Authorized Systems List is populated, listed
systems. Technology that an SLTT law enforcement or correctional agency
may lawfully employ without the authorities or reliefs provided by 6
U.S.C. 124n(a)(2) is not subject to the requirements of this section
and remains available to agencies on the same basis as before the SAFER
SKIES Act. The detection and warning training curriculum will address
the distinction between technology categories subject to and not
subject to this section.
(d) Mitigation technology and training alignment. An SLTT law
enforcement or correctional agency may employ mitigation systems only
in those technology categories covered by the NCUTC mitigation courses
completed by its mitigation-certified personnel. NCUTC may create an
additional mitigation module covering the technology category when a
new technology category is added to the Authorized Technologies List.
Mitigation-certified personnel who completed the NCUTC mitigation
course prior to the addition of this new content must successfully
complete additional NCUTC training on the new technology category prior
to using any system on the Authorized Systems List under that category.
(e) Scope of interception authority. Systems may be used to
intercept communications to or from an unmanned aircraft or UAS only to
the extent necessary to support an action described in 6 U.S.C.
124n(b)(1). Any interception, acquisition, maintenance, use of, or
access to communications to or from an unmanned aircraft or UAS under
this section must be conducted in a manner consistent with the First
and Fourth Amendments to the Constitution of the United States and
applicable provisions of Federal law.
(f) Maintenance of the lists. The Authorized Technologies List and
Authorized Systems List, including the criteria and procedures for
evaluating, listing, renewing, suspending, and removing technology
categories and systems, are established and maintained through the
interagency process described in 6 U.S.C. 124n(d)(2)(A)(iii) and
section 8606(a)(4) of the SAFER SKIES Act. The Authorized Systems List
is updated by that interagency process and published on the designated
interagency C-UAS portal. Each RF-emitting system listed on the
Authorized Systems List will have completed a system-level spectrum
evaluation through the interagency process before listing, addressing
potential interference with non-Federal spectrum users, compatibility
with Federal spectrum users, and potential interference with aviation
safety systems. System-level evaluations are reviewed and renewed at
intervals determined through the interagency process and upon any
system change to its operating capabilities, functions, radio frequency
characteristics, or power levels that may alter its radio frequency
characteristics, capabilities, functions, or assessed configurations.
Minor updates that do not alter a system's performance, capabilities,
functions, radio frequency characteristics, or assessed configurations
do not require renewed evaluation.
(g) Emergency suspension. Upon receipt of an emergency suspension
notice issued through the interagency process for the Authorized
Technologies List and Authorized Systems List, an SLTT law enforcement
or correctional agency must immediately cease deployment of the
affected system or technology category. Grounds for emergency
suspension include discovery of a critical safety defect,
identification of a supply chain compromise or cybersecurity
vulnerability, a determination that a system's radio frequency
characteristics differ materially from those evaluated during spectrum
evaluation, or a finding by any agency participating in the interagency
process that continued deployment poses an unacceptable risk. The SLTT
law enforcement or correctional agency may not resume deployment of the
affected system or technology category until the suspension is lifted
or the system or category is restored to the applicable list, and the
agency must comply with any conditions attached to the lifting of the
suspension or the restoration of the system or category to the
applicable list.
Sec. 124.8 C-UAS Operations Plan.
(a) Requirement and function. Each mitigation operation, and each
detection and warning operation conducted under this part using systems
that require the authority of, or relief from certain laws under, 6
U.S.C. 124n, must be authorized by a C-UAS Operations Plan signed by
the agency's Agency Approving Official. Section 124.12 sets out the
conditions specific to detection and warning operations. The signed C-
UAS Operations Plan is the instrument authorizing the operation on
behalf of
[[Page 41507]]
the SLTT law enforcement or correctional agency and certifies that the
operation is consistent with the agency's implementation or detection
and warning policy, that the operators are agency personnel who hold
the required training and certification, and that the risk-based
assessment factors of paragraph (e) of this section have been
addressed. The agency may not commence mitigation operations until both
the advance coordination process under Sec. 124.9 and the signed C-UAS
Operations Plan are complete.
(b) Legal counsel certification. The C-UAS Operations Plan must
include a certification by the agency's legal counsel or, for an agency
without in-house counsel, the applicable prosecuting authority, that
the plan has been reviewed for legal sufficiency. The certification may
take the form of a signature block, stamp, or attestation on the plan.
(c) Form. The C-UAS Operations Plan must be prepared on the
standardized form prescribed by the Attorney General. The form is
structured to use short-answer fields, selection-based fields, and map
or diagram attachments, and does not require narrative legal analysis
or repetition of standing procedures addressed in the agency's
implementation policy. The form may use conditional fields keyed to the
type of operation, so that each operation completes only the fields
applicable to it; for a detection and warning operation, the fields
specific to mitigation, such as mitigation-system parameters and render
safe planning, do not apply.
(d) Content. The C-UAS Operations Plan must address, at a minimum
and to the extent applicable to the operation:
(1) Operation identification, including the submitting agency,
points of contact, the Agency Approving Official, the operation type,
planned dates, geographic location, venue type, any Special Event
Assessment Rating or National Special Security Event designation, and
the identification of any mutual aid agencies;
(2) Systems and airspace, including the systems to be deployed by
reference to the Authorized Systems List or Authorized Technologies
List category; a description of each system's configuration and the
hardware version, firmware revision, and software version of each
system as deployed; RF-emitting system parameters; class of airspace;
and anticipated flight restrictions;
(3) Coordination confirmation, including operator certification
status, compliance with the agency implementation policy, the legal
counsel certification, and compliance with the privacy and civil
liberties requirements of this part; and
(4) Operational planning elements, including deployment
configuration and spectrum deconfliction, personnel and team
assignments, render safe and contingency planning, known authorized
manned and unmanned aviation and deconfliction processes and
procedures, communications, investigative response and data handling,
and demobilization.
(e) Risk-based assessment. The C-UAS Operations Plan must address
the following factors: potential impacts to aviation safety, civilian
aviation and aerospace operations, aircraft airworthiness, or the use
of the airspace; procedures to comply with any technical and siting
limitations; options for mitigating identified potential impacts;
potential consequences if potential impacts are not mitigated; the
ability to provide reasonable advance notice to aircraft operators of
both manned and unmanned aircraft; the setting and character of the
facility or asset; for National Special Security Events and Special
Event Assessment Rating events, the event characteristics; and the
potential consequences to public safety if UAS threats are not
mitigated. For National Special Security Events and Special Event
Assessment Rating events, a plan that identifies the systems, airspace
environment, and coordination elements from which the assessment can be
derived satisfies this paragraph without separately addressing each
factor in narrative form. Nothing in this part may be interpreted as
limiting the authority of the Administrator of the Federal Aviation
Administration to manage the navigable airspace, assess potential
aviation safety risks, and implement such mitigations as the
Administrator determines appropriate.
(f) Timing and submission. The C-UAS Operations Plan must be
completed before the commencement of operations and submitted to the
Federal Bureau of Investigation and Department of Homeland Security
through the designated Federal C-UAS coordination portal as a
supplement to the advance notification not fewer than 7 calendar days
before the commencement of operations, or as early as practicable when
the applicable notification timeline does not permit 7 calendar days.
For a detection and warning operation that is not subject to the
advance notification requirement of Sec. 124.9, the C-UAS Operations
Plan must be submitted through the designated Federal C-UAS
coordination portal before the commencement of operations, for
situational awareness and recordkeeping; such submission is not an
advance notification under Sec. 124.9 and does not trigger Federal
Aviation Administration or Federal Communications Commission
coordination. The plan may be updated after submission to reflect
changes resulting from Federal Aviation Administration or Federal
Communications Commission coordination. Material updates must be
resubmitted promptly. Federal Aviation Administration and Federal
Communications Commission coordination is valid for the system
configuration and the firmware and software version coordinated for the
operation. A change in configuration, firmware, or software version
does not require re-coordination if it does not materially change the
system's radio frequency emission characteristics, its operating
frequencies and power levels, or other factors potentially impacting
aviation safety from those previously coordinated. A change that would
operate outside the frequencies or power levels coordinated for the
operation requires re-coordination before deployment; a summary of the
change must be provided to the Federal Aviation Administration and
Federal Communications Commission to determine if re-coordination is
necessary. The Federal Aviation Administration and the Federal
Communications Commission may identify by guidance categories of
configuration, firmware, or software changes that are deemed to
materially affect radio frequency emission characteristics and require
re-coordination. Federal review of the C-UAS Operations Plan is for
deconfliction and situational awareness purposes and does not
constitute approval or disapproval of the operation. For an event,
area, or period in which a high volume of simultaneous operations is
anticipated, the Federal Bureau of Investigation, in coordination with
the Federal Aviation Administration, may establish an earlier
submission deadline for affected operations and will communicate that
deadline to affected agencies in advance through the designated portal
or the lead C-UAS agency.
(g) Relationship to implementation policy. The C-UAS Operations
Plan is an event-specific or operation-specific document. Standing
tactical procedures required by Sec. 124.6(a) must be addressed in the
agency's implementation policy, and the C-UAS Operations Plan must
reference the implementation policy by title and version rather than
repeating standing procedures.
[[Page 41508]]
(h) Operational windows. (1) An individual C-UAS Operations Plan
may authorize operations for a period not to exceed 30 consecutive
calendar days, except as provided in paragraph (h)(2) of this section.
For operations requiring a longer duration, the agency must submit a
renewal plan before the expiration of the current operational window;
the renewal plan may incorporate the prior plan by reference and
address only material changes. The agency must submit a renewal plan,
through the designated Federal C-UAS coordination portal under Sec.
124.8(f), before the expiration of the current operational window.
(2) For fixed-site facilities for which SLTT law enforcement and
correctional agencies conduct ongoing persistent-protection operations,
including correctional facilities, critical infrastructure sites, other
permanent facilities with a continuing C-UAS mission, and venues where
the agency expects to provide recurring C-UAS coverage within the
authorization period, the Agency Approving Official may authorize a
standing operational window of up to 365 calendar days, renewable upon
submission of a renewal plan. The advance notification for a standing
operational window must specify the venue and anticipated events or
coverage periods; for a detection and warning operation not subject to
the advance notification requirement of Sec. 124.9, the C-UAS
Operations Plan must specify the venue, the area covered, which may be
stated as a radius around the site, and the anticipated coverage
periods. Material changes, including a new event, new systems, or a
changed threat environment, require an update to the advance
notification under Sec. 124.9(a) or, for such a detection and warning
operation, an updated C-UAS Operations Plan. Federal coordination
requirements continue to apply to each event within a standing window,
including lead C-UAS agency coordination under Sec. 124.10 and per-
event coordination among the Department of Transportation, the Federal
Aviation Administration, and the Federal Communications Commission.
(3) No C-UAS Operations Plan may authorize an indefinite or open-
ended operational window.
Sec. 124.9 Advance coordination, notification, and authorization.
(a) Advance notification. (1) Before conducting any mitigation
operation under 6 U.S.C. 124n(a)(2), an SLTT law enforcement or
correctional agency must submit an advance notification through the
designated Federal C-UAS coordination portal not fewer than 30 calendar
days before the commencement of the operational period. When 30
calendar days is not feasible, the agency must submit the advance
notification as early as the circumstances permit, with sufficient lead
time to allow the Federal Bureau of Investigation, the Department of
Homeland Security, the Department of Transportation, the Federal
Aviation Administration, and the Federal Communications Commission to
complete their respective reviews, and must include a brief explanation
of the circumstances that prevented submission within the 30-day
standard.
(2) The advance notification is a coordination document that routes
the relevant data elements to each recipient agency through a single
submission. The advance notification is not a request for approval by
the Department of Justice or the Department of Homeland Security, and
the absence of a response from the Department of Justice or the
Department of Homeland Security does not affect the agency's authority
to proceed.
(3) The advance notification must identify the submitting SLTT law
enforcement or correctional agency, the planned dates and geographic
location of the operation, the systems to be deployed by reference to
the Authorized Systems List or Authorized Technologies List category,
RF-emitting system parameters, a characterization of the airspace and
operational environment, and confirmation of operator certification
status and compliance with the agency implementation policy and the
privacy requirements of this part.
(b) C-UAS Operations Plan. Each mitigation operation must also be
authorized by a C-UAS Operations Plan in accordance with Sec. 124.8.
The agency may not commence mitigation operations until both the
advance coordination process under this section and the signed C-UAS
Operations Plan are complete. The SLTT law enforcement or correctional
agency must also submit a comparable advance notification to the State
if required by State law or policy.
(c) FBI and DHS notification and routing. The Attorney General,
through the Federal Bureau of Investigation and the Department of
Homeland Security, receives the advance notification for purposes of
deconflicting planned SLTT law enforcement or correctional agency C-UAS
operations with any ongoing or planned Federal C-UAS, law enforcement,
or national security operations. Until the portal is fully established,
an SLTT law enforcement or correctional agency must notify the Federal
Bureau of Investigation and Department of Homeland Security through a
channel designated by the Federal Bureau of Investigation and
Department of Homeland Security for that purpose.
(d) DOT/FAA coordination. Before conducting any mitigation
operation, an SLTT law enforcement or correctional agency must
coordinate with the Department of Transportation and the Federal
Aviation Administration through the coordination mechanism the Federal
Aviation Administration has designated. The agency must provide the
systems to be deployed, the geographic coordinates of each proposed
deployment and enforcement location, the expected duration of the
operation, and a characterization of the airspace environment. The
Administrator of the Federal Aviation Administration may establish such
flight restrictions as the Administrator determines necessary in his
sole discretion for reasons of aviation safety. The absence of a formal
flight restriction does not preclude mitigation action in exigent
circumstances when a credible threat exists and the requirements of
this part are otherwise satisfied.
(e) Categorical FAA determinations. The Federal Aviation
Administration may issue categorical determinations for specific
combinations of authorized technologies, geographic locations, and
airspace environments. When a proposed mitigation operation falls
within the parameters of a categorical determination by the Federal
Aviation Administration, individual case-by-case Federal Aviation
Administration coordination is not required, provided the agency
operates within the conditions specified in the determination and
notifies the Federal Aviation Administration through the Federal
Aviation Administration-designated coordination mechanism.
(f) FCC authorization. Before deploying any C-UAS system (whether
detection and warning only or mitigation) that involves the emission of
radio waves, an SLTT law enforcement or correctional agency must obtain
authorization to use that system consistent with Title III of the
Communications Act of 1934, as amended. The system must comply with any
relevant regulations, policies, and guidance administered by the
Federal Communications Commission, and an SLTT law enforcement or
correctional agency must submit a request to the Federal Communications
Commission through the advance notification process and as directed by
the Federal Communications Commission. The
[[Page 41509]]
Federal Communications Commission will also issue waivers, as
appropriate, to C-UAS equipment vendors and manufacturers to allow them
to import and sell C-UAS mitigation equipment that employs radio
frequency interdiction technologies or electronic counter measures to
authorized SLTT law enforcement and correctional agencies.
(g) Emergency exception. When a credible threat poses an imminent
risk to human life and advance coordination under this section is not
practicable, an SLTT law enforcement or correctional agency may take
mitigation action. The agency must complete the notifications required
by this section as soon as practicable, and in any event within two
hours of the action. If the mitigation action involves an RF-emitting
C-UAS system, the agency must additionally comply with the real-time
notification requirements of Sec. 124.11. Each invocation of this
exception must be documented in the post-operation report with a
specific explanation of why advance coordination was not feasible. This
exception may not be invoked as a routine alternative to advance
coordination, and a pattern of repeated invocations may result in
compliance review under Sec. 124.16, accreditation or certification
suspension, and penalties under section 8605(f) of the SAFER SKIES Act.
The compliance audit program will establish the criteria for
identifying patterns of emergency invocations that warrant review.
(h) Federal coordination. Before conducting any operation under
this part within a security or protection mission overseen by a Federal
Government entity, or within an area, facility, waterway, or other area
over which a Federal Government entity exercises a security or
protection responsibility, the agency must coordinate with that Federal
Government entity through the advance coordination process under Sec.
124.9 before conducting the operation. The Federal Aviation
Administration's general regulatory authority over the navigable
airspace does not by itself trigger this requirement; airspace safety
coordination is addressed in Sec. 124.8 and Sec. 124.11.
(i) Detection and warning operations. Detection and warning
operations that do not actively transmit radio frequency energy and do
not affect aviation safety are not subject to the advance coordination
requirements of this section.
Sec. 124.10 Interagency and lead-agency coordination.
(a) Early coordination and notice of intent. For operations in
support of National Special Security Events, events rated Special Event
Assessment Rating 1 through 3, or other events where Federal C-UAS
operations are anticipated, an SLTT law enforcement or correctional
agency should notify the local FBI field office of its intent to
provide C-UAS coverage as early as practicable and before the 30-day
advance notification standard of Sec. 124.9. The designated Federal C-
UAS coordination portal includes a notice-of-intent function that
allows an agency to register its intent to cover a future event without
completing the full advance notification. A notice of intent is
informational only and does not trigger the advance coordination
process, the Federal Aviation Administration or Federal Communications
Commission review, or any timeline obligation.
(b) Special event coordination. When the Federal Bureau of
Investigation receives an SLTT law enforcement or correctional agency
advance notification or notice of intent for an event at which Federal
C-UAS operations are also planned or under consideration, the Federal
Bureau of Investigation will present the notification to the
interagency C-UAS coordination process maintained by the Department of
Justice and the Department of Homeland Security, will serve as the
conduit for SLTT law enforcement and correctional agency equities in
that process, and will communicate the results to the SLTT law
enforcement or correctional agency, including any Federal operational
parameters or deconfliction requirements that may affect the SLTT law
enforcement or correctional agency C-UAS operation. The interagency
coordination process does not approve or disapprove SLTT law
enforcement or correctional agency C-UAS operations.
(c) Tactical coordination under a lead C-UAS agency. An SLTT law
enforcement or correctional agency conducting C-UAS operations at an
event or location for which a lead C-UAS agency has been designated
must operate under the tactical coordination of the lead C-UAS agency
for the duration of the event. Tactical coordination includes the
assignment of system deployment locations, operating frequencies,
detection and mitigation sectors, ground intercept team sectors, render
safe locations, communications channels, and risk to persons and
property on the surface or in the air. The SLTT law enforcement or
correctional agency's C-UAS Operations Plan for the event must be
developed in coordination with the lead C-UAS agency and must conform
to the lead agency's overall C-UAS operational framework for the event.
An SLTT law enforcement or correctional agency coordinating with a lead
C-UAS agency acts under its own certified authority under 6 U.S.C.
124n(a)(2); tactical coordination merely integrates the SLTT law
enforcement or correctional agency C-UAS operation into a unified C-UAS
posture. Where geographic responsibilities are divided among multiple
Federal agencies, the SLTT law enforcement or correctional agency must
coordinate with the sector-level lead Federal agency responsible for
the geographic area in which the SLTT law enforcement or correctional
agency intends to operate. Whenever Federal and SLTT operations will be
conducted at the same event, or whenever the Federal and SLTT
operations will overlap in geographic area and time, the Federal agency
will be the lead C-UAS agency. An SLTT law enforcement or correctional
agency may serve as the lead C-UAS agency only where multiple SLTT
agencies are operating in the same area and no Federal agency is
involved.
(d) Coordination required. An SLTT law enforcement or correctional
agency that does not accept tactical coordination by the designated
lead C-UAS agency may not conduct C-UAS operations, including detection
and warning operations using systems requiring the authority of and
relief from certain laws under the Act, within the geographic area and
time period covered by the lead-agency designation.
(e) Overlapping SLTT operations. When the Federal Bureau of
Investigation and Department of Homeland Security receive advance
notifications from two or more SLTT law enforcement or correctional
agencies for C-UAS operations that overlap in geographic area and time,
the Federal Bureau of Investigation and Department of Homeland Security
will notify all affected SLTT law enforcement and correctional agencies
of the overlap. The affected agencies must designate a lead C-UAS
agency for the overlapping area and time period, or establish a joint
operational coordination arrangement, before any agency commences
mitigation operations in the overlapping area. The designation or
arrangement must be documented and provided to the Federal Bureau of
Investigation and Department of Homeland Security. If the agencies
cannot reach agreement within 48 hours of the Federal Bureau of
Investigation and Department of
[[Page 41510]]
Homeland Security's notification, the Federal Bureau of Investigation
and Department of Homeland Security may designate operational
parameters for the overlapping area, including frequency deconfliction
assignments and geographic boundaries for each agency's mitigation
operations.
(f) Deconfliction direction. If the deconfliction process
identifies a conflict between a planned SLTT law enforcement or
correctional agency C-UAS operation and an ongoing or planned Federal
C-UAS, law enforcement, or national security operation that cannot be
resolved through coordination, the Department of Justice, acting
through the Federal Bureau of Investigation and in coordination with
the Department of Homeland Security, may direct the SLTT law
enforcement or correctional agency to modify the operational parameters
of, or postpone, the planned operation until the conflict is resolved.
(g) Emergency exception preserved. This section does not affect an
SLTT agency's authority to respond to an imminent risk to human life
under Sec. 124.9(g), including at an event with a designated lead C-
UAS agency; however, the agency must notify the lead C-UAS agency
immediately upon taking emergency action and must coordinate with the
lead agency as soon as practicable thereafter.
(h) The requirements in paragraphs (a) through (g) of this section
are established under the Attorney General's oversight authority
pursuant to 6 U.S.C. 124n(d)(1) and the coordination obligations of 6
U.S.C. 124n(b)(4) and (d)(3); they do not transfer or diminish the SLTT
agency's statutory authority and relief from certain laws under 6
U.S.C. 124n(a)(2).
Sec. 124.11 Real-time air traffic control notification.
(a) Notification required. Any SLTT law enforcement or correctional
agency, or its personnel, that activates a C-UAS system for mitigation
purposes must, within five minutes of activation or as soon as
operationally practicable, provide verbal or electronic notification to
the notification point designated by the Federal Aviation
Administration for real-time C-UAS coordination, using the procedures
established under paragraph (b) of this section. Detection and warning
operations do not require notification or coordination under this
section.
(b) Notification procedures. An SLTT law enforcement or
correctional agency must comply with the notification and reporting
procedures jointly established by the Department of Homeland Security,
the Department of Justice, and the Federal Aviation Administration for
real-time communication to air traffic control of C-UAS mitigation
actions using a radio frequency-emitting C-UAS system. The notification
must identify the type of C-UAS action, the time of activation, and the
location. The NCUTC will include training on these notification
procedures in the mitigation training course.
(c) Notification upon termination. Upon termination of the
mitigation action, the SLTT law enforcement or correctional agency must
provide a follow-up notification to the designated Federal Aviation
Administration notification point confirming the time of termination.
(d) Non-RF mitigation. Mitigation actions that do not involve radio
frequency-emitting systems do require notification under this section
unless the Department of Transportation or Federal Aviation
Administration's applicable notification procedures established under
this section provide otherwise. Such actions remain subject to the
advance coordination and post-operation reporting requirements of
Sec. Sec. 124.9 and 124.13.
Sec. 124.12 Detection and warning operations.
(a) Scope. This section governs detection and warning operations
using systems whose operation requires the authority of and relief from
certain laws under 6 U.S.C. 124n(a)(2). Detection and warning activity
conducted using systems that do not require the authority of the Act or
the relief it provides from certain laws is not subject to this part.
(b) Conditions. An SLTT law enforcement or correctional agency may
conduct detection and warning operations under this section if:
(1) All personnel conducting detection and warning operations hold
a current Detection and Warning Certification;
(2) The agency deploys only systems within technology categories
listed on the Authorized Technologies List and, where populated,
specific systems listed on the Authorized Systems List;
(3) The agency has adopted an implementation policy under Sec.
124.6(a) or a detection and warning policy under Sec. 124.6(g), has
completed the applicable portal attestation, and has authorized the
operation by a C-UAS Operations Plan under Sec. 124.8; and
(4) The agency complies with the privacy, data handling, and
retention requirements of Sec. 124.14.
(c) Coordination. No per-operation (that is, for each individual
deployment or activation of a C-UAS system) advance notification,
Federal Aviation Administration coordination, or Federal Communications
Commission coordination is required for detection and warning
operations that employ only systems that do not emit radio frequency
energy and do not affect aviation safety. Such operations must be
authorized by a C-UAS Operations Plan under Sec. 124.8, which
documents operational authority, data handling and retention, and legal
review. For detection and warning operations involving RF-emitting
systems, such as active warning broadcast systems, the advance
coordination requirements of Sec. 124.9 apply, and the operation must
be authorized by a C-UAS Operations Plan under Sec. 124.8.
(d) Reporting. The 48-hour reporting requirement of Sec. 124.13
does not require per-event reporting of detection and warning
operations. Each SLTT law enforcement or correctional agency conducting
detection and warning operations under this section must report
detection activity in the semiannual operational summary required by
Sec. 124.13, including the detection systems deployed by Authorized
Technologies List category, the locations at which systems were
deployed, the total number of detection events recorded, instances of
retention of records of communication beyond 180 days, and any data-
sharing arrangements. A physical seizure or confiscation under 6 U.S.C.
124n(b)(1)(E) that results from a detection and warning operation is a
6 U.S.C. 124n action, but it is documented through the agency's normal
evidence-handling procedures and is not separately reported under this
part. The recovery of a crashed or abandoned unmanned aircraft that
does not involve the use of 6 U.S.C. 124n authority is not a 6 U.S.C.
124n confiscation and is not subject to the reporting requirements of
this part.
(e) Prohibition on mitigation. Personnel holding only a Detection
and Warning Certification are not authorized to take any mitigation
action or any other action that affects an unmanned aircraft in flight,
regardless of the operator's ultimate objective. If a detection
operation identifies a credible threat requiring mitigation, this rule
requires that the agency respond through mitigation-certified personnel
operating under Sec. Sec. 124.8 and 124.9 or through coordination with
Federal C-UAS assets. This prohibition is absolute and is not subject
to the emergency exception of Sec. 124.9(g), which is available only
to an agency with mitigation-certified personnel and authorized
mitigation capability.
[[Page 41511]]
Sec. 124.13 Post-operation reporting.
(a) Report required. Any SLTT law enforcement or correctional
agency exercising authority under 6 U.S.C. 124n(a)(2) must submit a
post-operation report as required by 6 U.S.C. 124n(d)(2)(C)(i) within
48 hours of whichever occurs first:
(1) Taking any mitigation action described in 6 U.S.C.
124n(b)(1)(C), (D), or (F);
(2) Any confiscation of an unmanned aircraft or UAS under 6 U.S.C.
124n(b)(1)(E); or
(3) The conclusion of an operation where notification was provided.
(b) Other confiscations. A confiscation that does not occur
pursuant to 6 U.S.C. 124n(b)(1)(E) may be documented through the
agency's normal evidence-handling procedures and does not need to be
separately reported under this part.
(c) Content. The post-operation report must contain:
(1) Confirmation whether the planned operation did or did not occur
as notified;
(2) The date, time, and geographic location of the reportable
action;
(3) A brief description of the credible threat that a UAS or
unmanned aircraft posed to the safety or security of people, a
facility, or an asset; a venue or set of venues used for large-scale
public gatherings or events; critical infrastructure; or a correctional
facility necessitating the action;
(4) The type of capability employed, including the specific system
or systems used by reference to the Authorized Systems List and
Authorized Technologies List category, or where the Authorized Systems
List had not yet been populated for a particular Authorized
Technologies List category at the time of the action, the Authorized
Technologies List category; and in all cases the make, model, hardware
version, firmware revision, and software version of the system or
systems as deployed;
(5) Any known operational effects, including the seizure,
disabling, damage, or destruction of a UAS or unmanned aircraft; any
reported effects on other aviation systems, spectrum users, or persons
and property on the surface or in the air; any aviation accident;
whether a temporary flight restriction was granted or denied; and any
other harm, damage, or loss to a person or to private property;
(6) Any issues, anomalies, or deviations encountered during the
operation; and
(7) Summary operational statistics, including the number of UAS
detected, counted as confirmed detections attributable to a distinct
unmanned aircraft and reported in good faith with reasonable
deduplication; warnings issued; mitigation actions taken; UAS or
unmanned aircraft seized or confiscated; and any criminal charges,
citations, regulatory enforcement actions, or arrests resulting from
the operation.
(d) Submission mechanism. Reports must be submitted through the
designated Federal C-UAS coordination portal. Submission through the
portal satisfies the notification requirement to both the Attorney
General and the Secretary of Homeland Security, as the portal routes
reports to the Federal Bureau of Investigation and Department of
Homeland Security automatically.
(e) Immediate notification for unintended consequences. If a
detection, warning, or mitigation action results in unintended
consequences, including interference with manned aviation or lawfully
operating UAS, property damage, injury, or system malfunction affecting
third parties, the SLTT law enforcement or correctional agency must
immediately notify the Federal Bureau of Investigation and Department
of Homeland Security by the most expedient means available, in addition
to the 48-hour post-operation report. The Federal Bureau of
Investigation will notify the Office of the Deputy Attorney General,
the Department of Transportation, the Federal Aviation Administration,
the Federal Communications Commission, and other affected agencies as
appropriate.
(f) Consolidated reporting. Where multiple reportable events occur
within a 48 hour period, an SLTT law enforcement or correctional agency
may submit a single consolidated post-operation report covering all
actions taken during the period, due within 48 hours of the first
reportable event, provided that each action is documented with the data
elements required by paragraph (c) of this section and that any action
resulting in unintended consequences is reported immediately under
paragraph (e) of this section.
(g) Recurring venue reporting. For recurring venue operations
conducted under a standing operational window authorized by Sec.
124.8(h), each discrete event within the authorization period must be
reported separately.
(h) Semiannual operational summary. Each SLTT law enforcement or
correctional agency exercising authority under this part must submit a
semiannual operational summary through the designated Federal C-UAS
coordination portal, covering total operations conducted, mitigation
actions taken, detection activity, instances of retention of records of
communication beyond 180 days, instances in which control
communications were disclosed outside the originating agency organized
by the legal basis for their disclosure, compliance issues identified,
and lessons learned. The summary must also report the requests the
agency received for C-UAS protection from critical infrastructure or
airport owners or operators that are not SLTT law enforcement or
correctional agencies, the number of those requests to which it
provided protection, and the number it was unable to support as well as
the reasons it was unable to provide support.
(i) Reporting to support congressional and oversight requirements.
The Federal Bureau of Investigation will compile information from post-
operation reports and semiannual summaries to support the biannual
report required by 6 U.S.C. 124n(d)(2)(D) and the semiannual briefings
required by 6 U.S.C. 124n(g), in coordination with the Secretary of
Homeland Security and the Secretary of Transportation. The compilation
will include:
(1) The frequency, location, and circumstances of SLTT law
enforcement and correctional agencies' mitigation deployments and the
types of mitigation employed;
(2) A list of any aviation security or safety incidents, and any
aviation accidents, that occurred due to SLTT law enforcement and
correctional agencies' deployment of C-UAS technologies;
(3) Recommendations for improving SLTT law enforcement and
correctional agencies' C-UAS training, oversight, compliance, and
execution, and the compliance audits required by section 8606(b)(2) of
the SAFER SKIES Act; and
(4) A determination whether SLTT law enforcement and correctional
agencies are able to fully protect critical infrastructure from the UAS
threat and, if not, recommendations on how to expand C-UAS authorities
to critical infrastructure owners. This determination is informed by
the protection-request data reported under paragraph (h) of this
section.
(5) Instances in which records of communications were retained
beyond 180 days, or in which control communications were disclosed
outside the originating agency.
Sec. 124.14 Privacy and civil liberties.
(a) General. In exercising authority under 6 U.S.C. 124n(a)(2), an
SLTT law enforcement or correctional agency and its personnel must
comply with the
[[Page 41512]]
requirements of 6 U.S.C. 124n(e), including the implementation of
privacy protections with respect to the interception, acquisition,
access, maintenance, use, and dissemination of communications,
consistent with the First and Fourth Amendments to the Constitution of
the United States and applicable provisions of Federal law. All
operations under this part must comply with the requirements of the
Fourth Amendment and the policies of the applicable SLTT law
enforcement or correctional agency with respect to searches and
seizures, and individual searches and seizures conducted during C-UAS
operations remain subject to the Fourth Amendment reasonableness
requirement.
(b) First Amendment. No C-UAS authority under this part may be used
solely to seize, monitor, deter, interfere with, or disrupt individuals
exercising rights protected by the First Amendment to the Constitution
of the United States. When C-UAS operations are conducted at events or
locations where individuals are exercising First Amendment rights,
personnel must take affirmative steps to minimize the collection,
retention, and dissemination of information about those individuals,
and must not use C-UAS-derived information to identify, track, or build
records on individuals based on their exercise of protected rights.
(c) Scope of interception. Communications may be intercepted or
acquired only to the extent necessary to support an action described in
6 U.S.C. 124n(b)(1).
(1) Material captured that is not control communications is
incidental capture. Agencies must configure systems to minimize
incidental capture, and incidentally captured material determined not
to be relevant to a C-UAS, law enforcement, or national security
purpose must not be reviewed, retained, or disseminated and must be
purged as soon as practicable.
(2) During the contemporaneous C-UAS operation, personnel may view
incidentally captured material only to the extent necessary for C-UAS
detection, tracking, identification, or mitigation purposes and may not
use it for general surveillance or monitoring. If it becomes apparent
that the captured video, audio, or other data stream is not control
communications, the interception of such communications must be
discontinued, and the interception of incidentally captured material
must be documented in the post-operation report. When a system's
configuration permits adjustment of the scope of interception, such as
frequency range, geographic coverage, or signal type, operators must
use the narrowest configuration consistent with operational
effectiveness.
(3) For standing detection deployments exceeding 30 days, the
agency must conduct a review, not less than quarterly, to confirm that
the scope of interception remains proportionate to the operational
need, that incidental collection of non-UAS communications is being
minimized, and that data handling and purge procedures are being
executed on schedule. The review may be conducted on a program-wide
basis for facilities.
(4) Where identifying the threat requires processing the control
signaling of all unmanned aircraft in range, the control communications
of an unmanned aircraft determined not to pose a threat may not be
retained or used beyond what is needed to make the threat determination
and must be purged on the same schedule as other incidental material.
(d) Records of communications and retention. (1) Control
communications captured, recorded, or maintained by SLTT C-UAS systems
constitute records of communications to or from a UAS within the
meaning of 6 U.S.C. 124n(e)(3) and must be maintained only for as long
as necessary, and in no event for more than 180 days, unless the Agency
Approving Official or the agency's chief legal officer determines that
maintenance of such records is necessary to investigate or prosecute a
violation of law, to directly support an ongoing security operation,
for the purpose of any litigation, or is required under Federal, State,
local, Tribal, or territorial law, consistent with 6 U.S.C. 124n(e)(3).
(2) Data retained under the ongoing security operation exception
must be reviewed at 90-day intervals and purged when the operation
concludes, unless another exception applies.
(3) When an agency determines that records of communications will
be retained beyond 180 days under any exception, the agency must notify
the Federal Bureau of Investigation through the portal within 30 days
of the determination.
(4) Pattern data, once extracted and recorded independently, is not
a record of communications and is not subject to the 180-day limit.
Data generated by systems whose operation does not implicate the
electronic surveillance laws referenced in the notwithstanding clause
of 6 U.S.C. 124n(a)(2) is likewise not subject to the 180-day limit.
(5) For data retained under the investigation or prosecution
exception, the existence of an open investigative or prosecutorial case
file documenting the data as evidence satisfies the required
determination. For data retained under any other exception, the Agency
Approving Official or the agency's chief legal officer must document
the specific basis for retention. If an agency has neither an Agency
Approving Official nor a chief legal officer, an official holding a
rank not below a Senior Executive or Senior Official, or its
equivalent, must document the specific basis for retention.
(6) A standing operational window authorized under Sec. 124.8(h)
does not itself constitute an ongoing security operation for purposes
of the retention exception; that exception applies only when a
specific, identified threat or other intelligence justifies continued
retention of specific records to support a discrete protective
objective, and the 90-day review must assess whether the specific
security basis for retention continues to exist.
(7) The exception for retention required under Federal, State,
local, Tribal, or territorial law applies when a specific provision of
law affirmatively requires retention of the particular type of data at
issue, not when a general records retention schedule incidentally
encompasses C-UAS data.
(e) Dissemination. (1) Control communications acquired under this
part may be disclosed outside the disseminating agency only as
authorized by 6 U.S.C. 124n(e)(4): when necessary to investigate or
prosecute a violation of law; to support the Department of Defense, a
Federal law enforcement agency, or the enforcement activities of a
regulatory agency of the Federal Government in connection with a
criminal or civil investigation of, or any regulatory, statutory, or
other enforcement action relating to an action described in 6 U.S.C.
124n(b)(1); or as otherwise required by law.
(2) This part does not prohibit the use, as evidence in a
subsequent proceeding, of information lawfully obtained incidental to
an SLTT law enforcement or correctional agency C-UAS operation,
consistent with applicable law.
(3) At the time of any dissemination of control communications, the
disseminating agency must document, in the audit trail required by
paragraph (g) of this section, the 6 U.S.C. 124n(e)(4) basis for the
dissemination, the category of recipient, whether the handling caveat
required by paragraph (f) of this section was conveyed, and whether the
dissemination included control communications.
(4) A real-time detection feed is governed by the substantive
character of the data it transmits. A feed that
[[Page 41513]]
transmits control communications acquired under this part is subject to
the requirements of this section applicable to such data and the
limitations under 6 U.S.C. 124n(e)(1), (2), and (4). A feed that
transmits only data described in paragraph (e)(6) of this section is
not subject to those limitations.
(5) Pattern data that contains no control communications may be
disseminated consistent with the agency's standard data handling and
information sharing policies and applicable law. Before disseminating
pattern data beyond the agency, the disseminating agency must verify
anonymization in accordance with its implementation policy and screen
the product for operationally sensitive information that would reveal
specific coverage patterns, capabilities, gaps, or methods. Public
release of pattern data products requires approval at the level
designated by the agency's implementation policy.
(6) Data not acquired using the authorities or reliefs provided by
6 U.S.C. 124n, including data generated by systems whose operation does
not implicate the electronic surveillance laws referenced in the
notwithstanding clause of 6 U.S.C. 124n(a)(2), is not subject to the
disclosure limitations of paragraph (e)(1) of this section and may be
shared consistent with the agency's standard data handling and
information sharing policies and applicable law. Sharing for
situational awareness with recipients that are not law enforcement or
correctional agencies, including critical infrastructure owners or
operators and the public, is limited to data described in this
paragraph, unless the disclosure of control communications is
authorized under paragraph (e)(1) of this section.
(f) Protective purpose limitation. Because the authority of 6
U.S.C. 124n(a)(2) is limited to mitigation of a credible threat, an
SLTT law enforcement or correctional agency may disseminate control
communications acquired pursuant to the agency's authorities and
statutory reliefs under 6 U.S.C. 124n(a)(2) only for law enforcement
action arising from the UAS activity that prompted the C-UAS operation,
or for aviation safety. An SLTT law enforcement or correctional agency
may not disseminate such control communications for use in an
investigation or enforcement action unrelated to UAS activity unless
the communications are independently obtainable through lawful means
not dependent on the authorities and statutory reliefs under 6 U.S.C.
124n(a)(2). At the time of dissemination, the disseminating agency must
communicate the protective purpose for which the control communications
are being shared.
(g) Audit trail. Each SLTT law enforcement or correctional agency
exercising authority under this part must maintain an audit trail
sufficient to document each instance in which C-UAS authority was
exercised, the basis for the action, the disposition of any data
acquired, and any dissemination of data under this part. The audit
trail must be searchable and accessible to compliance auditors,
protected against unauthorized modification or deletion, and retained
for a minimum of 6 years. The agency's implementation policy must
specify the format and system of records for the audit trail.
(h) State and local retention conflicts. When an SLTT law
enforcement or correctional agency determines that a State, local,
Tribal, or territorial records retention requirement applicable to law
enforcement or correctional agency records encompasses C-UAS
communications data and the agency cannot comply with both the 180-day
retention limit and that retention requirement, the agency must retain
the data for the period required by the applicable law and must apply
the handling restrictions of this part, including the prohibition on
use for unrelated law enforcement purposes and the dissemination
restrictions of this section, for the full duration of retention.
(i) Third-party acquisition. An SLTT law enforcement or
correctional agency may not request, purchase, subscribe to, or
operationally rely on intercepted UAS control communications acquired
by any actor lacking lawful authority and relief from certain otherwise
applicable laws for the underlying interception, regardless of whether
the agency directed or facilitated the original interception. An agency
acquiring UAS intelligence from a third-party source must document the
source's lawful authority and relief from otherwise applicable laws for
any intercepted content and must apply the retention and dissemination
requirements of this section to data so acquired. The agency's
implementation policy must specify procedures for evaluating third-
party source authority and relief from certain otherwise applicable
laws, which must include review and concurrence by appropriate State,
local, territorial, or Tribal legal counsel.
(j) Vendor data sharing. An SLTT law enforcement or correctional
agency may provide operational raw sensor data to system vendors for
purposes of system diagnostics, troubleshooting, and performance
validation, provided that any communications content is removed before
disclosure and the data is used solely for the specific purpose
identified. The agency's implementation policy must establish the
conditions for vendor data sharing consistent with this paragraph and
applicable privacy protections.
Sec. 124.15 Protection of sensitive operational information.
(a) Sensitive system information. Information that links the
specific capabilities, vulnerabilities, operating parameters, or
countermeasure effectiveness of C-UAS systems to planned or completed
operations, including deployment locations, operating radio
frequencies, tactical employment methods, and threat-specific
mitigation approaches, must be treated as law enforcement sensitive,
protected from public disclosure to the extent permitted by applicable
law, and, where the information reveals a capability gap of national
security concern, evaluated for classification. Other operational
coordination information associated with a planned or completed
operation, such as the existence, general timing, or general coverage
area of a deployment, must be handled as Controlled Unclassified
Information and may be shared with covered Federal and SLTT law
enforcement and correctional partners, including a State-designated
aviation point of contact, for a lawful government purpose. General
technical specifications and evaluation data not associated with a
specific planned or completed operation are not subject to these
handling requirements. All information described in this paragraph
remains subject to any applicable classification, export control, or
proprietary restriction.
(b) Protection from disclosure. An SLTT law enforcement or
correctional agency must take the steps available under applicable
State, local, Tribal, or territorial law to protect operationally
sensitive information from disclosure through public records requests
or civil discovery, and should coordinate with the prosecuting
authority in criminal prosecutions arising from C-UAS operations to
limit testimony and pleadings to the information necessary to establish
the elements of the offense. Nothing in this section requires an agency
to take any action inconsistent with applicable State, local, Tribal,
or territorial public records law.
(c) Markings. Advance notifications, C-UAS Operations Plans, post-
operation reports, and compliance audit
[[Page 41514]]
records must be marked with appropriate sensitivity designations.
(d) Permitted disclosures. This section does not prohibit
disclosure of sensitive system information to authorized Federal
officials, to other participating SLTT agencies in the course of
operational coordination, or to the public to the extent required by
statute or court order.
Sec. 124.16 Compliance and enforcement.
(a) Compliance audits. The Attorney General, in coordination with
the Secretary of Homeland Security and the Administrator of the Federal
Aviation Administration, will periodically conduct compliance audits of
SLTT law enforcement and correctional agencies exercising authority
under 6 U.S.C. 124n(a)(2), as required by 6 U.S.C. 124n(d)(2)(B) and
section 8606(b)(2) of the SAFER SKIES Act, to oversee compliance with
this part and the privacy protections of 6 U.S.C. 124n(e) as well as to
prevent misuse of C-UAS authority. The audit program will include
review of post-operation reports, advance notification records, and
agency implementation policies. The FAA will participate with respect
to the aviation safety, airspace safety coordination, and deconfliction
aspects of the compliance audits conducted under this section.
(b) Civil fines and penalties. An SLTT law enforcement or
correctional agency, or its personnel authorized to take mitigation
actions under 6 U.S.C. 124n(a)(2), that knowingly engages in such
actions without Federal coordination as required by 6 U.S.C. 124n and
the SAFER SKIES Act, including the advance coordination required by
Sec. 124.9, the real-time air traffic control notification required by
Sec. 124.11, and the post-action notification to the Attorney General
and the Secretary of Homeland Security required by 6 U.S.C.
124n(d)(2)(C) and implemented by Sec. 124.13(a), may be subject to a
civil fine of up to $100,000 per violation, or suspension of C-UAS
authority pending review by the Attorney General or the Secretary of
Homeland Security, as provided in section 8605(f) of the SAFER SKIES
Act. Civil penalties will be assessed in accordance with graduated
penalty levels proportionate to the severity of the violation and the
factors set forth in this part, including the agency's compliance
history, the availability and quality of compliance assistance from
Federal partners, whether the violation resulted in actual harm, and
whether the agency took prompt corrective action. A civil penalty will
not be assessed for a first violation of a procedural reporting or
notification requirement when the agency demonstrates a good-faith
effort to comply and voluntarily self-reports the deficiency.
Violations of requirements of this part other than the Federal
coordination requirements described in this paragraph do not give rise
to civil penalties under section 8605(f) of the SAFER SKIES Act; they
are addressed through the compliance audit program of this section,
certification and accreditation suspension under Sec. 124.5, and any
other remedy available under law.
(c) Civil enforcement. The Attorney General is authorized to bring
a civil action in a United States district court to collect fines and
enforce civil penalties imposed under this section against any agency
or individual, as provided in section 8605(g) of the SAFER SKIES Act.
(d) Relationship to certification or accreditation suspension. In
addition to civil penalties, the Attorney General or designee may
suspend a Mitigation Certification, Detection and Warning
Certification, or accreditation under Sec. 124.5(i) for violations of
this part. Certification or accreditation suspension may be imposed
independently of or in conjunction with other actions described in this
section.
Sec. 124.17 Confiscation and forfeiture.
(a) Confiscation authority. (1) An SLTT law enforcement or
correctional agency and its personnel may seize or otherwise confiscate
a UAS or unmanned aircraft as described in 6 U.S.C. 124n(b)(1)(E). This
authority is contingent on a credible threat and applies to the
physical taking of possession of an unmanned aircraft that is no longer
active in flight or any other UAS component, such as a ground control
station.
(2) This authority does not require Mitigation Certification, the
use of systems on the Authorized Technologies List or Authorized
Systems List, or advance coordination under Sec. 124.9. However,
personnel exercising confiscation authority under 6 U.S.C.
124n(b)(1)(E) must hold a current Detection and Warning Certification
issued by the NCUTC. An officer who seizes an unmanned aircraft or any
other UAS component under traditional law enforcement authority,
including an abandoned or crashed unmanned aircraft, does not require
Detection and Warning Certification.
(3) Any action that employs C-UAS technology to disrupt or seize
control of, damage, disable, or destroy the unmanned aircraft or UAS is
an action under 6 U.S.C. 124n(b)(1)(C), (D), or (F) and requires
Mitigation Certification.
(4) Personnel exercising confiscation authority should follow
standard law enforcement evidence handling procedures, including
maintaining chain of custody, preserving digital evidence stored on the
aircraft or its flight controller, and observing applicable hazardous
materials precautions.
(5) This part does not affect the authority of any law enforcement
or correctional officer to take physical custody of an unmanned
aircraft or UAS under traditional law enforcement authority independent
of 6 U.S.C. 124n. Traditional law enforcement authority refers to the
seizure authorities generally available to law enforcement under
applicable Federal, State, local, Tribal, or territorial law, including
seizure incident to arrest, seizure of evidence or contraband pursuant
to a warrant or a recognized exception to the warrant requirement, and
seizure of abandoned property. Once an unmanned aircraft or UAS is on
the ground and confiscated, subsequent law enforcement actions,
including threat assessment, render safe procedures, evidence
collection, and search warrant execution, are governed by traditional
legal authorities, including Fourth Amendment requirements and
applicable exigency or emergency doctrines, rather than by 6 U.S.C.
124n.
(6) When a C-UAS operation involves a known or suspected unmanned
aircraft being used as a delivery mechanism for a hazardous device, the
response to the hazardous device must be conducted by a public safety
bomb squad accredited through the Hazardous Devices School, consistent
with the National Guidelines for Bomb Technicians or any successor
publication.
(7) The physical act of interception of a third-party unmanned
aircraft while it is in flight, such as catching or netting an aircraft
by hand or using a non-electronic physical device to capture it in the
air, implicates 6 U.S.C. 124n(b)(1)(D), (E), or (F). Personnel
conducting such actions must therefore hold a Mitigation Certification.
This does not apply to the erection of physical barriers that a drone
operator has an obligation to avoid, such as netting affixed to a
physical structure.
(b) Forfeiture. Any UAS or unmanned aircraft seized by an SLTT law
enforcement or correctional agency pursuant to 6 U.S.C. 124n(a)(2) is
subject to forfeiture under the laws of the seizing agency's
jurisdiction, as provided in 6 U.S.C. 124n(c)(2).
[[Page 41515]]
Sec. 124.18 Activities for evaluation, testing, training, and pre-
operational validation.
(a) Scope and legal basis. An SLTT law enforcement or correctional
agency that holds current accreditation under this part may conduct
operational acceptance testing of acquired systems and systems under
procurement consideration, on-the-job proficiency training, and
interoperability training exercises to maintain C-UAS operational
readiness. Testing and training do not and must not involve the
mitigation of a credible threat and are not conducted under the
authority of 6 U.S.C. 124n(a)(2). The operation of RF-emitting systems
during testing and training is conducted under applicable Federal
Communications Commission authorization and Federal Aviation
Administration coordination requirements, and only against controlled
test targets owned or operated by, or operated with the consent of, the
SLTT law enforcement or correctional agency. An SLTT law enforcement or
correctional agency acting pursuant to this section may utilize only
authorized technologies under Sec. 124.7. The SLTT law enforcement or
correctional agency is responsible for verifying that all necessary
Federal Aviation Administration authorizations or regulatory relief for
operation of any unmanned aircraft or UAS, including unmanned aircraft
or UAS forming part of a C-UAS system, have been obtained prior to any
testing, training, or exercises. Compliance with this section is a
condition of maintaining certification and accreditation under this
part.
(b) Personnel. Only personnel holding a current Mitigation
Certification may operate mitigation systems during evaluation testing,
training, and exercises. Testing, training, and exercises may not be
used to train or evaluate uncertified personnel on the operation of
mitigation systems. Contractors and vendor representatives may provide
technical support and instruction on system-specific procedures but may
not independently operate mitigation systems against test targets.
(c) Evaluation testing and training activities plan. Before
conducting testing, training, or exercises involving RF-emitting C-UAS
mitigation systems, the agency must prepare a written activities plan
specifying the date, time, and location; the purpose; the systems and
equipment to be used; the test, training, or exercise targets; the
assigned operators; safety controls; privacy measures; the types of
data to be collected and their planned disposition; documentation of
Federal Aviation Administration and Federal Communications Commission
spectrum coordination for the C-UAS activities, and documentation of
any necessary Federal Aviation Administration authorizations or
regulatory relief for the operator of the target unmanned aircraft or
UAS and for the operation any unmanned aircraft or UAS that form part
of the C-UAS system. The activities plan must be approved by the Agency
Approving Official or designee and reviewed by the agency's legal
counsel.
(d) Coordination. Testing, training, and exercises, involving RF-
emitting systems, or systems that may affect aviation safety, civilian
aviation and aerospace operations, aircraft airworthiness, or the use
of the airspace, require advance coordination with the Federal Aviation
Administration and, for spectrum authorization, with the Federal
Communications Commission.
(e) Privacy within evaluation testing and training. The agency must
favor testing, training, and exercise locations and activities that
minimize exposure to non-participating third parties. The agency must
not intentionally target, monitor, or collect the communications of
non-participating third parties. Communications incidentally collected
from non-participating third parties must be purged at the conclusion
of the testing, training, or exercise activity, or as soon as
practicable thereafter.
(f) Mitigation restriction. During testing, training, and
exercises, the agency may not intentionally mitigate any UAS or
unmanned aircraft that is not a controlled test target, unless
necessary to protect against an imminent risk to human life or as part
of an approved C-UAS Operations Plan. An action taken to protect
against an imminent risk to human life must comply with the emergency
exception set forth in Sec. 124.9(g).
(g) Pre-operational validation. Before commencing mitigation
operations at an event or facility, an agency may conduct pre-
operational validation or equipment functional checks within the
operational window and airspace restrictions already coordinated
through the advance notification process under Sec. 124.9. The C-UAS
Operations Plan must document the pre-operational validation plan and
required notifications. No separate authorization from the Department
of Homeland Security or the Department of Justice beyond the advance
notification is required.
(h) Participation in Federal RTTE. Personnel holding active
Mitigation Certification may participate in research, testing,
training, and evaluation (RTTE) events conducted by Federal components
under 6 U.S.C. 124n(b)(3). Personnel may engage with systems in
mitigation technology categories beyond those for which they hold an
active Mitigation Certification or that are not on the ATL or ASL as
part of the event. Participants act under the Federal component's
authority and supervision.
Sec. 124.19 Task force arrangements and Federal support.
(a) Task force and deputization arrangements preserved. Task force
and deputization arrangements under 6 U.S.C. 124n(a)(1) are not
affected by this part. An SLTT law enforcement or correctional agency
participating in such an arrangement may continue that participation
indefinitely, so long as the deputizing Federal agency continues to
have C-UAS authority and relief from certain laws under 6 U.S.C.
124n(a)(1). Nothing in this part requires an agency to seek
accreditation under this part, conditions any task force or
deputization arrangement on accreditation, or terminates or limits any
such arrangement.
(b) Concurrent authority. The availability of independent SLTT law
enforcement and correctional agency authority under 6 U.S.C. 124n(a)(2)
does not preclude continued participation in C-UAS task forces or
deputization arrangements under 6 U.S.C. 124n(a)(1). An SLTT law
enforcement or correctional agency and its officers may exercise
independent authority and participate in Federal task force operations
concurrently or at different times as operational circumstances
warrant. Task force operations are governed by the policies applicable
to the sponsoring Federal component.
(c) Federal support. An SLTT law enforcement or correctional agency
may request C-UAS support from an authorized Department of Justice or
Department of Homeland Security component. Such support, when provided,
constitutes a Federal operation under 6 U.S.C. 124n(a)(1) and is
governed by the policies applicable to the supporting component, and
the requesting agency's personnel participating in the operation do so
under the Federal component's authority and supervision, consistent
with applicable task force or deputization arrangements. No formal
gubernatorial request is required under this part. Support from the
Department of Defense, when available, is governed by the Department of
Defense's own authorities, including 10 U.S.C. 130i and 2564, and
applicable Department of Defense policies, not by this part.
[[Page 41516]]
Sec. 124.20 Construction.
(a) No private right. This part is not intended to, does not, and
may not be relied upon to create any right or benefit, substantive or
procedural, enforceable at law or in equity by any party against the
United States, its departments, agencies, or entities, its officers,
employees, or agents, or any other person.
(b) Manned aircraft. Nothing in this part authorizes the use of C-
UAS authority against any aircraft or aircraft system operated with a
human pilot, crew, or passengers onboard.
(c) Mass gatherings. Consistent with 6 U.S.C. 124n(h)(5), nothing
in this part provides a new basis of liability for any State, local,
territorial, or Tribal law enforcement officer who participates in the
protection of a mass gathering identified by the Secretary of Homeland
Security or the Attorney General under 6 U.S.C. 124n(l)(3)(C)(iii)(II),
acts within the scope of the officer's authority, and does not exercise
the authority granted to the Secretary of Homeland Security and the
Attorney General by 6 U.S.C. 124n.
(d) Statutory scope. Nothing in this part alters the scope of the
authority of, or the statutory reliefs under 6 U.S.C. 124n(a)(2). A
determination that an action does not comply with this part may give
rise to administrative, civil, or other consequences provided by law,
but does not by itself determine whether the action falls outside the
scope of the statutory authorization in, or the relief from criminal
liability available under, 6 U.S.C. 124n. Such a determination will be
made by the Attorney General, in coordination with the Secretary of
Homeland Security and other appropriate officials.
Sec. 124.21 Termination.
(a) Termination. Absent additional statutory authority, the
authority of SLTT law enforcement and correctional agencies and their
personnel under 6 U.S.C. 124n(a)(2) will terminate on December 31,
2031, as provided in 6 U.S.C. 124n(j)(2).
(b) Savings. Termination under paragraph (a) of this section does
not affect any obligation, proceeding, or liability that arose before
the termination date. Recordkeeping, retention, audit, reporting, and
enforcement obligations with respect to operations conducted before the
termination date, and any administrative or civil proceeding arising
from those operations, survive the termination of authority under this
part and remain in effect until satisfied or otherwise resolved.
Sec. 124.22 Severability.
If any provision of this part, or the application of any provision
to any person, entity, or circumstance, is held to be invalid or
unenforceable by a court of competent jurisdiction, the remainder of
this part, and the application of its provisions to any other persons,
entities, or circumstances, shall not be affected and shall remain in
full force and effect.
Markwayne Mullin,
Secretary of Homeland Security,
Daniel E. Burrows,
Assistant Attorney General, Office of Legal Policy, Department of
Justice.
[FR Doc. 2026-13609 Filed 7-1-26; 4:15 pm]
BILLING CODE 9110-9F-P; 4410-02-P