TSA Updates Records Retention Requirements

On January 15, 2025, the Transportation Security Administration (TSA) issued a Technical Amendment to 48 C.F.R. §§ 1542 and 1544, Recordkeeping Requirements for Criminal History Record Checks; Airport and Aircraft Operator Security; Technical Amendments, to harmonize the records retention requirements with Security Directive (SD) Series 04-08.  The Technical Amendment specifies that airports must maintain the current criminal history records check (CHRC) information, including the CHRC application, associated with an individual’s current CHRC for airport ID media holders that have unescorted access to Security Identification Display Areas (SIDA).  The Technical Amendment further requires airport and aircraft operators to retain these records, either in paper or electronic format, for 180 days after the individual’s access has expired or their individual's authority to perform a covered function is terminated.

The issuance of the Technical Amendment created numerous questions.  In response, the TSA posted an Information Circular (IC) to the Homeland Security Information Network (HSIN) on January 22, 2025.  The IC, dated January 14, 2025, cites applicable authorities related to the storage of criminal history records retention.  The IC references sensitive security information (SSI) requirements, 49 C.F.R. § 1542.209 requirements, privacy requirements, and Federal Bureau of Investigation (FBI) requirements and guidance.  Of note, the IC does not mention the Criminal Justice Information Services (CJIS) Security Policy as a reference point.  The CJIS Security Policy document provides useful information that airport operators can use in creating or managing your criminal history records management policies and practices.

On January 23, 2025, the TSA issued the latest security directive in the 04-08 series with updated language.  The security directive series was again updated on January 31, 2025.

Airport operators may consider reviewing their criminal history records data retention policies and practices to ensure they comply with FBI and TSA criminal history records retention rules.  Depending upon your practices, this may require changes to your ID media access application or policies, or require implementation of specific agreements with tenants, partners, or the software solutions that your airport uses to store or manage these records.

Twelve-Five Security Program Update

The TSA has issued new security requirements for Twelve-Five Standard Security Program public charter operators that operate under 14 C.F.R. Part 380 and Part 135.  These new requirements on public charter operators may affect airport operators and their fixed based operators (FBOs).  

Part 121 carriers began raising concerns with these new Part 135 operations to Congress, the Federal Aviation Administration (FAA), and the TSA last year citing unfair economic advantages and safety and security concerns.  Congress introduced legislation during the last congressional session that sought to close the gap between Part 135 operators flying under Part 380 authority to meet aircraft operator standard security programs (AOSSP) requirements that scheduled air carriers must meet.  The legislation did not pass.

The FAA is examining ways to close the gap between these public charter operators and Part 121 scheduled carriers.  The Trump Administration transition and executive order Regulatory Freeze Pending Review may delay any FAA action.

TSA began its review of these public charter flights in June 2024.  This TSA rule may be subject to review by the regulatory freeze executive order or through the Congressional Review Act.

Airport operators may consider working with the TSA to review the elements of the new security protocols to identify areas that affect airside operations.  Airport operators will need to consider their sterile area designations, airport access ID media rules, and access control practices.  Further, public reporting of the regulation discusses the need for these public charters to screen passengers and potentially use biometrics.  Impacted airport operators may want to consider biometric opportunities and policies for biometric deployments.

Court Strikes Down FCC Rule on Broadband Internet

On January 3, 2025, the U.S. Court of Appeals for the Sixth Circuit struck down the Federal Communications Commission’s (FCC) net neutrality rules.  The decision removes the classification of broadband internet service as a telecommunication service and will have multiple effects on how airports contract and engage with internet service providers, tenants, passengers, and others that use internet service at their airports.  Airports may consider taking a holistic look at their contracts with broadband internet service providers and their agreements and rules related to partners, tenants, and consumers using their airport-provided internet services.

The net neutrality debate centers around whether broadband internet access services should be classified as a telecommunication service or an information service. The net neutrality legislative and regulatory actions have seesawed from administration to administration and court decision to court decision since 2015. ACRP LRD 43 Legal Considerations for Telecommunications at Airports provides a history of these legislative, regulatory, and court actions and further discusses the distinction between telecommunication and information service.

Questions? Contact Margaret Martin or Sean Cusson.