Part II of this series, Levels of Protection, addressed the levels of protection available under the SAFETY Act and their associated benefits. This post discusses how a company prepares and submits an application under the SAFETY Act to the Office of SAFETY Act Implementation (“OSAI”) and the important role outside counsel can play in that process.

Technology Assessment

Before your company begins the process of applying for protection under the SAFETY Act, it should retain outside counsel with extensive SAFETY Act experience to perform an internal assessment of the relevant technology. This assessment should engage internal subject-matter experts representing a cross-section of teams, including legal, technical, and other supporting departments.

Experienced counsel can act as a central coordinator of this effort, leveraging company expertise to collect data and identify other relevant information that presents a full view of how the technology works and defends against terrorism. This could include how the technology is managed and overseen, its product development, auditing and quality assurance processes, training, and customer service.

Counsel can also help identify areas to explore and flag potential issues, including matters OSAI is likely to scrutinize. Retaining counsel who have familiarity with the process and relationships with OSAI will also help the application processes move smoothly. And critically, retaining counsel can cloak sensitive assessments of the relevant technology in privilege, allowing the company to appraise the technology frankly and without fear that these assessments could become evidence in a lawsuit.

Pre-Application

The first official step towards obtaining SAFETY Act protection is completing a pre-application. The pre-application introduces OSAI to the company and its technology and solicits OSAI’s feedback. Obtaining this consultation is an important step of the SAFETY Act application process.

The pre-application does not necessarily require all the information that would be contained in a full application, though such information could be included at the company’s discretion. It is important to note that information submitted to OSAI under the SAFETY Act is designated “SAFETY Act Confidential Information” and is exempted from federal disclosure laws.^[1]

The pre-application will be examined by OSAI staff, who usually complete their review within 21 days. OSAI staff will then arrange a meeting with the applicant in which they provide feedback on the pre-application. This feedback makes drafting an application more efficient and provides insight into the likelihood of approval. This valuable interaction increases the chances of approval and helps the company form an effective working relationship with OSAI. Counsel can assess this feedback based on their experience with OSAI and then provide guidance on how to move forward with a full application.

Application

The next step is drafting a full SAFETY Act application. As with the initial technology assessment, experienced counsel can guide applicants through this sometimes complex and nuanced process. Applications are lengthy and should be completed with care, including by addressing OSAI’s pre-application feedback. Applicants must determine whether to seek designation or certification, understanding that the latter will require more documentation and undergo greater scrutiny. Also, the pre-application process may reveal that additional document review, interviews, and testing are required, all of which should be completed at the direction of counsel to preserve privilege.

When the application is submitted, OSAI will evaluate it for completeness and then undertake technical and economic reviews of the technology.^[2] After the reviews are complete, OSAI will compile its findings and circulate them internally to reach a consensus. While OSAI endeavors to complete this review process in 120 days, it is currently averaging approximately 170 days.^[3] The timeline will vary depending on the completeness and complexity of application materials.

During OSAI’s review of the application, it may send requests for information seeking further details about the technology. The applicant will also need to submit evidence of its general liability insurance coverage.^[4] One of the key benefits of obtaining SAFETY Act protection is capping liability for certified acts of terrorism to an amount of general liability insurance designated by OSAI. The company should work with counsel to evaluate its general liability insurance program.^[5] Failing to maintain required insurance or submitting inaccurate certifications are grounds to terminate SAFETY Act protection.^[6]

Government Response and Approval

After completing its review of the application, OSAI will issue a decision letter. Should OSAI award SAFETY Act protection, the letter will deem the technology a “qualified anti-terrorism technology” (“QATT”) and specify the level of protection. An appendix to the letter will provide a specific description of the QATT. The letter will also contain information about insurance requirements and liability caps and may contain conditions specific to the applicant or technology. Companies should review these conditions, called “contours,”^[7] with counsel and satisfy them as directed.^[8] 

Following approval, the company may use SAFETY Act mark(s) in its external communications and marketing materials, subject to OSAI terms and conditions. If the applicant approves public listing, the QATT will be placed on the Department of Homeland Security’s SAFETY Act Approved Product List.

SAFETY Act protection is typically granted for five years. Your company should take careful note of when SAFETY Act protection expires, since renewal is not automatic. A shorter renewal application must be submitted.^[9] Renewal applications should be submitted at least six months before expiration to ensure no lapse in protection.

Impacts on Risk Management

Once certification or designation is achieved, your company should incorporate SAFETY Act protection into its risk-management strategies. Part IV of this series will address the SAFETY Act’s impacts on insurance, including insurance priority, risk management, applications, renewals, and obtaining recovery if a claim arises that is not a certified act of terrorism.

^[1] See 6 C.F.R. §§ 25.2, 25.4(e), 25.10.

^[2] See 6 C.F.R. § 25.6(b)-(d).

^[3] SAFETY Act.gov, SAFETY Act Metrics, https://www.safetyact.gov/SAFETY-Act-Metrics.

^[4] See 6 C.F.R. § 25.5(f).

^[5] See 6 C.F.R. § 25.5(a)-(d).

^[6] See SAFETY Act 101 Briefing, The Support Anti-Terrorism by Fostering Effective Technologies (SAFETY) Act of 2002, OSAI Sci. & Tech. Directorate, Dep’t of Homeland Sec., https://www.safetyact.gov/_entity/annotation/f0ec2f4b-fe61-3bc4-a505-b9dc22349b64 (last visited June 27, 2024).

^[7] See 6 C.F.R. § 25.6(e).

^[8] The requirements are further described in 6 U.S.C. § 443(b). Please also consult the regulations as to implementing the agency’s guidelines. See, e.g., 6 C.F.R. § 25.5.

^[9] See 6 C.F.R. § 25.6(f).

Read Part 1

Read Part 2 

Eric Hutchins contributed to this article