Regulations last checked for updates: Jul 12, 2026

Title 28 - Judicial Administration last revised: Jul 06, 2026
§ 124.1 - Purpose and scope.

(a) Purpose. This part implements the authority of the Secretary of Homeland Security and the Attorney General to develop the governance framework for the exercise of all counter-unmanned aircraft system (C-UAS) actions by State, local, Tribal, and territorial (SLTT) law enforcement and correctional agencies and their personnel under 6 U.S.C. 124n(a)(2), as amended by the SAFER SKIES Act. The purpose of actions taken under this authority is to detect, identify, monitor, track, warn, and, if necessary, mitigate credible threats posed by unmanned aircraft or unmanned aircraft systems (UAS) to the safety or security of people, facilities, or assets; a venue or set of venues used for large-scale public gatherings or events; critical infrastructure; or a correctional facility.

(b) Scope. This part applies to all SLTT law enforcement and correctional agencies, and their personnel seeking to exercise or exercising authority under 6 U.S.C. 124n(a)(2). This part does not govern Federal agency operations under 6 U.S.C. 124n(a)(1), nor deputized SLTT personnel conducting C-UAS as part of an FBI C-UAS task force, which are subject to separate policies and guidance. An SLTT law enforcement or correctional agency that conducts only detection and warning operations using systems the operation of which requires the authority of the Act or the relief it provides from certain laws is subject principally to the Detection and Warning Certification requirement of § 124.5(c), the detection and warning policy provisions of § 124.6(g), the authorized technology requirements of § 124.7, the C-UAS Operations Plan requirement of § 124.8, the operational conditions of § 124.12, and the privacy and data handling requirements of § 124.14.

(c) Relationship to other laws. As provided in 6 U.S.C. 124n(a)(2), actions taken by SLTT law enforcement and correctional agencies and their personnel in compliance with this part may be taken notwithstanding section 46502 of title 49, United States Code, and sections 32, 1030, and 1367 and chapters 119 and 206 of title 18, United States Code, and notwithstanding the laws of any particular State, local, Tribal, or territorial jurisdiction. Nothing in this part vests in the Secretary of Homeland Security or the Attorney General any authority of the Secretary of Transportation or the Administrator of the Federal Aviation Administration.

(d) Comprehensive framework. This part establishes the complete framework governing the exercise of authority under 6 U.S.C. 124n(a)(2), including the training and certification procedures required by 6 U.S.C. 124n(d)(2)(A) and the guidance required by 6 U.S.C. 124n(d)(1) on the matters this part addresses. An SLTT law enforcement or correctional agency and its personnel exercising authority under 6 U.S.C. 124n(a)(2) must conduct operations in accordance with this part. The Attorney General, the Secretary of Homeland Security, the Secretary of Transportation, and the Administrator of the Federal Aviation Administration may issue forms, templates, curricula, and other implementing materials under this part to the extent consistent with law. Where any implementing material addresses a matter also addressed by this part, this part controls. Nothing in this part limits the authority of the Secretary of Homeland Security, the Attorney General, or the Secretary of Transportation to issue guidance under 6 U.S.C. 124n(d)(1) in their respective areas.

(e) Parallel regulations. Consistent with section 8606(a)(1) of the Act, identical implementing regulations appear at 6 CFR part 124 and 28 CFR part 124. The Department of Homeland Security and Department of Justice administer and interpret their respective regulations with respect to their own programs, activities, and solely held authorities. Any description in these regulations of the other Department's programs, activities, or solely held authorities is provided for context and does not itself govern the other Department's exercise of its statutory authorities.

§ 124.2 - Definitions.

As used in this part:

Agency accreditation means an agency's eligibility to exercise authority under this part, established when the agency has adopted the implementation policy and completed the portal attestation required by § 124.6(d), deploys only systems within categories on the Authorized Technologies List and, where populated, on the Authorized Systems List, and ensures that its personnel hold the certifications required for the authorities exercised.

Agency Approving Official means the senior official designated by an SLTT law enforcement or correctional agency in its implementation policy under § 124.6(a)(1), or in its detection and warning policy under § 124.6(g), authorized to approve C-UAS operations on behalf of the agency. The Agency Approving Official must not be below the rank of a Senior Executive or Senior Official or its equivalent, except that for an agency in which no equivalent rank exists, the agency head or the agency head's designee may serve as Agency Approving Official. The Agency Approving Official may not serve as a mitigation operator for an operation that official has approved.

Authorized Systems List means the subset of the Authorized Technologies List that identifies specific systems—including make, model, and hardware version—that have been authorized for operational use within one or more technology categories on the Authorized Technologies List. The Authorized Systems List is populated on a phased basis. As systems complete interagency assessment, systems may be added to the Authorized Systems List with appropriate operational limitations based on the approved capabilities, functions, and hardware version of the system.

Authorized Technologies List means the list of authorized technology categories for C-UAS operations by SLTT law enforcement and correctional agencies, maintained jointly by the Department of Justice, the Department of Homeland Security, the Department of Defense, the Department of Transportation and Federal Aviation Administration, the Federal Communications Commission, and the National Telecommunications and Information Administration, consistent with 6 U.S.C. 124n(d)(2)(A)(iii) and section 8606(a)(4) of the SAFER SKIES Act.

Control communications means any wire, oral, or electronic communication used to navigate, command, or otherwise control a UAS or unmanned aircraft, including telemetry transmitted from the aircraft to its operator, command-and-control signals transmitted from the operator to the aircraft, and any video, audio, or other data stream used by the operator to navigate the aircraft when other navigation telemetry is unavailable or insufficient. The operational role of a communication, rather than its packet type or transmission frequency, determines whether it is a control communication. Whether a communication is a control communication is determined when captured material is processed under § 124.14 and does not require an operator to determine in real time whether a particular video, audio, or data stream is being used to navigate the aircraft. Control communications also include a UAS unique identifier (such as a manufacturer device identifier or serial-correlated number), the operator or take-off location of the UAS, and the location, velocity, and emergency status of the UAS when that information is acquired by intercepting a communication from an unmanned aircraft or unmanned aircraft system pursuant to the relief provided by 6 U.S.C. 124n. The same information is not a control communication when it is obtainable without that relief.

Correctional agency has the meaning given in section 8606(c)(2) of the SAFER SKIES Act.

Correctional facility has the meaning given in 6 U.S.C. 124n(l)(9).

Credible threat means a threat that, based on the totality of circumstances known to the operator at the time of the determination, would cause a reasonable person in the operator's position, considering the operator's training and experience, to conclude that a UAS or unmanned aircraft poses an articulable risk to the safety or security of people, a facility, or an asset; a venue or set of venues used for large-scale public gatherings or events; critical infrastructure; or a correctional facility.

(1) A credible threat may be based on, but is not limited to:

(i) Specific intelligence, including information from law enforcement databases, threat assessments, or intelligence community products;

(ii) Behavioral indicators, including operation in airspace in which UAS operations have been restricted or prohibited by the Federal Aviation Administration, operation not in compliance with Federal Aviation Administration's flight requirements, approach toward a protected interest, failure to respond to warnings, or evasive maneuvering inconsistent with normal flight operations;

(iii) Payload or physical configuration indicators, including observed attachments, modifications, or configurations inconsistent with ordinary recreational or commercial UAS use that suggest capability to cause harm or to deliver prohibited items;

(iv) Unauthorized surveillance or reconnaissance of a protected interest that by law is protected from such activities, or interference with the operational mission of a protected interest;

(v) Indications that the UAS is being used to gain unauthorized access to, or to disclose, classified, law enforcement sensitive, or otherwise lawfully protected information; or

(vi) Pattern-based indicators, including repeated unauthorized UAS activity at a specific location (such as repeat incursions of national defense airspace in violation of 49 U.S.C. 46307), which may inform but do not independently satisfy the credible threat standard.

(2) A credible threat determination rests on the totality of the circumstances. A single indicator may establish a credible threat where it is sufficiently probative. For mitigation actions under 6 U.S.C. 124n(b)(1)(C), (D), and (F), the determination must be supported by a contemporaneous indicator that the specific unmanned aircraft system or unmanned aircraft at issue poses a current, articulable risk if unabated. For detection and warning actions under 6 U.S.C. 124n(b)(1)(A) and (B), a credible threat determination may also be supported by a reasonable basis to anticipate that one or more unmanned aircraft systems or unmanned aircraft poses an articulable risk. Activity protected by the First Amendment to the Constitution of the United States may not be considered in making a credible threat determination.

Critical infrastructure has the meaning given in subsection (e) of the Critical Infrastructures Protection Act of 2001 (Pub. L. 107-56, sec. 1016, 115 Stat. 272, 400-02 (codified at 42 U.S.C. 5195c)), as referenced in 6 U.S.C. 124n(l)(10).

Data purge verification means documented confirmation that records subject to purge have been deleted from all systems on which they were stored. Verification may be performed through an automated system, supervisory review, or other documented confirmation process, and must be recorded in the audit trail required by § 124.14.

Designated Federal C-UAS coordination portal means the electronic submission system designated by the Attorney General and Secretary of Homeland Security for advance notifications, notices of intent, C-UAS Operations Plans, mitigation notifications, post-operation reports, and other submissions required by this part.

Detection and Warning Certification means certification that personnel have successfully completed the online detection and warning training curriculum developed and maintained through the National Counter-UAS Training Center (NCUTC) and passed the post-course assessment. A Detection and Warning Certification authorizes the holder to exercise the authorities described in 6 U.S.C. 124n(b)(1)(A), (B), and (E). The certification is issued automatically through the NCUTC training portal upon successful completion of the curriculum and assessment and recorded in the NCUTC certification database.

Detection and warning operations means operations conducted using systems the operation of which requires the authority of, or relief from certain laws under, 6 U.S.C. 124n and involve only the actions described in 6 U.S.C. 124n(b)(1)(A) and (B). Detection and warning activity conducted using systems that do not require the authority of 6 U.S.C. 124n (including, for example, electro-optical, infrared, acoustic sensors, and radar) is not subject to this part. Operation of RF-emitting C-UAS systems remains subject to applicable Federal Communications Commission authorization requirements and Federal Aviation Administration coordination if such emission could impact the National Airspace System or other systems located at or near airports.

Detection system means a system or technology used to take an action described in 6 U.S.C. 124n(b)(1)(A) or (B)—that is, to detect, identify, monitor, or track a UAS or unmanned aircraft, or to warn its operator, and that has no capability enabled to disrupt or seize control of, or disable, damage, or destroy a UAS or unmanned aircraft.

FAA-designated coordination mechanism means the program, office, or process designated by the Administrator of the Federal Aviation Administration for the coordination of C-UAS operations that might affect aviation safety, civilian aviation and aerospace operations, aircraft airworthiness, or the use of the airspace.

Hazardous Devices School means the schoolhouse operated by the Federal Bureau of Investigation at which public safety bomb technicians are certified and recertified in accordance with the National Guidelines for Bomb Technicians, or any successor publication.

Mitigation action means an action described in 6 U.S.C. 124n(b)(1)(C), (D), or (F). Detection and warning, described in 6 U.S.C. 124n(b)(1)(A) and (B), are not mitigation actions.

Mitigation Certification means certification issued by the National Counter-UAS Training Center upon successful completion of the NCUTC mitigation training course or a successor course approved by the Attorney General acting through the Director of the Federal Bureau of Investigation, authorizing the holder to exercise the authorities described in 6 U.S.C. 124n(b)(1)(C), (D), and (F), to the extent consistent with this part and applicable laws, using authorized technologies within the mitigation technology categories covered by the approved mitigation courses the holder has completed. A current Detection and Warning Certification is a prerequisite for obtaining and maintaining a Mitigation Certification.

Mitigation operation means an operation in which a mitigation system is deployed for the purpose of taking an action described in 6 U.S.C. 124n(b)(1)(C), (D), or (F), including disrupting, seizing, or exercising control of, or using reasonable force, if necessary, to disable, damage, or destroy a UAS or unmanned aircraft, whether or not a mitigation action is taken during the operation. A mitigation operation may include elements of detection and warning operations.

Mitigation system means a system or technology used or capable of being employed to take an action described in 6 U.S.C. 124n(b)(1)(C), (D), or (F), including disrupting, seizing or exercising control of, or using force to disable, damage, or destroy a UAS or unmanned aircraft. A system with both detection and mitigation capability is a mitigation system while its mitigation capability is enabled.

National Counter-UAS Training Center (NCUTC) means the national schoolhouse operated by the Federal Bureau of Investigation and designated by the Attorney General, acting through the Director of the Federal Bureau of Investigation, as the national training center for purposes of 6 U.S.C. 124n and as the sole certifying authority for SLTT C-UAS mitigation operators under 6 U.S.C. 124n(d)(2)(A)(i).

Pattern data means a derived data product reflecting aggregated trends, frequencies, or statistical observations of UAS activity across multiple C-UAS operations that has met the anonymization standards established by the agency's implementation policy and contains no information identifying any specific aircraft, operator, or natural person.

Personnel means officers and employees with assigned duties that include the security or protection of people, facilities, or assets of SLTT law enforcement and correctional agencies, as defined in 6 U.S.C. 124n(a)(2) and (l)(6)(B). This term does not include contractors of SLTT law enforcement and correctional agencies.

Raw sensor data means unprocessed or minimally processed data generated by C-UAS detection or mitigation systems, including radio frequency signal captures, waveform recordings, radar returns, optical and infrared imagery, acoustic signatures, full sensor logs, and system telemetry. Whether a particular item of raw sensor data constitutes a control communication, and is therefore a record of communications subject to the retention limit of § 124.14, is determined by its function.

RF-emitting C-UAS system means any C-UAS system that, when employed for detection or mitigation purposes, actively transmits radio frequency energy to detect, disrupt, disable, or seize control of a UAS or unmanned aircraft. This includes systems employing technologies for detection-only purposes, such as radars that transmit radio frequency signals, that may require a radiolocation service license to be issued from the Federal Communications Commission, and mitigation systems that employ radio frequency jamming (broadband or protocol-specific disruption of command-and-control links, video downlinks, or navigation signals) and radio frequency protocol manipulation (command injection or cyber takeover of control signals).

SLTT law enforcement agency has the meaning given in section 8606(c)(1) of the SAFER SKIES Act.

Special Event Assessment Rating means a rating assigned to an event under the special event assessment process administered by the Department of Homeland Security, or the equivalent rating under any successor event rating system.

§ 124.3 - Scope of authority and mitigation standards.

(a) Scope of authority. An SLTT law enforcement or correctional agency exercising authority under 6 U.S.C. 124n(a)(2) may take actions described in 6 U.S.C. 124n(b)(1), which generally include detection, warning, and mitigation, that are necessary to address or eliminate a credible threat that a UAS or unmanned aircraft poses to the safety or security of people, a facility, or an asset; a venue or set of venues used for large-scale public gatherings or events; critical infrastructure; or a correctional facility. These statutory categories are functional and are not a prescribed list of property types. The determination of whether a specific property falls within these categories is made by the agency's Agency Approving Official, consistent with this part and 6 U.S.C. 124n. No “covered facility or asset” designation under 6 U.S.C. 124n(l)(3) is required for SLTT law enforcement or correctional agency operations; however, a risk-based assessment is required as part of the Operations Plan, as outlined in § 124.8. Whether the property falls within a section 124n(a)(2) category is a separate question from the credible threat determination. The credible threat determination required by paragraph (b) of this section must be made before any mitigation action.

(b) Credible threat determination for mitigation actions. Before taking any mitigation action, personnel must reasonably determine, under the totality of the circumstances, that a credible threat exists, as defined in § 124.2. The determination must be made in real time by the certified and trained personnel closest to the operational situation and documented as part of the post-operation report required by § 124.13. An established pattern of unauthorized UAS activity at a specific location is relevant to the totality of the circumstances and may, in combination with a contemporaneous indicator—including, for example, a new detection event at the same location during a period consistent with the established pattern—support a credible threat determination. A contemporaneous indicator need not independently establish a threat. Considered with the totality of the circumstances, which may include an established pattern of unauthorized UAS activity, an intelligence indicator, or other contextual information, the contemporaneous indicator must provide a present-tense basis for concluding that the specific aircraft at issue poses a current risk. This operational standard governs individual mitigation decisions by authorized personnel in the application of reasonable force under the totality of the circumstances and does not limit the information or analysis that may be considered at the approval level in determining whether to authorize a C-UAS operation for a specific event or facility.

(c) Proportionality. Mitigation actions must be proportionate to the credible threat identified. Personnel must employ the least disruptive effective means of mitigation available under the totality of the circumstances. If equipment is available and time permits, a warning to the remote pilot-in-command should precede any mitigation action. Before taking any mitigation action that may result in the disabling, damage, or destruction of an unmanned aircraft, personnel must consider whether the threat posed by the UAS outweighs the risk of collateral harm to public safety. A mitigation action that creates a greater risk to public safety than the threat it is intended to address is not proportionate and must not be taken. Where a non-mitigation measure is sufficient to eliminate the threat, seizure or destruction of the aircraft should be avoided when feasible. The risk of collateral harm to public safety includes the risk of falling debris, damage to persons or property on the ground, disruption to communications systems, and risks to aviation safety, civilian aviation and aerospace operations, aircraft airworthiness, or the use of the airspace.

(d) Protective purpose limitation. The authority of 6 U.S.C. 124n(a)(2) is limited to the protection of people, facilities, and assets; a venue or set of venues used for large-scale public gatherings or events; critical infrastructure; and correctional facilities from credible threats posed by unmanned aircraft and UAS. C-UAS authority under this part may not be exercised for the sole purpose of collecting evidence for criminal prosecution or as a substitute for the authority provided by chapter 119 or 206 of title 18, United States Code. Evidence obtained incidental to lawful protective C-UAS operations may be used in subsequent criminal proceedings consistent with applicable law.

(e) Mitigation operator requirement. (1) The person who takes a mitigation action, including activating an RF-emitting system, executing a cyber-based takeover, or otherwise causing a C-UAS system to affect or otherwise impact the flight, control, or communications of a UAS or unmanned aircraft, must hold a current Mitigation Certification covering the technology category being employed, and must possess a valid 14 CFR part 107 remote pilot certificate. This requirement is not satisfied by supervision of an uncertified person by a certified operator; the certified operator must be the individual who directly executes the mitigation command or function.

(2) Support functions that do not involve the initiation of mitigation actions, such as detection system monitoring, threat triage and prioritization, ground intercept team dispatch, communications, and administrative functions, do not require Mitigation Certification, but must be performed by personnel trained in accordance with the agency's implementation policy and, where the support function involves operation of systems requiring the authority of 6 U.S.C. 124n(a)(2) or the relief it provides from certain laws, by personnel holding a current Detection and Warning Certification.

(3) For operations involving multiple personnel performing distinct roles, the agency's implementation policy must define the roles and responsibilities of each position, identify which positions require Mitigation Certification, and which require Detection and Warning Certification only, and establish the communication and concurrence procedures between the mitigation operator and other personnel.

(f) Independent professional judgment. (1) The certified mitigation operator retains independent professional judgment on whether to initiate a mitigation action.

(2) A supervisor, commander, or other official, regardless of rank, may provide operational direction, tactical context, and coordination guidance to the operator, and may direct the operator to withhold or cease mitigation when broader operational considerations warrant.

(3) A supervisor, commander, or other official may not direct a certified operator to initiate a mitigation action when the operator has determined that the credible threat standard is not met or that the proportionality requirement of paragraph (c) of this section is not satisfied.

(4) The agency's implementation policy must address the chain of command for mitigation decisions and must make clear that non-certified personnel, regardless of rank, may not direct mitigation actions that override the certified operator's professional judgment on whether the conditions for mitigation are present.

(5) An operator who declines to initiate mitigation based on a good-faith professional determination that the conditions for mitigation are not met may not be subjected to adverse employment action for that decision.

(g) Airspace awareness. (1) For operations where known authorized manned or unmanned aviation is operating or anticipated in or near the area of operations, the agency's implementation policy or C-UAS Operations Plan must designate a person or position responsible for maintaining real-time awareness of known authorized aviation within the operational area and for ensuring that this information is communicated to personnel authorized to initiate mitigation actions before any mitigation is executed. For purposes of this paragraph, known authorized aviation means any manned or unmanned aircraft that has been identified in the C-UAS Operations Plan, communicated to the C-UAS team during the operation, or otherwise confirmed as lawfully operating in or near the area of operations. The designated person, or the individual filling the designated position, must have the ability to communicate directly with the mitigation operator. No mitigation action may be initiated without reasonable efforts to confirm that the target is not a known authorized aircraft.

(2) The scope and formality of this role must be commensurate with the complexity of the aviation environment. For operations with minimal or no known authorized aviation, this role may be performed as an additional duty by the certified operator or other command post personnel; for operations with significant aviation activity, the agency must designate a dedicated individual with airspace awareness and coordination responsibilities. When a target cannot be correlated with any known, authorized aircraft and meets the credible threat standard, mitigation may proceed.

§ 124.4 - Authorized personnel, contractors, and mutual aid.

(a) Officers and employees. The authority provided by 6 U.S.C. 124n(a)(2) may be exercised only by SLTT law enforcement or correctional agency personnel. No SLTT law enforcement or correctional agency may delegate or transfer the exercise of C-UAS mitigation authority to any person or entity that is not an officer or employee of the agency.

(b) Prohibition on contractor exercise. Contractors may provide technical support, system maintenance, and training assistance, but may not operate C-UAS mitigation systems, make credible threat determinations, or execute mitigation actions. An arrangement in which a contractor exercises de facto operational control of a C-UAS mitigation system during an operation, including an arrangement described as a turnkey, managed service, or operator-provided C-UAS service, constitutes an unauthorized delegation of authority and is grounds for suspension of accreditation or certification under § 124.5(i). Detection services that do not require the authority of the Act or the relief it provides from certain laws may be provided by contractors.

(c) Mutual aid and regional C-UAS support. (1) An SLTT law enforcement or correctional agency accredited under 6 U.S.C. 124n(d)(2) may provide C-UAS support to another SLTT law enforcement or correctional agency, including an agency that is not accredited under this part, under a mutual aid agreement, memorandum of understanding, request for assistance, task force arrangement, or other written arrangement authorized by applicable State, local, Tribal, or territorial law.

(2) When the requesting or host agency is not accredited under 6 U.S.C. 124n(d)(2), the accredited agency providing C-UAS support is the C-UAS operating agency for purposes of this part and is responsible for compliance with the applicable requirements of this part.

(3) Personnel of a non-accredited requesting or host agency may support the operation through ordinary law enforcement, correctional, public safety, evidence-handling, perimeter-security, ground-intercept, evacuation, traffic-control, or incident-command functions. Such personnel may not exercise C-UAS authority under 6 U.S.C. 124n(a)(2), operate systems whose operation requires the authority of or relief from certain laws under 6 U.S.C. 124n,make,or,unless,hold.5, and are expressly designated in the accredited C-UAS operating agency's C-UAS Operations Plan to perform that function. Personnel so designated operate under that agency's implementation policy, Agency Approving Official approval, supervision, and compliance responsibility. An individual certification does not, by itself, authorize personnel to exercise 6 U.S.C. 124n(a)(2) authority, and this designation must be established in advance through the C-UAS Operations Plan and the mutual-aid arrangement under paragraph (c)(4) of this section.

(4) The written mutual aid arrangement must identify the requesting or host agency, the accredited agency providing C-UAS support, the legal basis for the accredited agency's personnel to operate in the host jurisdiction, the allocation of operational responsibilities, and the handling of C-UAS-derived information consistent with §§ 124.14 and 124.15.

(5) For multi-jurisdictional operations, the participating agencies must identify a lead C-UAS agency for tactical C-UAS coordination. The lead C-UAS agency must be an accredited agency unless the operation is conducted under Federal authority pursuant to § 124.19. A non-accredited requesting or host agency may serve as the lead public safety, law enforcement, correctional, or incident-command agency for the overall event or incident, but may not serve as the lead C-UAS agency unless accredited under this part.

(6) An accredited agency may enter into standing regional, county, statewide, or other multi-jurisdictional arrangements to provide recurring or on-call C-UAS support to non-accredited agencies. A standing arrangement does not itself authorize a mitigation operation; each mitigation operation remains subject to the applicable requirements of this part.

(7) Nothing in this part requires a small, rural, or otherwise resource-limited SLTT law enforcement or correctional agency to acquire C-UAS equipment, obtain accreditation, or establish an independent C-UAS program in order to receive C-UAS support from an accredited agency.

(d) Anti-circumvention. (1) No SLTT law enforcement or correctional agency, officer, employee, contractor, vendor, or other person may structure or use a mutual aid, regional support, managed-service, technical-support, or other arrangement to evade the requirements of this part.

(2) Prohibited circumvention includes using an accredited agency as a nominal sponsor while a non-accredited agency, contractor, vendor, or other entity exercises de facto operational control of C-UAS activity requiring the authority of or relief from certain laws under 6 U.S.C. 124n; allowing personnel who lack the certifications required by § 124.5 to exercise C-UAS authority; using systems outside the requirements of § 124.7; avoiding the coordination, reporting, privacy, sensitive-information, or compliance requirements of this part; or acquiring third-party intercepted communications in a manner inconsistent with § 124.14(i).

(3) A mutual aid, regional support, statewide support, county support, or multi-jurisdictional C-UAS arrangement is not circumvention merely because the requesting or host agency is not accredited, provided that the C-UAS operating agency is accredited, the personnel exercising C-UAS authority hold the required certifications, and the operation is conducted in compliance with this part.

§ 124.5 - Training and certification.

(a) Training and certification structure. This section establishes the training and certification structure implementing the requirements of 6 U.S.C. 124n(d)(2)(A). Detection and Warning Certification governs training for detection and warning operations under 6 U.S.C. 124n(b)(1)(A) and (B). Mitigation Certification governs training and certification for mitigation operations under 6 U.S.C. 124n(b)(1)(C), (D), and (F). A current Detection and Warning Certification is a prerequisite both for initial enrollment in the mitigation training course and for mitigation recertification.

(b) Agency implementation policy. Before conducting any operations under this part, an SLTT law enforcement or correctional agency must adopt an agency implementation policy or detection and warning policy and complete the portal attestation in accordance with § 124.6, and must authorize each operation by a C-UAS Operations Plan in accordance with § 124.8, consistent with the other requirements and obligations of this part and applicable laws and policies.

(c) Detection and Warning Certification. The Attorney General, acting through the Director of the Federal Bureau of Investigation, will develop and maintain through the NCUTC an online training curriculum for detection and warning operations, accessible through a secure web-based training portal. The curriculum includes the confiscation authority of 6 U.S.C. 124n(b)(1)(E), evidence preservation, and chain of custody. Only those personnel who have completed the curriculum and passed the post-course assessment may exercise the authorities described in 6 U.S.C. 124n(b)(1)(A), (B), and (E). Upon successful completion, the NCUTC training portal automatically issues a Detection and Warning Certification. Detection and Warning Certification is issued only by the NCUTC, and detection and warning training or certification obtained from another agency or a private entity does not satisfy this requirement. Detection and warning activity conducted using systems that do not require the authority of 6 U.S.C. 124n is not subject to this requirement. Upon successful completion, the training portal records the individual's name, agency, date of completion, and certification status in the NCUTC certification database, which is the system of record for all certifications issued under this section. Each agency must maintain a roster of its certified personnel drawn from the NCUTC certification database and must verify the certification status of personnel assigned to C-UAS operations. Vendor-specific and system-level operator training is the responsibility of each agency through its own training procedures and is not part of the detection and warning curriculum.

(d) Mitigation training and certification. (1) The Attorney General, acting through the Director of the Federal Bureau of Investigation, designates the NCUTC as the national schoolhouse and sole certifying authority for personnel exercising mitigation authorities under 6 U.S.C. 124n(b)(1)(C), (D), and (F), as required by 6 U.S.C. 124n(d)(2)(A)(i). Only personnel who hold a valid Mitigation Certification may exercise these authorities. The NCUTC mitigation training program consists of the mitigation training course and such advanced and supplemental courses as the Attorney General, acting through the Director of the Federal Bureau of Investigation, approves. Each course is evaluated on a pass or fail basis and requires demonstrated proficiency in each mitigation technology category it covers; a person who does not demonstrate proficiency in each category does not pass that course. A person obtains Mitigation Certification by passing the mitigation training course and may extend the scope of that certification to additional mitigation technology categories by passing an advanced or supplemental course covering those additional categories. Failure to pass a particular advanced or supplemental course does not affect the scope of a certification already held.

(2) A person who holds a current Mitigation Certification under this paragraph (d) may conduct mitigation operations at a correctional facility. An abbreviated Correctional Mitigation Certification, limited to correctional-facility operations, is available for personnel who will operate only at correctional facilities.

(3) The mitigation training course under this paragraph is delivered at the NCUTC. The Attorney General, acting through the Director of the Federal Bureau of Investigation, may authorize the Federal Law Enforcement Training Centers or another qualified Federal training provider to deliver the mitigation training course at one or more additional sites, provided the NCUTC retains approval authority over curriculum and standards, exercises oversight of the delivery, and issues all certifications upon verified completion. Any such authorization is at the sole discretion of the Attorney General, acting through the Director, confers no entitlement on any agency or training provider, and may be modified or withdrawn at any time.

(e) Correctional mitigation training and certification. The NCUTC offers an abbreviated Correctional Mitigation Certification for personnel who will conduct mitigation operations only at correctional facilities. The correctional course of instruction is shorter than the mitigation training course under paragraph (d) of this section because the fixed perimeter and persistent-threat environment of a correctional facility reduce the operational setup and mission-planning instruction required. The correctional course of instruction addresses the persistent-threat environment, perimeter operations, and the legal and safety considerations of correctional settings. A person who holds only the Correctional Mitigation Certification may conduct mitigation operations at a correctional facility but may not conduct other mitigation operations under this part. The NCUTC may arrange for the Federal Law Enforcement Training Centers or another qualified training provider to deliver the correctional curriculum, provided the NCUTC retains approval authority over curriculum and standards, exercises oversight of the delivery, and issues all certifications upon verified completion.

(f) Training standards. The mitigation training course, as administered by the NCUTC, will include instruction on the legal, operational, and technological aspects of C-UAS operations as required by section 8606(b)(1) of the SAFER SKIES Act, including FAA coordination and airspace procedures, spectrum coordination requirements, real-time air traffic control notification procedures, FBI and DHS notification requirements, and the operational use of authorized mitigation technologies. The Attorney General, in coordination with the Secretary of Homeland Security, the Secretary of Defense, the Secretary of Transportation, and the Administrator of the Federal Aviation Administration, will approve training program standards and may approve additional courses of instruction for specialized C-UAS operations. The mitigation training course must include scenario-based instruction on the application of the credible threat standard.

(g) Eligible personnel. Personnel eligible for Mitigation Certification or Detection and Warning Certification must have assigned duties that include the security or protection of people, facilities, or assets, as specified in 6 U.S.C. 124n(a)(2), and must be officers or employees of an SLTT law enforcement or correctional agency accredited by the Attorney General acting through the Director of the Federal Bureau of Investigation. The NCUTC, under the authority of the Attorney General, may establish additional attendance prerequisites.

(h) Sufficiency of certification. Successful completion of the applicable training requirement, combined with the use of systems within technology categories on the Authorized Technologies List and specific systems on the Authorized Systems List where populated, and compliance with the requirements of this part, satisfies the training and certification prerequisites of 6 U.S.C. 124n(d)(2)(A) for the exercise of the corresponding authorities under 6 U.S.C. 124n(a)(2).

(i) Suspension. The Attorney General, acting through the Director of the Federal Bureau of Investigation or the Director's designee, may suspend the Mitigation Certification or Detection and Warning Certification of any individual, or the accreditation of any SLTT law enforcement or correctional agency, for failure to comply with the requirements of this part, violation of the conditions of certification, or for any conduct that demonstrates unfitness to exercise C-UAS authority. Suspension of a certification or accreditation under this section is distinct from suspension of C-UAS authority by the Attorney General or the Secretary of Homeland Security under section 8605(f) of the SAFER SKIES Act, which is addressed in § 124.16. Neither a suspension of certification under this section nor an enforcement action against an individual under section 8605(f) of the SAFER SKIES Act prevents or bars the responsible agency from taking any additional actions it deems necessary to address the circumstances that led to suspension or enforcement action by the Attorney General or designee.

(j) Suspension notice. A suspension will be communicated in writing and will specify the basis for the action and any available remedial steps. The suspension notice must include the factual basis for the action in sufficient detail to enable the affected individual or agency to respond. In exigent circumstances, the Director of the Federal Bureau of Investigation or the Director's designee may immediately suspend a certification or accreditation pending administrative review without the requisite written notice when continued exercise of C-UAS authority poses a risk to aviation safety, public safety, or national security. In such cases, the Director or the Director's designee must provide the requisite notice within 3 days of the suspension.

(k) Administrative review. An individual or agency that receives a suspension notice may request administrative review within 30 calendar days of receipt. The Attorney General, acting through the Director of the Federal Bureau of Investigation, will designate a reviewing official of the Department of Justice who did not participate in or supervise the initial decision. The affected party may submit documentary evidence and written witness statements in support of its response. The reviewing official will consider the written submissions of both parties, may conduct an informal hearing at the reviewing official's discretion, and will issue a written determination within 60 calendar days of receipt of the request, stating the factual findings and the basis for the determination. The reviewing official may affirm the action, modify its terms, impose conditions for reinstatement, or reverse the action. A suspension that is affirmed remains in effect until reinstatement under paragraph (m) of this section or the expiration of the suspended certification or accreditation, whichever occurs first.

(l) Conditions. The Attorney General, acting through the Director of the Federal Bureau of Investigation, may issue a certification or accreditation subject to conditions, and may modify the conditions of a certification or accreditation, consistent with the standards and procedures applicable to suspension under this section.

(m) Reinstatement. An individual or agency whose certification or accreditation has been suspended may apply for reinstatement after completing the remedial steps specified in the suspension notice or the reviewing official's determination. An individual Mitigation Certification may alternatively be reinstated upon the successful recompletion of the full mitigation training course.

(n) Transition for previously trained personnel. Personnel holding a Mitigation Certification issued by the NCUTC before the effective date of this part must complete the detection and warning curriculum under paragraph (c) of this section by September 29, 2026. During that period, the Mitigation Certification remains valid, and the Detection and Warning Certification prerequisite for Mitigation Certification is deemed satisfied. An agency's accreditation is not affected while its personnel complete the curriculum during the transition period.

§ 124.6 - Agency implementation policy.

(a) Requirement. Before conducting any operations under this part, each SLTT law enforcement or correctional agency must adopt and maintain an agency implementation policy governing the exercise of authority under 6 U.S.C. 124n(a)(2). The agency implementation policy is comprehensive. It governs all operations the agency conducts under this part, including detection and warning operations, and it addresses the detection and warning matters listed in paragraph (g) of this section. An agency that adopts and maintains an agency implementation policy under this paragraph is not required to adopt a separate policy under paragraph (g) of this section. An agency that conducts only detection and warning operations may instead adopt the abbreviated policy under paragraph (g) of this section. The agency implementation policy must, at a minimum:

(1) Designate an Agency Approving Official meeting the requirements of § 124.2;

(2) Designate the personnel authorized to exercise C-UAS authority and describe the recurrent training requirements applicable to such personnel;

(3) Establish procedures consistent with § 124.14 for the handling, retention, and dissemination of data acquired during C-UAS operations, including written anonymization standards specifying the aggregation thresholds, identifier suppression, and re-identification risk assessment used to qualify a data product as pattern data;

(4) Include provisions for public notification regarding the potential use of C-UAS authority within the agency's jurisdiction;

(5) Ensure compliance with the requirements of this part; and

(6) Detail standing tactical procedures governing the execution of C-UAS operations, including engagement protocols that account for the risk to persons and property on the surface and in the air before engagement, escalation procedures, use of force considerations, ground intercept team procedures, render safe procedures, evidence collection and chain-of-custody procedures, communications procedures, system operating procedures, data handling and purge procedures consistent with the retention requirements of this part, operation plan requirements, and post-operation procedures that incorporate data purge verification.

(b) Legal counsel review. The implementation policy must be reviewed and concurred in by the agency's legal counsel before adoption and upon each annual renewal. The review must specifically address the privacy and civil liberties requirements of this part, including the data retention, minimization, and dissemination provisions, and the interplay of proposed C-UAS operations and implementing policies with applicable State, local, Tribal, or territorial law. For an agency that has a designated official responsible for the agency's privacy and civil liberties compliance, regardless of title, the implementation policy must also be reviewed by that official.

(c) Alternative certification for agencies without in-house counsel. For an agency without in-house counsel, the review required by paragraph (b) of this section may alternatively be satisfied by review and certification by a State, local, territorial, or Tribal attorney's office that the implementation policy addresses each element required by paragraph (a) of this section. An agency obtaining a certification under this paragraph (c) must document the basis for using this paragraph (c). Certification pursuant to this paragraph (c) does not relieve the agency of any compliance obligation under this part.

(d) Portal attestation. Upon adoption of the implementation policy, the agency head or designee must certify compliance through the Federal C-UAS coordination portal by attesting that the agency has adopted an implementation policy addressing each element required by paragraph (a) of this section. The portal records the certifying official, agency, and date of attestation. The implementation policy is not subject to pre-approval by the NCUTC. The NCUTC retains authority to audit implementation policies and to suspend certification or accreditation under § 124.5. The attestation must be renewed annually.

(e) Retention and availability. The agency must retain the implementation policy and make it available to the Attorney General or the Secretary of Homeland Security, or their designee, upon request, including during compliance audits under § 124.16.

(f) Operating without attestation. An agency that conducts operations under this part without a current portal attestation is in violation of this part, and the absence of an attestation constitutes grounds for compliance action under § 124.16.

(g) Detection and warning policy. An SLTT law enforcement or correctional agency that conducts only detection and warning operations requiring the authority of, or the relief from certain laws provided by, 6 U.S.C. 124n may adopt a detection and warning policy in lieu of the implementation policy required by paragraph (a) of this section. A detection and warning policy must satisfy the requirements of this section, except that it need not include the standing tactical procedures of paragraph (a)(6) of this section. The agency must designate an Agency Approving Official under paragraph (a)(1) of this section and complete the portal attestation under paragraph (d) of this section, which must be renewed annually. For purposes of that attestation, a detection and warning policy need address only the elements of paragraph (a) of this section that apply to detection and warning operations.

§ 124.7 - Authorized technologies.

(a) Two-list authorization framework. The technology authorization framework consists of two complementary lists. The Authorized Technologies List identifies the technology categories authorized for SLTT law enforcement and correctional agency C-UAS operations. The Authorized Systems List identifies specific systems, at the make and model level, that have completed interagency evaluation within those technology categories and stated operating restrictions. Both lists are maintained jointly by the Department of Justice, the Department of Homeland Security, the Department of Defense, the Department of Transportation and Federal Aviation Administration, the Federal Communications Commission, and the National Telecommunications and Information Administration, consistent with 6 U.S.C. 124n(d)(2)(A)(iii) and section 8606(a)(4) of the SAFER SKIES Act.

(b) General requirement. An SLTT law enforcement or correctional agency exercising authority under 6 U.S.C. 124n(a)(2) may deploy only systems within technology categories listed on the Authorized Technologies List. When the Authorized Systems List has been populated for a given technology category, the agency may deploy only specific systems listed on the Authorized Systems List within that category, subject to the advance coordination requirements of § 124.9. For technology categories on the Authorized Technologies List for which the Authorized Systems List has not yet been populated, the agency may deploy specific systems within those categories provided that an operator holds Mitigation Certification covering that technology category and has completed manufacturer or vendor training on the specific system to be deployed, subject to the advance coordination requirements of § 124.9.

(c) Scope of the list requirement. When operating under the authorities or statutory reliefs in 6 U.S.C. 124n(a)(2), SLTT law enforcement or correctional agencies may employ only listed technology categories, and, where the Authorized Systems List is populated, listed systems. Technology that an SLTT law enforcement or correctional agency may lawfully employ without the authorities or reliefs provided by 6 U.S.C. 124n(a)(2) is not subject to the requirements of this section and remains available to agencies on the same basis as before the SAFER SKIES Act. The detection and warning training curriculum will address the distinction between technology categories subject to and not subject to this section.

(d) Mitigation technology and training alignment. An SLTT law enforcement or correctional agency may employ mitigation systems only in those technology categories covered by the NCUTC mitigation courses completed by its mitigation-certified personnel. NCUTC may create an additional mitigation module covering the technology category when a new technology category is added to the Authorized Technologies List. Mitigation-certified personnel who completed the NCUTC mitigation course prior to the addition of this new content must successfully complete additional NCUTC training on the new technology category prior to using any system on the Authorized Systems List under that category.

(e) Scope of interception authority. Systems may be used to intercept communications to or from an unmanned aircraft or UAS only to the extent necessary to support an action described in 6 U.S.C. 124n(b)(1). Any interception, acquisition, maintenance, use of, or access to communications to or from an unmanned aircraft or UAS under this section must be conducted in a manner consistent with the First and Fourth Amendments to the Constitution of the United States and applicable provisions of Federal law.

(f) Maintenance of the lists. The Authorized Technologies List and Authorized Systems List, including the criteria and procedures for evaluating, listing, renewing, suspending, and removing technology categories and systems, are established and maintained through the interagency process described in 6 U.S.C. 124n(d)(2)(A)(iii) and section 8606(a)(4) of the SAFER SKIES Act. The Authorized Systems List is updated by that interagency process and published on the designated interagency C-UAS portal. Each RF-emitting system listed on the Authorized Systems List will have completed a system-level spectrum evaluation through the interagency process before listing, addressing potential interference with non-Federal spectrum users, compatibility with Federal spectrum users, and potential interference with aviation safety systems. System-level evaluations are reviewed and renewed at intervals determined through the interagency process and upon any system change to its operating capabilities, functions, radio frequency characteristics, or power levels that may alter its radio frequency characteristics, capabilities, functions, or assessed configurations. Minor updates that do not alter a system's performance, capabilities, functions, radio frequency characteristics, or assessed configurations do not require renewed evaluation.

(g) Emergency suspension. Upon receipt of an emergency suspension notice issued through the interagency process for the Authorized Technologies List and Authorized Systems List, an SLTT law enforcement or correctional agency must immediately cease deployment of the affected system or technology category. Grounds for emergency suspension include discovery of a critical safety defect, identification of a supply chain compromise or cybersecurity vulnerability, a determination that a system's radio frequency characteristics differ materially from those evaluated during spectrum evaluation, or a finding by any agency participating in the interagency process that continued deployment poses an unacceptable risk. The SLTT law enforcement or correctional agency may not resume deployment of the affected system or technology category until the suspension is lifted or the system or category is restored to the applicable list, and the agency must comply with any conditions attached to the lifting of the suspension or the restoration of the system or category to the applicable list.

§ 124.8 - C-UAS Operations Plan.

(a) Requirement and function. Each mitigation operation, and each detection and warning operation conducted under this part using systems that require the authority of, or relief from certain laws under, 6 U.S.C. 124n,must. Section 124.12 sets out the conditions specific to detection and warning operations. The signed C-UAS Operations Plan is the instrument authorizing the operation on behalf of the SLTT law enforcement or correctional agency and certifies that the operation is consistent with the agency's implementation or detection and warning policy, that the operators are agency personnel who hold the required training and certification, and that the risk-based assessment factors of paragraph (e) of this section have been addressed. The agency may not commence mitigation operations until both the advance coordination process under § 124.9 and the signed C-UAS Operations Plan are complete.

(b) Legal counsel certification. The C-UAS Operations Plan must include a certification by the agency's legal counsel or, for an agency without in-house counsel, the applicable prosecuting authority, that the plan has been reviewed for legal sufficiency. The certification may take the form of a signature block, stamp, or attestation on the plan.

(c) Form. The C-UAS Operations Plan must be prepared on the standardized form prescribed by the Attorney General. The form is structured to use short-answer fields, selection-based fields, and map or diagram attachments, and does not require narrative legal analysis or repetition of standing procedures addressed in the agency's implementation policy. The form may use conditional fields keyed to the type of operation, so that each operation completes only the fields applicable to it; for a detection and warning operation, the fields specific to mitigation, such as mitigation-system parameters and render safe planning, do not apply.

(d) Content. The C-UAS Operations Plan must address, at a minimum and to the extent applicable to the operation:

(1) Operation identification, including the submitting agency, points of contact, the Agency Approving Official, the operation type, planned dates, geographic location, venue type, any Special Event Assessment Rating or National Special Security Event designation, and the identification of any mutual aid agencies;

(2) Systems and airspace, including the systems to be deployed by reference to the Authorized Systems List or Authorized Technologies List category; a description of each system's configuration and the hardware version, firmware revision, and software version of each system as deployed; RF-emitting system parameters; class of airspace; and anticipated flight restrictions;

(3) Coordination confirmation, including operator certification status, compliance with the agency implementation policy, the legal counsel certification, and compliance with the privacy and civil liberties requirements of this part; and

(4) Operational planning elements, including deployment configuration and spectrum deconfliction, personnel and team assignments, render safe and contingency planning, known authorized manned and unmanned aviation and deconfliction processes and procedures, communications, investigative response and data handling, and demobilization.

(e) Risk-based assessment. The C-UAS Operations Plan must address the following factors: potential impacts to aviation safety, civilian aviation and aerospace operations, aircraft airworthiness, or the use of the airspace; procedures to comply with any technical and siting limitations; options for mitigating identified potential impacts; potential consequences if potential impacts are not mitigated; the ability to provide reasonable advance notice to aircraft operators of both manned and unmanned aircraft; the setting and character of the facility or asset; for National Special Security Events and Special Event Assessment Rating events, the event characteristics; and the potential consequences to public safety if UAS threats are not mitigated. For National Special Security Events and Special Event Assessment Rating events, a plan that identifies the systems, airspace environment, and coordination elements from which the assessment can be derived satisfies this paragraph without separately addressing each factor in narrative form. Nothing in this part may be interpreted as limiting the authority of the Administrator of the Federal Aviation Administration to manage the navigable airspace, assess potential aviation safety risks, and implement such mitigations as the Administrator determines appropriate.

(f) Timing and submission. The C-UAS Operations Plan must be completed before the commencement of operations and submitted to the Federal Bureau of Investigation and Department of Homeland Security through the designated Federal C-UAS coordination portal as a supplement to the advance notification not fewer than 7 calendar days before the commencement of operations, or as early as practicable when the applicable notification timeline does not permit 7 calendar days. For a detection and warning operation that is not subject to the advance notification requirement of § 124.9, the C-UAS Operations Plan must be submitted through the designated Federal C-UAS coordination portal before the commencement of operations, for situational awareness and recordkeeping; such submission is not an advance notification under § 124.9 and does not trigger Federal Aviation Administration or Federal Communications Commission coordination. The plan may be updated after submission to reflect changes resulting from Federal Aviation Administration or Federal Communications Commission coordination. Material updates must be resubmitted promptly. Federal Aviation Administration and Federal Communications Commission coordination is valid for the system configuration and the firmware and software version coordinated for the operation. A change in configuration, firmware, or software version does not require re-coordination if it does not materially change the system's radio frequency emission characteristics, its operating frequencies and power levels, or other factors potentially impacting aviation safety from those previously coordinated. A change that would operate outside the frequencies or power levels coordinated for the operation requires re-coordination before deployment; a summary of the change must be provided to the Federal Aviation Administration and Federal Communications Commission to determine if re-coordination is necessary. The Federal Aviation Administration and the Federal Communications Commission may identify by guidance categories of configuration, firmware, or software changes that are deemed to materially affect radio frequency emission characteristics and require re-coordination. Federal review of the C-UAS Operations Plan is for deconfliction and situational awareness purposes and does not constitute approval or disapproval of the operation. For an event, area, or period in which a high volume of simultaneous operations is anticipated, the Federal Bureau of Investigation, in coordination with the Federal Aviation Administration, may establish an earlier submission deadline for affected operations and will communicate that deadline to affected agencies in advance through the designated portal or the lead C-UAS agency.

(g) Relationship to implementation policy. The C-UAS Operations Plan is an event-specific or operation-specific document. Standing tactical procedures required by § 124.6(a) must be addressed in the agency's implementation policy, and the C-UAS Operations Plan must reference the implementation policy by title and version rather than repeating standing procedures.

(h) Operational windows. (1) An individual C-UAS Operations Plan may authorize operations for a period not to exceed 30 consecutive calendar days, except as provided in paragraph (h)(2) of this section. For operations requiring a longer duration, the agency must submit a renewal plan before the expiration of the current operational window; the renewal plan may incorporate the prior plan by reference and address only material changes. The agency must submit a renewal plan, through the designated Federal C-UAS coordination portal under § 124.8(f), before the expiration of the current operational window.

(2) For fixed-site facilities for which SLTT law enforcement and correctional agencies conduct ongoing persistent-protection operations, including correctional facilities, critical infrastructure sites, other permanent facilities with a continuing C-UAS mission, and venues where the agency expects to provide recurring C-UAS coverage within the authorization period, the Agency Approving Official may authorize a standing operational window of up to 365 calendar days, renewable upon submission of a renewal plan. The advance notification for a standing operational window must specify the venue and anticipated events or coverage periods; for a detection and warning operation not subject to the advance notification requirement of § 124.9, the C-UAS Operations Plan must specify the venue, the area covered, which may be stated as a radius around the site, and the anticipated coverage periods. Material changes, including a new event, new systems, or a changed threat environment, require an update to the advance notification under § 124.9(a) or, for such a detection and warning operation, an updated C-UAS Operations Plan. Federal coordination requirements continue to apply to each event within a standing window, including lead C-UAS agency coordination under § 124.10 and per-event coordination among the Department of Transportation, the Federal Aviation Administration, and the Federal Communications Commission.

(3) No C-UAS Operations Plan may authorize an indefinite or open-ended operational window.

§ 124.9 - Advance coordination, notification, and authorization.

(a) Advance notification. (1) Before conducting any mitigation operation under 6 U.S.C. 124n(a)(2), an SLTT law enforcement or correctional agency must submit an advance notification through the designated Federal C-UAS coordination portal not fewer than 30 calendar days before the commencement of the operational period. When 30 calendar days is not feasible, the agency must submit the advance notification as early as the circumstances permit, with sufficient lead time to allow the Federal Bureau of Investigation, the Department of Homeland Security, the Department of Transportation, the Federal Aviation Administration, and the Federal Communications Commission to complete their respective reviews, and must include a brief explanation of the circumstances that prevented submission within the 30-day standard.

(2) The advance notification is a coordination document that routes the relevant data elements to each recipient agency through a single submission. The advance notification is not a request for approval by the Department of Justice or the Department of Homeland Security, and the absence of a response from the Department of Justice or the Department of Homeland Security does not affect the agency's authority to proceed.

(3) The advance notification must identify the submitting SLTT law enforcement or correctional agency, the planned dates and geographic location of the operation, the systems to be deployed by reference to the Authorized Systems List or Authorized Technologies List category, RF-emitting system parameters, a characterization of the airspace and operational environment, and confirmation of operator certification status and compliance with the agency implementation policy and the privacy requirements of this part.

(b) C-UAS Operations Plan. Each mitigation operation must also be authorized by a C-UAS Operations Plan in accordance with § 124.8. The agency may not commence mitigation operations until both the advance coordination process under this section and the signed C-UAS Operations Plan are complete. The SLTT law enforcement or correctional agency must also submit a comparable advance notification to the State if required by State law or policy.

(c) FBI and DHS notification and routing. The Attorney General, through the Federal Bureau of Investigation and the Department of Homeland Security, receives the advance notification for purposes of deconflicting planned SLTT law enforcement or correctional agency C-UAS operations with any ongoing or planned Federal C-UAS, law enforcement, or national security operations. Until the portal is fully established, an SLTT law enforcement or correctional agency must notify the Federal Bureau of Investigation and Department of Homeland Security through a channel designated by the Federal Bureau of Investigation and Department of Homeland Security for that purpose.

(d) DOT/FAA coordination. Before conducting any mitigation operation, an SLTT law enforcement or correctional agency must coordinate with the Department of Transportation and the Federal Aviation Administration through the coordination mechanism the Federal Aviation Administration has designated. The agency must provide the systems to be deployed, the geographic coordinates of each proposed deployment and enforcement location, the expected duration of the operation, and a characterization of the airspace environment. The Administrator of the Federal Aviation Administration may establish such flight restrictions as the Administrator determines necessary in his sole discretion for reasons of aviation safety. The absence of a formal flight restriction does not preclude mitigation action in exigent circumstances when a credible threat exists and the requirements of this part are otherwise satisfied.

(e) Categorical FAA determinations. The Federal Aviation Administration may issue categorical determinations for specific combinations of authorized technologies, geographic locations, and airspace environments. When a proposed mitigation operation falls within the parameters of a categorical determination by the Federal Aviation Administration, individual case-by-case Federal Aviation Administration coordination is not required, provided the agency operates within the conditions specified in the determination and notifies the Federal Aviation Administration through the Federal Aviation Administration-designated coordination mechanism.

(f) FCC authorization. Before deploying any C-UAS system (whether detection and warning only or mitigation) that involves the emission of radio waves, an SLTT law enforcement or correctional agency must obtain authorization to use that system consistent with Title III of the Communications Act of 1934, as amended. The system must comply with any relevant regulations, policies, and guidance administered by the Federal Communications Commission, and an SLTT law enforcement or correctional agency must submit a request to the Federal Communications Commission through the advance notification process and as directed by the Federal Communications Commission. The Federal Communications Commission will also issue waivers, as appropriate, to C-UAS equipment vendors and manufacturers to allow them to import and sell C-UAS mitigation equipment that employs radio frequency interdiction technologies or electronic counter measures to authorized SLTT law enforcement and correctional agencies.

(g) Emergency exception. When a credible threat poses an imminent risk to human life and advance coordination under this section is not practicable, an SLTT law enforcement or correctional agency may take mitigation action. The agency must complete the notifications required by this section as soon as practicable, and in any event within two hours of the action. If the mitigation action involves an RF-emitting C-UAS system, the agency must additionally comply with the real-time notification requirements of § 124.11. Each invocation of this exception must be documented in the post-operation report with a specific explanation of why advance coordination was not feasible. This exception may not be invoked as a routine alternative to advance coordination, and a pattern of repeated invocations may result in compliance review under § 124.16, accreditation or certification suspension, and penalties under section 8605(f) of the SAFER SKIES Act. The compliance audit program will establish the criteria for identifying patterns of emergency invocations that warrant review.

(h) Federal coordination. Before conducting any operation under this part within a security or protection mission overseen by a Federal Government entity, or within an area, facility, waterway, or other area over which a Federal Government entity exercises a security or protection responsibility, the agency must coordinate with that Federal Government entity through the advance coordination process under § 124.9 before conducting the operation. The Federal Aviation Administration's general regulatory authority over the navigable airspace does not by itself trigger this requirement; airspace safety coordination is addressed in § 124.8 and § 124.11.

(i) Detection and warning operations. Detection and warning operations that do not actively transmit radio frequency energy and do not affect aviation safety are not subject to the advance coordination requirements of this section.

§ 124.10 - Interagency and lead-agency coordination.

(a) Early coordination and notice of intent. For operations in support of National Special Security Events, events rated Special Event Assessment Rating 1 through 3, or other events where Federal C-UAS operations are anticipated, an SLTT law enforcement or correctional agency should notify the local FBI field office of its intent to provide C-UAS coverage as early as practicable and before the 30-day advance notification standard of § 124.9. The designated Federal C-UAS coordination portal includes a notice-of-intent function that allows an agency to register its intent to cover a future event without completing the full advance notification. A notice of intent is informational only and does not trigger the advance coordination process, the Federal Aviation Administration or Federal Communications Commission review, or any timeline obligation.

(b) Special event coordination. When the Federal Bureau of Investigation receives an SLTT law enforcement or correctional agency advance notification or notice of intent for an event at which Federal C-UAS operations are also planned or under consideration, the Federal Bureau of Investigation will present the notification to the interagency C-UAS coordination process maintained by the Department of Justice and the Department of Homeland Security, will serve as the conduit for SLTT law enforcement and correctional agency equities in that process, and will communicate the results to the SLTT law enforcement or correctional agency, including any Federal operational parameters or deconfliction requirements that may affect the SLTT law enforcement or correctional agency C-UAS operation. The interagency coordination process does not approve or disapprove SLTT law enforcement or correctional agency C-UAS operations.

(c) Tactical coordination under a lead C-UAS agency. An SLTT law enforcement or correctional agency conducting C-UAS operations at an event or location for which a lead C-UAS agency has been designated must operate under the tactical coordination of the lead C-UAS agency for the duration of the event. Tactical coordination includes the assignment of system deployment locations, operating frequencies, detection and mitigation sectors, ground intercept team sectors, render safe locations, communications channels, and risk to persons and property on the surface or in the air. The SLTT law enforcement or correctional agency's C-UAS Operations Plan for the event must be developed in coordination with the lead C-UAS agency and must conform to the lead agency's overall C-UAS operational framework for the event. An SLTT law enforcement or correctional agency coordinating with a lead C-UAS agency acts under its own certified authority under 6 U.S.C. 124n(a)(2); tactical coordination merely integrates the SLTT law enforcement or correctional agency C-UAS operation into a unified C-UAS posture. Where geographic responsibilities are divided among multiple Federal agencies, the SLTT law enforcement or correctional agency must coordinate with the sector-level lead Federal agency responsible for the geographic area in which the SLTT law enforcement or correctional agency intends to operate. Whenever Federal and SLTT operations will be conducted at the same event, or whenever the Federal and SLTT operations will overlap in geographic area and time, the Federal agency will be the lead C-UAS agency. An SLTT law enforcement or correctional agency may serve as the lead C-UAS agency only where multiple SLTT agencies are operating in the same area and no Federal agency is involved.

(d) Coordination required. An SLTT law enforcement or correctional agency that does not accept tactical coordination by the designated lead C-UAS agency may not conduct C-UAS operations, including detection and warning operations using systems requiring the authority of and relief from certain laws under the Act, within the geographic area and time period covered by the lead-agency designation.

(e) Overlapping SLTT operations. When the Federal Bureau of Investigation and Department of Homeland Security receive advance notifications from two or more SLTT law enforcement or correctional agencies for C-UAS operations that overlap in geographic area and time, the Federal Bureau of Investigation and Department of Homeland Security will notify all affected SLTT law enforcement and correctional agencies of the overlap. The affected agencies must designate a lead C-UAS agency for the overlapping area and time period, or establish a joint operational coordination arrangement, before any agency commences mitigation operations in the overlapping area. The designation or arrangement must be documented and provided to the Federal Bureau of Investigation and Department of Homeland Security. If the agencies cannot reach agreement within 48 hours of the Federal Bureau of Investigation and Department of Homeland Security's notification, the Federal Bureau of Investigation and Department of Homeland Security may designate operational parameters for the overlapping area, including frequency deconfliction assignments and geographic boundaries for each agency's mitigation operations.

(f) Deconfliction direction. If the deconfliction process identifies a conflict between a planned SLTT law enforcement or correctional agency C-UAS operation and an ongoing or planned Federal C-UAS, law enforcement, or national security operation that cannot be resolved through coordination, the Department of Justice, acting through the Federal Bureau of Investigation and in coordination with the Department of Homeland Security, may direct the SLTT law enforcement or correctional agency to modify the operational parameters of, or postpone, the planned operation until the conflict is resolved.

(g) Emergency exception preserved. This section does not affect an SLTT agency's authority to respond to an imminent risk to human life under § 124.9(g), including at an event with a designated lead C-UAS agency; however, the agency must notify the lead C-UAS agency immediately upon taking emergency action and must coordinate with the lead agency as soon as practicable thereafter.

(h) The requirements in paragraphs (a) through (g) of this section are established under the Attorney General's oversight authority pursuant to 6 U.S.C. 124n(d)(1) and the coordination obligations of 6 U.S.C. 124n(b)(4) and (d)(3); they do not transfer or diminish the SLTT agency's statutory authority and relief from certain laws under 6 U.S.C. 124n(a)(2).

§ 124.11 - Real-time air traffic control notification.

(a) Notification required. Any SLTT law enforcement or correctional agency, or its personnel, that activates a C-UAS system for mitigation purposes must, within five minutes of activation or as soon as operationally practicable, provide verbal or electronic notification to the notification point designated by the Federal Aviation Administration for real-time C-UAS coordination, using the procedures established under paragraph (b) of this section. Detection and warning operations do not require notification or coordination under this section.

(b) Notification procedures. An SLTT law enforcement or correctional agency must comply with the notification and reporting procedures jointly established by the Department of Homeland Security, the Department of Justice, and the Federal Aviation Administration for real-time communication to air traffic control of C-UAS mitigation actions using a radio frequency-emitting C-UAS system. The notification must identify the type of C-UAS action, the time of activation, and the location. The NCUTC will include training on these notification procedures in the mitigation training course.

(c) Notification upon termination. Upon termination of the mitigation action, the SLTT law enforcement or correctional agency must provide a follow-up notification to the designated Federal Aviation Administration notification point confirming the time of termination.

(d) Non-RF mitigation. Mitigation actions that do not involve radio frequency-emitting systems do require notification under this section unless the Department of Transportation or Federal Aviation Administration's applicable notification procedures established under this section provide otherwise. Such actions remain subject to the advance coordination and post-operation reporting requirements of §§ 124.9 and 124.13.

§ 124.12 - Detection and warning operations.

(a) Scope. This section governs detection and warning operations using systems whose operation requires the authority of and relief from certain laws under 6 U.S.C. 124n(a)(2). Detection and warning activity conducted using systems that do not require the authority of the Act or the relief it provides from certain laws is not subject to this part.

(b) Conditions. An SLTT law enforcement or correctional agency may conduct detection and warning operations under this section if:

(1) All personnel conducting detection and warning operations hold a current Detection and Warning Certification;

(2) The agency deploys only systems within technology categories listed on the Authorized Technologies List and, where populated, specific systems listed on the Authorized Systems List;

(3) The agency has adopted an implementation policy under § 124.6(a) or a detection and warning policy under § 124.6(g), has completed the applicable portal attestation, and has authorized the operation by a C-UAS Operations Plan under § 124.8; and

(4) The agency complies with the privacy, data handling, and retention requirements of § 124.14.

(c) Coordination. No per-operation (that is, for each individual deployment or activation of a C-UAS system) advance notification, Federal Aviation Administration coordination, or Federal Communications Commission coordination is required for detection and warning operations that employ only systems that do not emit radio frequency energy and do not affect aviation safety. Such operations must be authorized by a C-UAS Operations Plan under § 124.8, which documents operational authority, data handling and retention, and legal review. For detection and warning operations involving RF-emitting systems, such as active warning broadcast systems, the advance coordination requirements of § 124.9 apply, and the operation must be authorized by a C-UAS Operations Plan under § 124.8.

(d) Reporting. The 48-hour reporting requirement of § 124.13 does not require per-event reporting of detection and warning operations. Each SLTT law enforcement or correctional agency conducting detection and warning operations under this section must report detection activity in the semiannual operational summary required by § 124.13, including the detection systems deployed by Authorized Technologies List category, the locations at which systems were deployed, the total number of detection events recorded, instances of retention of records of communication beyond 180 days, and any data-sharing arrangements. A physical seizure or confiscation under 6 U.S.C. 124n(b)(1)(E) that results from a detection and warning operation is a 6 U.S.C. 124n action, but it is documented through the agency's normal evidence-handling procedures and is not separately reported under this part. The recovery of a crashed or abandoned unmanned aircraft that does not involve the use of 6 U.S.C. 124n authority is not a 6 U.S.C. 124n confiscation and is not subject to the reporting requirements of this part.

(e) Prohibition on mitigation. Personnel holding only a Detection and Warning Certification are not authorized to take any mitigation action or any other action that affects an unmanned aircraft in flight, regardless of the operator's ultimate objective. If a detection operation identifies a credible threat requiring mitigation, this rule requires that the agency respond through mitigation-certified personnel operating under §§ 124.8 and 124.9 or through coordination with Federal C-UAS assets. This prohibition is absolute and is not subject to the emergency exception of § 124.9(g), which is available only to an agency with mitigation-certified personnel and authorized mitigation capability.

§ 124.13 - Post-operation reporting.

(a) Report required. Any SLTT law enforcement or correctional agency exercising authority under 6 U.S.C. 124n(a)(2) must submit a post-operation report as required by 6 U.S.C. 124n(d)(2)(C)(i) within 48 hours of whichever occurs first:

(1) Taking any mitigation action described in 6 U.S.C. 124n(b)(1)(C), (D), or (F);

(2) Any confiscation of an unmanned aircraft or UAS under 6 U.S.C. 124n(b)(1)(E); or

(3) The conclusion of an operation where notification was provided.

(b) Other confiscations. A confiscation that does not occur pursuant to 6 U.S.C. 124n(b)(1)(E) may be documented through the agency's normal evidence-handling procedures and does not need to be separately reported under this part.

(c) Content. The post-operation report must contain:

(1) Confirmation whether the planned operation did or did not occur as notified;

(2) The date, time, and geographic location of the reportable action;

(3) A brief description of the credible threat that a UAS or unmanned aircraft posed to the safety or security of people, a facility, or an asset; a venue or set of venues used for large-scale public gatherings or events; critical infrastructure; or a correctional facility necessitating the action;

(4) The type of capability employed, including the specific system or systems used by reference to the Authorized Systems List and Authorized Technologies List category, or where the Authorized Systems List had not yet been populated for a particular Authorized Technologies List category at the time of the action, the Authorized Technologies List category; and in all cases the make, model, hardware version, firmware revision, and software version of the system or systems as deployed;

(5) Any known operational effects, including the seizure, disabling, damage, or destruction of a UAS or unmanned aircraft; any reported effects on other aviation systems, spectrum users, or persons and property on the surface or in the air; any aviation accident; whether a temporary flight restriction was granted or denied; and any other harm, damage, or loss to a person or to private property;

(6) Any issues, anomalies, or deviations encountered during the operation; and

(7) Summary operational statistics, including the number of UAS detected, counted as confirmed detections attributable to a distinct unmanned aircraft and reported in good faith with reasonable deduplication; warnings issued; mitigation actions taken; UAS or unmanned aircraft seized or confiscated; and any criminal charges, citations, regulatory enforcement actions, or arrests resulting from the operation.

(d) Submission mechanism. Reports must be submitted through the designated Federal C-UAS coordination portal. Submission through the portal satisfies the notification requirement to both the Attorney General and the Secretary of Homeland Security, as the portal routes reports to the Federal Bureau of Investigation and Department of Homeland Security automatically.

(e) Immediate notification for unintended consequences. If a detection, warning, or mitigation action results in unintended consequences, including interference with manned aviation or lawfully operating UAS, property damage, injury, or system malfunction affecting third parties, the SLTT law enforcement or correctional agency must immediately notify the Federal Bureau of Investigation and Department of Homeland Security by the most expedient means available, in addition to the 48-hour post-operation report. The Federal Bureau of Investigation will notify the Office of the Deputy Attorney General, the Department of Transportation, the Federal Aviation Administration, the Federal Communications Commission, and other affected agencies as appropriate.

(f) Consolidated reporting. Where multiple reportable events occur within a 48 hour period, an SLTT law enforcement or correctional agency may submit a single consolidated post-operation report covering all actions taken during the period, due within 48 hours of the first reportable event, provided that each action is documented with the data elements required by paragraph (c) of this section and that any action resulting in unintended consequences is reported immediately under paragraph (e) of this section.

(g) Recurring venue reporting. For recurring venue operations conducted under a standing operational window authorized by § 124.8(h), each discrete event within the authorization period must be reported separately.

(h) Semiannual operational summary. Each SLTT law enforcement or correctional agency exercising authority under this part must submit a semiannual operational summary through the designated Federal C-UAS coordination portal, covering total operations conducted, mitigation actions taken, detection activity, instances of retention of records of communication beyond 180 days, instances in which control communications were disclosed outside the originating agency organized by the legal basis for their disclosure, compliance issues identified, and lessons learned. The summary must also report the requests the agency received for C-UAS protection from critical infrastructure or airport owners or operators that are not SLTT law enforcement or correctional agencies, the number of those requests to which it provided protection, and the number it was unable to support as well as the reasons it was unable to provide support.

(i) Reporting to support congressional and oversight requirements. The Federal Bureau of Investigation will compile information from post-operation reports and semiannual summaries to support the biannual report required by 6 U.S.C. 124n(d)(2)(D) and the semiannual briefings required by 6 U.S.C. 124n(g), in coordination with the Secretary of Homeland Security and the Secretary of Transportation. The compilation will include:

(1) The frequency, location, and circumstances of SLTT law enforcement and correctional agencies' mitigation deployments and the types of mitigation employed;

(2) A list of any aviation security or safety incidents, and any aviation accidents, that occurred due to SLTT law enforcement and correctional agencies' deployment of C-UAS technologies;

(3) Recommendations for improving SLTT law enforcement and correctional agencies' C-UAS training, oversight, compliance, and execution, and the compliance audits required by section 8606(b)(2) of the SAFER SKIES Act; and

(4) A determination whether SLTT law enforcement and correctional agencies are able to fully protect critical infrastructure from the UAS threat and, if not, recommendations on how to expand C-UAS authorities to critical infrastructure owners. This determination is informed by the protection-request data reported under paragraph (h) of this section.

(5) Instances in which records of communications were retained beyond 180 days, or in which control communications were disclosed outside the originating agency.

§ 124.14 - Privacy and civil liberties.

(a) General. In exercising authority under 6 U.S.C. 124n(a)(2), an SLTT law enforcement or correctional agency and its personnel must comply with the requirements of 6 U.S.C. 124n(e), including the implementation of privacy protections with respect to the interception, acquisition, access, maintenance, use, and dissemination of communications, consistent with the First and Fourth Amendments to the Constitution of the United States and applicable provisions of Federal law. All operations under this part must comply with the requirements of the Fourth Amendment and the policies of the applicable SLTT law enforcement or correctional agency with respect to searches and seizures, and individual searches and seizures conducted during C-UAS operations remain subject to the Fourth Amendment reasonableness requirement.

(b) First Amendment. No C-UAS authority under this part may be used solely to seize, monitor, deter, interfere with, or disrupt individuals exercising rights protected by the First Amendment to the Constitution of the United States. When C-UAS operations are conducted at events or locations where individuals are exercising First Amendment rights, personnel must take affirmative steps to minimize the collection, retention, and dissemination of information about those individuals, and must not use C-UAS-derived information to identify, track, or build records on individuals based on their exercise of protected rights.

(c) Scope of interception. Communications may be intercepted or acquired only to the extent necessary to support an action described in 6 U.S.C. 124n(b)(1).

(1) Material captured that is not control communications is incidental capture. Agencies must configure systems to minimize incidental capture, and incidentally captured material determined not to be relevant to a C-UAS, law enforcement, or national security purpose must not be reviewed, retained, or disseminated and must be purged as soon as practicable.

(2) During the contemporaneous C-UAS operation, personnel may view incidentally captured material only to the extent necessary for C-UAS detection, tracking, identification, or mitigation purposes and may not use it for general surveillance or monitoring. If it becomes apparent that the captured video, audio, or other data stream is not control communications, the interception of such communications must be discontinued, and the interception of incidentally captured material must be documented in the post-operation report. When a system's configuration permits adjustment of the scope of interception, such as frequency range, geographic coverage, or signal type, operators must use the narrowest configuration consistent with operational effectiveness.

(3) For standing detection deployments exceeding 30 days, the agency must conduct a review, not less than quarterly, to confirm that the scope of interception remains proportionate to the operational need, that incidental collection of non-UAS communications is being minimized, and that data handling and purge procedures are being executed on schedule. The review may be conducted on a program-wide basis for facilities.

(4) Where identifying the threat requires processing the control signaling of all unmanned aircraft in range, the control communications of an unmanned aircraft determined not to pose a threat may not be retained or used beyond what is needed to make the threat determination and must be purged on the same schedule as other incidental material.

(d) Records of communications and retention. (1) Control communications captured, recorded, or maintained by SLTT C-UAS systems constitute records of communications to or from a UAS within the meaning of 6 U.S.C. 124n(e)(3) and must be maintained only for as long as necessary, and in no event for more than 180 days, unless the Agency Approving Official or the agency's chief legal officer determines that maintenance of such records is necessary to investigate or prosecute a violation of law, to directly support an ongoing security operation, for the purpose of any litigation, or is required under Federal, State, local, Tribal, or territorial law, consistent with 6 U.S.C. 124n(e)(3).

(2) Data retained under the ongoing security operation exception must be reviewed at 90-day intervals and purged when the operation concludes, unless another exception applies.

(3) When an agency determines that records of communications will be retained beyond 180 days under any exception, the agency must notify the Federal Bureau of Investigation through the portal within 30 days of the determination.

(4) Pattern data, once extracted and recorded independently, is not a record of communications and is not subject to the 180-day limit. Data generated by systems whose operation does not implicate the electronic surveillance laws referenced in the notwithstanding clause of 6 U.S.C. 124n(a)(2) is likewise not subject to the 180-day limit.

(5) For data retained under the investigation or prosecution exception, the existence of an open investigative or prosecutorial case file documenting the data as evidence satisfies the required determination. For data retained under any other exception, the Agency Approving Official or the agency's chief legal officer must document the specific basis for retention. If an agency has neither an Agency Approving Official nor a chief legal officer, an official holding a rank not below a Senior Executive or Senior Official, or its equivalent, must document the specific basis for retention.

(6) A standing operational window authorized under § 124.8(h) does not itself constitute an ongoing security operation for purposes of the retention exception; that exception applies only when a specific, identified threat or other intelligence justifies continued retention of specific records to support a discrete protective objective, and the 90-day review must assess whether the specific security basis for retention continues to exist.

(7) The exception for retention required under Federal, State, local, Tribal, or territorial law applies when a specific provision of law affirmatively requires retention of the particular type of data at issue, not when a general records retention schedule incidentally encompasses C-UAS data.

(e) Dissemination. (1) Control communications acquired under this part may be disclosed outside the disseminating agency only as authorized by 6 U.S.C. 124n(e)(4): when necessary to investigate or prosecute a violation of law; to support the Department of Defense, a Federal law enforcement agency, or the enforcement activities of a regulatory agency of the Federal Government in connection with a criminal or civil investigation of, or any regulatory, statutory, or other enforcement action relating to an action described in 6 U.S.C. 124n(b)(1); or as otherwise required by law.

(2) This part does not prohibit the use, as evidence in a subsequent proceeding, of information lawfully obtained incidental to an SLTT law enforcement or correctional agency C-UAS operation, consistent with applicable law.

(3) At the time of any dissemination of control communications, the disseminating agency must document, in the audit trail required by paragraph (g) of this section, the 6 U.S.C. 124n(e)(4) basis for the dissemination, the category of recipient, whether the handling caveat required by paragraph (f) of this section was conveyed, and whether the dissemination included control communications.

(4) A real-time detection feed is governed by the substantive character of the data it transmits. A feed that transmits control communications acquired under this part is subject to the requirements of this section applicable to such data and the limitations under 6 U.S.C. 124n(e)(1), (2), and (4). A feed that transmits only data described in paragraph (e)(6) of this section is not subject to those limitations.

(5) Pattern data that contains no control communications may be disseminated consistent with the agency's standard data handling and information sharing policies and applicable law. Before disseminating pattern data beyond the agency, the disseminating agency must verify anonymization in accordance with its implementation policy and screen the product for operationally sensitive information that would reveal specific coverage patterns, capabilities, gaps, or methods. Public release of pattern data products requires approval at the level designated by the agency's implementation policy.

(6) Data not acquired using the authorities or reliefs provided by 6 U.S.C. 124n,including.S.C. 124n(a)(2), is not subject to the disclosure limitations of paragraph (e)(1) of this section and may be shared consistent with the agency's standard data handling and information sharing policies and applicable law. Sharing for situational awareness with recipients that are not law enforcement or correctional agencies, including critical infrastructure owners or operators and the public, is limited to data described in this paragraph, unless the disclosure of control communications is authorized under paragraph (e)(1) of this section.

(f) Protective purpose limitation. Because the authority of 6 U.S.C. 124n(a)(2) is limited to mitigation of a credible threat, an SLTT law enforcement or correctional agency may disseminate control communications acquired pursuant to the agency's authorities and statutory reliefs under 6 U.S.C. 124n(a)(2) only for law enforcement action arising from the UAS activity that prompted the C-UAS operation, or for aviation safety. An SLTT law enforcement or correctional agency may not disseminate such control communications for use in an investigation or enforcement action unrelated to UAS activity unless the communications are independently obtainable through lawful means not dependent on the authorities and statutory reliefs under 6 U.S.C. 124n(a)(2). At the time of dissemination, the disseminating agency must communicate the protective purpose for which the control communications are being shared.

(g) Audit trail. Each SLTT law enforcement or correctional agency exercising authority under this part must maintain an audit trail sufficient to document each instance in which C-UAS authority was exercised, the basis for the action, the disposition of any data acquired, and any dissemination of data under this part. The audit trail must be searchable and accessible to compliance auditors, protected against unauthorized modification or deletion, and retained for a minimum of 6 years. The agency's implementation policy must specify the format and system of records for the audit trail.

(h) State and local retention conflicts. When an SLTT law enforcement or correctional agency determines that a State, local, Tribal, or territorial records retention requirement applicable to law enforcement or correctional agency records encompasses C-UAS communications data and the agency cannot comply with both the 180-day retention limit and that retention requirement, the agency must retain the data for the period required by the applicable law and must apply the handling restrictions of this part, including the prohibition on use for unrelated law enforcement purposes and the dissemination restrictions of this section, for the full duration of retention.

(i) Third-party acquisition. An SLTT law enforcement or correctional agency may not request, purchase, subscribe to, or operationally rely on intercepted UAS control communications acquired by any actor lacking lawful authority and relief from certain otherwise applicable laws for the underlying interception, regardless of whether the agency directed or facilitated the original interception. An agency acquiring UAS intelligence from a third-party source must document the source's lawful authority and relief from otherwise applicable laws for any intercepted content and must apply the retention and dissemination requirements of this section to data so acquired. The agency's implementation policy must specify procedures for evaluating third-party source authority and relief from certain otherwise applicable laws, which must include review and concurrence by appropriate State, local, territorial, or Tribal legal counsel.

(j) Vendor data sharing. An SLTT law enforcement or correctional agency may provide operational raw sensor data to system vendors for purposes of system diagnostics, troubleshooting, and performance validation, provided that any communications content is removed before disclosure and the data is used solely for the specific purpose identified. The agency's implementation policy must establish the conditions for vendor data sharing consistent with this paragraph and applicable privacy protections.

§ 124.15 - Protection of sensitive operational information.

(a) Sensitive system information. Information that links the specific capabilities, vulnerabilities, operating parameters, or countermeasure effectiveness of C-UAS systems to planned or completed operations, including deployment locations, operating radio frequencies, tactical employment methods, and threat-specific mitigation approaches, must be treated as law enforcement sensitive, protected from public disclosure to the extent permitted by applicable law, and, where the information reveals a capability gap of national security concern, evaluated for classification. Other operational coordination information associated with a planned or completed operation, such as the existence, general timing, or general coverage area of a deployment, must be handled as Controlled Unclassified Information and may be shared with covered Federal and SLTT law enforcement and correctional partners, including a State-designated aviation point of contact, for a lawful government purpose. General technical specifications and evaluation data not associated with a specific planned or completed operation are not subject to these handling requirements. All information described in this paragraph remains subject to any applicable classification, export control, or proprietary restriction.

(b) Protection from disclosure. An SLTT law enforcement or correctional agency must take the steps available under applicable State, local, Tribal, or territorial law to protect operationally sensitive information from disclosure through public records requests or civil discovery, and should coordinate with the prosecuting authority in criminal prosecutions arising from C-UAS operations to limit testimony and pleadings to the information necessary to establish the elements of the offense. Nothing in this section requires an agency to take any action inconsistent with applicable State, local, Tribal, or territorial public records law.

(c) Markings. Advance notifications, C-UAS Operations Plans, post-operation reports, and compliance audit records must be marked with appropriate sensitivity designations.

(d) Permitted disclosures. This section does not prohibit disclosure of sensitive system information to authorized Federal officials, to other participating SLTT agencies in the course of operational coordination, or to the public to the extent required by statute or court order.

§ 124.16 - Compliance and enforcement.

(a) Compliance audits. The Attorney General, in coordination with the Secretary of Homeland Security and the Administrator of the Federal Aviation Administration, will periodically conduct compliance audits of SLTT law enforcement and correctional agencies exercising authority under 6 U.S.C. 124n(a)(2), as required by 6 U.S.C. 124n(d)(2)(B) and section 8606(b)(2) of the SAFER SKIES Act, to oversee compliance with this part and the privacy protections of 6 U.S.C. 124n(e) as well as to prevent misuse of C-UAS authority. The audit program will include review of post-operation reports, advance notification records, and agency implementation policies. The FAA will participate with respect to the aviation safety, airspace safety coordination, and deconfliction aspects of the compliance audits conducted under this section.

(b) Civil fines and penalties. An SLTT law enforcement or correctional agency, or its personnel authorized to take mitigation actions under 6 U.S.C. 124n(a)(2), that knowingly engages in such actions without Federal coordination as required by 6 U.S.C. 124n and the SAFER SKIES Act, including the advance coordination required by § 124.9, the real-time air traffic control notification required by § 124.11, and the post-action notification to the Attorney General and the Secretary of Homeland Security required by 6 U.S.C. 124n(d)(2)(C) and implemented by § 124.13(a), may be subject to a civil fine of up to $100,000 per violation, or suspension of C-UAS authority pending review by the Attorney General or the Secretary of Homeland Security, as provided in section 8605(f) of the SAFER SKIES Act. Civil penalties will be assessed in accordance with graduated penalty levels proportionate to the severity of the violation and the factors set forth in this part, including the agency's compliance history, the availability and quality of compliance assistance from Federal partners, whether the violation resulted in actual harm, and whether the agency took prompt corrective action. A civil penalty will not be assessed for a first violation of a procedural reporting or notification requirement when the agency demonstrates a good-faith effort to comply and voluntarily self-reports the deficiency. Violations of requirements of this part other than the Federal coordination requirements described in this paragraph do not give rise to civil penalties under section 8605(f) of the SAFER SKIES Act; they are addressed through the compliance audit program of this section, certification and accreditation suspension under § 124.5, and any other remedy available under law.

(c) Civil enforcement. The Attorney General is authorized to bring a civil action in a United States district court to collect fines and enforce civil penalties imposed under this section against any agency or individual, as provided in section 8605(g) of the SAFER SKIES Act.

(d) Relationship to certification or accreditation suspension. In addition to civil penalties, the Attorney General or designee may suspend a Mitigation Certification, Detection and Warning Certification, or accreditation under § 124.5(i) for violations of this part. Certification or accreditation suspension may be imposed independently of or in conjunction with other actions described in this section.

§ 124.17 - Confiscation and forfeiture.

(a) Confiscation authority. (1) An SLTT law enforcement or correctional agency and its personnel may seize or otherwise confiscate a UAS or unmanned aircraft as described in 6 U.S.C. 124n(b)(1)(E). This authority is contingent on a credible threat and applies to the physical taking of possession of an unmanned aircraft that is no longer active in flight or any other UAS component, such as a ground control station.

(2) This authority does not require Mitigation Certification, the use of systems on the Authorized Technologies List or Authorized Systems List, or advance coordination under § 124.9. However, personnel exercising confiscation authority under 6 U.S.C. 124n(b)(1)(E) must hold a current Detection and Warning Certification issued by the NCUTC. An officer who seizes an unmanned aircraft or any other UAS component under traditional law enforcement authority, including an abandoned or crashed unmanned aircraft, does not require Detection and Warning Certification.

(3) Any action that employs C-UAS technology to disrupt or seize control of, damage, disable, or destroy the unmanned aircraft or UAS is an action under 6 U.S.C. 124n(b)(1)(C), (D), or (F) and requires Mitigation Certification.

(4) Personnel exercising confiscation authority should follow standard law enforcement evidence handling procedures, including maintaining chain of custody, preserving digital evidence stored on the aircraft or its flight controller, and observing applicable hazardous materials precautions.

(5) This part does not affect the authority of any law enforcement or correctional officer to take physical custody of an unmanned aircraft or UAS under traditional law enforcement authority independent of 6 U.S.C. 124n. Traditional law enforcement authority refers to the seizure authorities generally available to law enforcement under applicable Federal, State, local, Tribal, or territorial law, including seizure incident to arrest, seizure of evidence or contraband pursuant to a warrant or a recognized exception to the warrant requirement, and seizure of abandoned property. Once an unmanned aircraft or UAS is on the ground and confiscated, subsequent law enforcement actions, including threat assessment, render safe procedures, evidence collection, and search warrant execution, are governed by traditional legal authorities, including Fourth Amendment requirements and applicable exigency or emergency doctrines, rather than by 6 U.S.C. 124n.

(6) When a C-UAS operation involves a known or suspected unmanned aircraft being used as a delivery mechanism for a hazardous device, the response to the hazardous device must be conducted by a public safety bomb squad accredited through the Hazardous Devices School, consistent with the National Guidelines for Bomb Technicians or any successor publication.

(7) The physical act of interception of a third-party unmanned aircraft while it is in flight, such as catching or netting an aircraft by hand or using a non-electronic physical device to capture it in the air, implicates 6 U.S.C. 124n(b)(1)(D), (E), or (F). Personnel conducting such actions must therefore hold a Mitigation Certification. This does not apply to the erection of physical barriers that a drone operator has an obligation to avoid, such as netting affixed to a physical structure.

(b) Forfeiture. Any UAS or unmanned aircraft seized by an SLTT law enforcement or correctional agency pursuant to 6 U.S.C. 124n(a)(2) is subject to forfeiture under the laws of the seizing agency's jurisdiction, as provided in 6 U.S.C. 124n(c)(2).

§ 124.18 - Activities for evaluation, testing, training, and pre-operational validation.

(a) Scope and legal basis. An SLTT law enforcement or correctional agency that holds current accreditation under this part may conduct operational acceptance testing of acquired systems and systems under procurement consideration, on-the-job proficiency training, and interoperability training exercises to maintain C-UAS operational readiness. Testing and training do not and must not involve the mitigation of a credible threat and are not conducted under the authority of 6 U.S.C. 124n(a)(2). The operation of RF-emitting systems during testing and training is conducted under applicable Federal Communications Commission authorization and Federal Aviation Administration coordination requirements, and only against controlled test targets owned or operated by, or operated with the consent of, the SLTT law enforcement or correctional agency. An SLTT law enforcement or correctional agency acting pursuant to this section may utilize only authorized technologies under § 124.7. The SLTT law enforcement or correctional agency is responsible for verifying that all necessary Federal Aviation Administration authorizations or regulatory relief for operation of any unmanned aircraft or UAS, including unmanned aircraft or UAS forming part of a C-UAS system, have been obtained prior to any testing, training, or exercises. Compliance with this section is a condition of maintaining certification and accreditation under this part.

(b) Personnel. Only personnel holding a current Mitigation Certification may operate mitigation systems during evaluation testing, training, and exercises. Testing, training, and exercises may not be used to train or evaluate uncertified personnel on the operation of mitigation systems. Contractors and vendor representatives may provide technical support and instruction on system-specific procedures but may not independently operate mitigation systems against test targets.

(c) Evaluation testing and training activities plan. Before conducting testing, training, or exercises involving RF-emitting C-UAS mitigation systems, the agency must prepare a written activities plan specifying the date, time, and location; the purpose; the systems and equipment to be used; the test, training, or exercise targets; the assigned operators; safety controls; privacy measures; the types of data to be collected and their planned disposition; documentation of Federal Aviation Administration and Federal Communications Commission spectrum coordination for the C-UAS activities, and documentation of any necessary Federal Aviation Administration authorizations or regulatory relief for the operator of the target unmanned aircraft or UAS and for the operation any unmanned aircraft or UAS that form part of the C-UAS system. The activities plan must be approved by the Agency Approving Official or designee and reviewed by the agency's legal counsel.

(d) Coordination. Testing, training, and exercises, involving RF-emitting systems, or systems that may affect aviation safety, civilian aviation and aerospace operations, aircraft airworthiness, or the use of the airspace, require advance coordination with the Federal Aviation Administration and, for spectrum authorization, with the Federal Communications Commission.

(e) Privacy within evaluation testing and training. The agency must favor testing, training, and exercise locations and activities that minimize exposure to non-participating third parties. The agency must not intentionally target, monitor, or collect the communications of non-participating third parties. Communications incidentally collected from non-participating third parties must be purged at the conclusion of the testing, training, or exercise activity, or as soon as practicable thereafter.

(f) Mitigation restriction. During testing, training, and exercises, the agency may not intentionally mitigate any UAS or unmanned aircraft that is not a controlled test target, unless necessary to protect against an imminent risk to human life or as part of an approved C-UAS Operations Plan. An action taken to protect against an imminent risk to human life must comply with the emergency exception set forth in § 124.9(g).

(g) Pre-operational validation. Before commencing mitigation operations at an event or facility, an agency may conduct pre-operational validation or equipment functional checks within the operational window and airspace restrictions already coordinated through the advance notification process under § 124.9. The C-UAS Operations Plan must document the pre-operational validation plan and required notifications. No separate authorization from the Department of Homeland Security or the Department of Justice beyond the advance notification is required.

(h) Participation in Federal RTTE. Personnel holding active Mitigation Certification may participate in research, testing, training, and evaluation (RTTE) events conducted by Federal components under 6 U.S.C. 124n(b)(3). Personnel may engage with systems in mitigation technology categories beyond those for which they hold an active Mitigation Certification or that are not on the ATL or ASL as part of the event. Participants act under the Federal component's authority and supervision.

§ 124.19 - Task force arrangements and Federal support.

(a) Task force and deputization arrangements preserved. Task force and deputization arrangements under 6 U.S.C. 124n(a)(1) are not affected by this part. An SLTT law enforcement or correctional agency participating in such an arrangement may continue that participation indefinitely, so long as the deputizing Federal agency continues to have C-UAS authority and relief from certain laws under 6 U.S.C. 124n(a)(1). Nothing in this part requires an agency to seek accreditation under this part, conditions any task force or deputization arrangement on accreditation, or terminates or limits any such arrangement.

(b) Concurrent authority. The availability of independent SLTT law enforcement and correctional agency authority under 6 U.S.C. 124n(a)(2) does not preclude continued participation in C-UAS task forces or deputization arrangements under 6 U.S.C. 124n(a)(1). An SLTT law enforcement or correctional agency and its officers may exercise independent authority and participate in Federal task force operations concurrently or at different times as operational circumstances warrant. Task force operations are governed by the policies applicable to the sponsoring Federal component.

(c) Federal support. An SLTT law enforcement or correctional agency may request C-UAS support from an authorized Department of Justice or Department of Homeland Security component. Such support, when provided, constitutes a Federal operation under 6 U.S.C. 124n(a)(1) and is governed by the policies applicable to the supporting component, and the requesting agency's personnel participating in the operation do so under the Federal component's authority and supervision, consistent with applicable task force or deputization arrangements. No formal gubernatorial request is required under this part. Support from the Department of Defense, when available, is governed by the Department of Defense's own authorities, including 10 U.S.C. 130i and 2564, and applicable Department of Defense policies, not by this part.

§ 124.20 - Construction.

(a) No private right. This part is not intended to, does not, and may not be relied upon to create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.

(b) Manned aircraft. Nothing in this part authorizes the use of C-UAS authority against any aircraft or aircraft system operated with a human pilot, crew, or passengers onboard.

(c) Mass gatherings. Consistent with 6 U.S.C. 124n(h)(5), nothing in this part provides a new basis of liability for any State, local, territorial, or Tribal law enforcement officer who participates in the protection of a mass gathering identified by the Secretary of Homeland Security or the Attorney General under 6 U.S.C. 124n(l)(3)(C)(iii)(II), acts within the scope of the officer's authority, and does not exercise the authority granted to the Secretary of Homeland Security and the Attorney General by 6 U.S.C. 124n.

(d) Statutory scope. Nothing in this part alters the scope of the authority of, or the statutory reliefs under 6 U.S.C. 124n(a)(2). A determination that an action does not comply with this part may give rise to administrative, civil, or other consequences provided by law, but does not by itself determine whether the action falls outside the scope of the statutory authorization in, or the relief from criminal liability available under, 6 U.S.C. 124n. Such a determination will be made by the Attorney General, in coordination with the Secretary of Homeland Security and other appropriate officials.

§ 124.21 - Termination.

(a) Termination. Absent additional statutory authority, the authority of SLTT law enforcement and correctional agencies and their personnel under 6 U.S.C. 124n(a)(2) will terminate on December 31, 2031, as provided in 6 U.S.C. 124n(j)(2).

(b) Savings. Termination under paragraph (a) of this section does not affect any obligation, proceeding, or liability that arose before the termination date. Recordkeeping, retention, audit, reporting, and enforcement obligations with respect to operations conducted before the termination date, and any administrative or civil proceeding arising from those operations, survive the termination of authority under this part and remain in effect until satisfied or otherwise resolved.

§ 124.22 - Severability.

If any provision of this part, or the application of any provision to any person, entity, or circumstance, is held to be invalid or unenforceable by a court of competent jurisdiction, the remainder of this part, and the application of its provisions to any other persons, entities, or circumstances, shall not be affected and shall remain in full force and effect.

authority: 5 U.S.C. 301; 6 U.S.C. 124n,as,Title,Pub. L. 119-60, sec. 8601-8607, 139 Stat. 718, 1938-45 (2025))
source: 91 FR 41498, July 6, 2026, unless otherwise noted.
cite as: 28 CFR 124.12