The Support Anti-terrorism by Fostering Effective Technologies Act of 2002 (SAFETY Act) provides strong liability protections for sellers of and others involved with “qualified anti-terrorism technologies” when that technology is deployed in relation to an act of terrorism.[1] This program is administered by the Department of Homeland Security (DHS).

Designation of Qualified Anti-Terrorism Technologies

A qualified anti-terrorism technology (QATT) is defined as “any product, equipment, service (including support services), device, or technology (including information technology) designed, developed, modified, or procured for the specific purpose of preventing, detecting, identifying, or deterring acts of terrorism or limiting the harm such acts might otherwise cause, that is designated as such by the Secretary.”[2] The concept of “technology” includes design services, threat assessments, vulnerability studies and other analyses relevant to homeland security.[3]

In deciding whether to designate a technology as QATT, DHS uses its judgement and discretion to consider and weigh certain criteria including:[4]

  • Prior US Government use or demonstrated substantial utility and effectiveness of the technology;
  • Availability of the technology for immediate deployment in public and private settings;
  • Existence of extraordinarily large or extraordinarily unquantifiable potential third party liability exposure to the seller or other provider of the technology;
  • Substantial likelihood that the technology will not be deployed without the protections afforded by a designation;
  • Magnitude of the risk to the public if the technology is not deployed;
  • Evaluation of scientific studies that can be feasibly conducted in order to assess the capability of the technology to substantially reduce risks of harm;
  • Whether the technology would be effective in facilitating the defense against acts of terrorism; and
  • Any determination by federal, State or local authorities that the technology is appropriate for preventing, detecting, identifying or deterring acts of terrorism or limiting the harm caused by acts of terrorism.

DHS has introduced a special designation for technologies that have not yet been deployed. A technology that is still being developed, tested, evaluated, modified or otherwise being prepared for deployment may qualify for a “developmental testing and evaluation designation” (DT&E). A DT&E designation is limited in time and scope as described in the designation.[5] Otherwise, a DT&E designation operates in the same manner as a regular QATT designation.

Liability Insurance

The seller of a QATT is required to maintain liability insurance covering third-party claims arising from the deployment of the QATT in the defense against, response to or recovery from an act of terrorism.[6] DHS considers the appropriate terms and amount of insurance for each QATT based on a number of factors and describes the applicable insurance requirements in the designation for that QATT.[7] In any event, DHS cannot require a type or amount of insurance that is not available on the world market or which would unreasonably distort the sales price of the technology.[8]

To the extent of their respective potential liabilities, the liability insurance must protect the seller and its:

  • Contractors;
  • Subcontractors;
  • Suppliers;
  • Vendors; and
  • Customers.

DHS can decide that an action arising out of a particular QATT may only be brought against the seller. In such a circumstance, the insurance is only required to cover the seller.[9]

Limitation of Liability

Liability for all claims against a seller of a QATT arising out of, relating to, or resulting from an act of terrorism (when the QATT has been deployed in defense against or response or recovery from the act of terrorism) is limited to the amount of required insurance coverage. This limitation applies to all liabilities of the seller whether for compensatory or punitive damages or for contribution or indemnity.[10]

Reciprocal Waiver of Claims

The seller must enter into a reciprocal waiver of claims with respect to those involved in the manufacture, sale, use or operation of the QATT. Specifically, the reciprocal waiver is require with respect to:[11]

  • The seller’s contractors;
  • The seller’s subcontractors;
  • The seller’s suppliers;
  • The seller’s vendors;
  • The seller’s customers;
  • The contractors of the seller’s customers; and
  • The subcontractors of the seller’s customers.

The reciprocal waiver provides that each party agrees to be responsible for losses resulting from an act of terrorism (when the QATT has been deployed in defense against or response or recovery from the act of terrorism):

  • The party itself sustains; and
  • The party’s own employees sustain.

Losses subject to the reciprocal waiver are death, bodily injury or loss of and damage to property including resulting business interruption losses.

The failure to obtain a reciprocal waiver does not invalidate the designation or certification of the QATT.[12]

Determination of an Act of Terrorism

The Secretary of Homeland Security may determine that an act is an act of terrorism if the act:[13]

  • Is unlawful;
  • Causes harm to a person, property or entity in the US, or in the case of a domestic US air carrier or a US-flag vessel (or a vessel based principally in the US on which US income tax is paid and whose insurance coverage is subject to regulation in the US), in or outside the US; and
  • Uses or attempts to use instrumentalities, weapons or other methods designed or intended to cause mass destruction, injury or other loss to citizens or institutions of the US.

Litigation Management

The SAFETY Act establishes an exclusive federal cause of action for claims arising out of, relating to, or resulting from an act of terrorism (when a QATT has been deployed in defense against, response to or recovery from the act of terrorism) where the claims result or may result in loss to the seller.[14]

The substantive law for such action is derived from the law (including choice of law principles) of the State in which the act of terrorism occurred, unless the State’s law is inconsistent with or preempted by federal law.

This federal cause of action may be brought only for claims for injuries that are proximately caused by sellers of the QATT.

Limitations of Damages

In an exclusive federal action brought against a seller of a QATT, the claimant right to recovery is significantly limited.[15] Specifically, the claimant cannot recover:

  • Punitive damages;
  • Exemplary damages;
  • Damages not intended to compensate for the claimant’s actual losses;
  • Pre-judgment interest;
  • Non-economic damages in the absence of physical bodily harm; or
  • Any damages otherwise covered by collateral sources.

Further, noneconomic damages (e.g., pain and suffering) are limited to an amount directly proportional to the percentage of responsibility of the seller for the harm to the claimant.

Government Contractor Defense

The seller of a QATT may also seek an additional certification. DHS will issue a certification of conformance if DHS’s review of the design of the QATT allows it to determine that the technology performs as intended, conforms to the seller’s specifications and is safe for use as intended.[16]

If a seller has received a certification of conformance for its QATT, the seller enjoys a rebuttable presumption that the government contractor defense applies to claims brought against it under the exclusive federal cause of action.[17] In these circumstances, the government contractor defense is available whether or not the QATT was sold to the federal government. The certification itself creates a presumption that the action against the seller should be dismissed.[18]

The presumption of the applicability of the government contractor defense can only be overcome by evidence showing that the seller acted fraudulently or with willful misconduct in submitting its application to the DHS for designation or certification. Specifically, the claimant can only rebut the presumption with evidence of a knowing and deliberate intent to deceive DHS.[19]

Exception to Limitations of Liability

The limitations of liability set forth in the SAFETY Act do not shield any person or government that:[20]

  • Attempts to commit, knowingly participates in, aids and abets or commits any act of terrorism, or any criminal act related to or resulting from an act of terrorism; or
  • Participates in a conspiracy to commit an act of terrorism or any related criminal act.

Status of Designations and Certifications

In July 2018, DHS announced it had made over 1000 designations and certifications under the SAFETY Act.

Proposed Amendments to the SAFETY Act

The National Cybersecurity and Critical Infrastructure Protection Act of 2014 would have expanded the SAFETY Act to include “cybersecurity technologies.”[21] Although the Bill passed the House of Representatives on July 28, 2014, it did not proceed in the Senate.

Under this proposal, DHS would have the authority to determine whether a qualifying cyber incident had occurred. In evaluating a potential a determination, DHS would consider whether the incident meets all of the following criteria:

  • The incident is unlawful or otherwise exceeds authorized access authority;
  • The incident disrupts or imminently jeopardizes the integrity, operation, confidentiality, or availability of programmable electronic devices, communication networks (including hardware, software and data that are essential to their reliable operation) electronic storage devices, or any other information system, or the information that the system controls, processes, stores, or transmits;
  • The perpetrator of the incident gains access to an information system or a network of information systems resulting in—
    • Misappropriation or theft of data, assets, information, or intellectual property;
    • Corruption of data, assets, information, or intellectual property;
    • Operational disruption; or
    • An adverse effect on the system or network, or the data, assets, information, or intellectual property contained therein; and
  • The incident causes harm inside or outside the US that results in material levels of damage, disruption, or casualties severely affecting the US population, infrastructure, economy, or national morale, or federal, State, local, or tribal government functions.

Litigation Relating to the SAFETY Act

Litigation citing the SAFETY Act has arisen out of the mass shooting on October 1, 2017, at the Route 91 Harvest Festival in Las Vegas.[22] In that case, the operator of the festival and a hotel sought a declaration that the SAFETY Act applies to claims and potential claims against them for allegedly failing to provide appropriate security.

The festival operator and hotel allege that Contemporary Services Corporation had been hired to provide security at the festival site. Further, the complaint alleges that the security firm’s security services were designated as a QATT and certified under the SAFETY Act.

Interestingly, the Complaint alleges that the SAFETY ACT does not require DHS to determine that an act of terrorism has taken place in order for the protections of designation or certification to apply. The Complaint also points to various statements of the DHS allegedly referring to the shooting as a terrorist attack in Congressional testimony and in a press release.

In response, DHS posted a special notice on its website that “to date, the Secretary of Homeland Security has not made any such determination regarding the Route 91 Harvest Festival mass shooting incident [and] the matter is currently under review within the Department of Homeland Security.”[23]

[1] 6 U.S.C. § 441-444.
[2] 6 U.S.C. § 444(1).
[3] 6 C.F.R. § 25.2.
[4] 6 U.S.C. § 441; 6 C.F.R. § 25.4(b).
[5] 6 C.F.R. § 25.4(f).
[6] 6 U.S.C. § 443.
[7] 6 C.F.R. § 25.5(g).
[8] 6 U.S.C. § 443(a)(2); 6 C.F.R. § 25.5(2).
[9] 6 U.S.C. § 443(a)(3); 6 C.F.R. § 25.5(2)(c).
[10] 6 U.S.C. § 443(c); 6 C.F.R. § 25.7(a).
[11] 6 U.S.C. § 443(b) and 443(5); 6 C.F.R. § 25.2 and 25.5(e).
[12] 6 C.F.R. § 25.5(e).
[13] 6 U.S.C. § 444(2).
[14] 6 U.S.C. § 442(a); 6 C.F.R. § 25.7(d).
[15] 6 U.S.C. § 442(b), 6 C.F.R. § 25.7(b).
[16] 6 C.F.R. § 25.2.
[17] 6 U.S.C. § 442(d); 6 C.F.R. § 25.8.
[18] 6 C.F.R. § 25.8(c).
[19] 6 C.F.R. § 25.8(b).
[20] 6 U.S.C. § 442(e).
[21] H.R. 3396 (113th Congress).
[22] MGM Resorts International v. Acosta, 2:18-cv-01288 (D. Nev. filed July 13, 2018).
[23] Special Announcement,