Hunton Insurance Recovery Blog

Part I of this series, SAFETY Act is Powerful Protection Against Emerging Liabilities, addressed the benefits of obtaining SAFETY Act coverage, including: 

• From a reputational perspective, SAFETY Act protection provides benefits even absent a security incident: it demonstrates that a knowledgeable federal agency has examined the relevant technology and determined that it is both safe and effective. 
• SAFETY Act protection can benefit companies taking steps to enhance the security of their physical premises and operations, or their cybersecurity defenses, to reduce their potential liability and enhance their reputation.
• Other benefits include—depending on the level of protection—powerful liability protections including exclusive federal jurisdiction and choice of law for the venue where the incident occurred, caps on liability, prohibitions on punitive damages, and government contractor immunity.

This post will explain the levels of protection that a company can seek under the SAFETY Act.

Qualified Anti-Terrorism Technologies

The Office of SAFETY Act Implementation (OSAI), within the Department of Homeland Security, reviews and designates or certifies “qualified anti-terrorism technologies” (QATTs) that the DHS believes will be effective to prevent or mitigate the harm from acts of terrorism. 

The SAFETY Act defines QATT as a “Technology (including information technology) designed, developed, modified, procured, or sold for the purpose of preventing, detecting, identifying, or deterring acts of terrorism or limiting the harm such acts might otherwise cause.”  6 C.F.R. § 25.2.  “Technology” is defined as a “product, equipment, service (including support services), device, or technology (including information technology) or any combination of the foregoing.”  Id.  This also includes “[d]esign services, consulting services, engineering services, software development services, software integration services, threat assessments, vulnerability studies, and other analyses relevant to homeland security.”  Id.

Examples of QATTs include facilities security programs, threat detection systems, enhanced cybersecurity tools, threat and vulnerability assessments, detection systems, blast mitigation materials, screening services, sensors and sensor integration, threatening object detectors, decision support software, security plans and services, crisis management systems, and venue security.[1]  QATTs can even include cyber risk management governance frameworks.  Part I of this series includes examples of recent recipients of SAFETY Act protection, showing great diversity in the recipients, industries, and types of QATTs receiving SAFETY Act protections.

Types of SAFETY Act Coverage

Technologies may qualify as QATTs under one of three standards, outlined below:

Development Testing and Evaluation Designation (sometimes called DT&E):  DT&E designation, in green above, is intended to protect technology still in development.  It is reserved for technology in a prototype stage, with lab tests that are not operational, to protect that technology while it is being tested in the field and that testing exposes the seller to risk.[2]  To receive DT&E designation, the technology should suggest potential effectiveness.  Designation is granted for up to three years, and the liability cap is limited to certain applications of the technology (reflecting its experimental nature).[3] 

Designation:  Designation, in blue above, is the baseline level of protection under the SAFETY Act.  Certification (in red) and DT&E designation apply standards that are higher and lower, respectively, than the standard to be designated.

Designation is granted for a five- to eight-year term.  Upon designation, the company will receive the following benefits with respect to the QATT:  (1) liability capped to an appropriate amount of insurance, determined by the OSAI; (2) exclusive federal jurisdiction over any claims asserting liability from an act of terrorism and choice of law for the venue of the attack; (3) no joint and several liability for non-economic damages; (4) no punitive damages or prejudgment interest; and (5) recovery is reduced by amounts from collateral sources.[4] 

Certification:  To certify a technology, the OSAI must conclude that the technology has consistently proven effective—with a high confidence that it will remain effective—in preventing or mitigating terrorism.  “High confidence” means consistent positive results that satisfy documented procedures and standards.[5]  On top of the criteria for designation, certified technology must perform as intended, conform to the seller’s specifications, and be safe for use as intended.  The seller must provide safety and hazard analyses of the technology. 

Like Designation, Certification is granted for a five- to eight-year term.  Upon Certification, the company will receive all of the benefits of designation, as well as (6) government contractor immunity from claims asserting liability from an act of terrorism[6] and (7) placement on the SAFETY Act’s Approved Product List for Homeland Security.[7] 

Obtaining Protection under the SAFETY Act

Part III of this series will address all stages of the application process and provide an overview of the challenges your company is likely to face along the way. 

[1] See SAFETY Act 101 Briefing at 3, Department of Homeland Security.

[2] 6 C.F.R. § 25.4(f).

[3] See SAFETY Act 101 Briefing at 3, Department of Homeland Security.

[4] See 6 U.S.C. § 442; 6 C.F.R. § 25.7.

[5] See SAFETY Act 101 Briefing at 3, Department of Homeland Security.

[6] See 6 C.F.R. § 25.8.

[7] See 6 C.F.R. § 25.9.