Rule2025-20606
Enhanced Air Cargo Advance Screening (ACAS)
Primary source
Metadata and text below are from the Federal Register, a public-domain U.S. government work. Always verify the official published version before relying on it for any legal matter.
Published
November 21, 2025
Effective
November 21, 2025
Issuing agencies
Homeland Security DepartmentU.S. Customs and Border Protection
Abstract
To address ongoing aviation security threats, U.S. Customs and Border Protection (CBP) is amending its regulations pertaining to the Air Cargo Advance Screening (ACAS) program to require the transmission of additional data elements. The ACAS program enhances the security of flights carrying cargo into the United States by requiring the transmission of certain air cargo data and performing targeted risk assessments based on the transmitted data prior to an aircraft's departure for the United States. These risk assessments identify and prevent high-risk air cargo from being loaded onto an aircraft that could pose a risk to an aircraft during flight.
Full Text
<html>
<head>
<title>Federal Register, Volume 90 Issue 223 (Friday, November 21, 2025)</title>
</head>
<body><pre>
[Federal Register Volume 90, Number 223 (Friday, November 21, 2025)]
[Rules and Regulations]
[Pages 52796-52845]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2025-20606]
[[Page 52795]]
Vol. 90
Friday,
No. 223
November 21, 2025
Part II
Department of Homeland Security
-----------------------------------------------------------------------
U.S. Customs and Border Protection
-----------------------------------------------------------------------
19 CFR Parts 103 and 122
Enhanced Air Cargo Advance Screening (ACAS); Final Rule
��Federal Register / Vol. 90 , No. 223 / Friday, November 21, 2025 /
Rules and Regulations��
[[Page 52796]]
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
U.S. Customs and Border Protection
19 CFR Parts 103 and 122
[Docket No. USCBP-2025-0053; CBP Dec. 25-08]
RIN 1651-AB61
Enhanced Air Cargo Advance Screening (ACAS)
AGENCY: U.S. Customs and Border Protection, DHS.
ACTION: Interim final rule; request for comments.
-----------------------------------------------------------------------
SUMMARY: To address ongoing aviation security threats, U.S. Customs and
Border Protection (CBP) is amending its regulations pertaining to the
Air Cargo Advance Screening (ACAS) program to require the transmission
of additional data elements. The ACAS program enhances the security of
flights carrying cargo into the United States by requiring the
transmission of certain air cargo data and performing targeted risk
assessments based on the transmitted data prior to an aircraft's
departure for the United States. These risk assessments identify and
prevent high-risk air cargo from being loaded onto an aircraft that
could pose a risk to an aircraft during flight.
DATES:
Effective Date: This interim final rule is effective as of November
21, 2025.
Comment Date: Comments must be received by January 20, 2026.
ADDRESSES: Please submit any comments, identified by docket number
USCBP-2025-0053, by the following method:
<bullet> Federal eRulemaking Portal: <a href="https://www.regulations.gov">https://www.regulations.gov</a>.
Follow the instructions for submitting comments.
Instructions: All submissions received must include the agency name
and docket number for this rulemaking. All comments received will be
posted without change to <a href="https://www.regulations.gov">https://www.regulations.gov</a>, including any
personal information provided. For detailed instructions on submitting
comments and additional information on the rulemaking process, see the
``Public Participation'' heading of the SUPPLEMENTARY INFORMATION
section of this document.
Docket: For access to the docket to read background documents or
comments received, go to <a href="https://www.regulations.gov">https://www.regulations.gov</a>.
FOR FURTHER INFORMATION CONTACT: Joseph Martella, Cargo and Conveyance
Security, Office of Field Operations, U.S. Customs & Border Protection,
by telephone at 646-315-4330 or by email at
<a href="/cdn-cgi/l/email-protection#95dffae6f0e5fdbbd8f4e7e1f0f9f9f4d5f6f7e5bbf1fde6bbf2fae3"><span class="__cf_email__" data-cfemail="93d9fce0f6e3fbbddef2e1e7f6fffff2d3f0f1e3bdf7fbe0bdf4fce5">[email protected]</span></a>.
SUPPLEMENTARY INFORMATION:
Table of Contents
I. Public Participation
II. Executive Summary
III. Background and Purpose
A. Regulatory History
B. Statutory Authority
C. CBP Regulatory Requirements
1. 19 CFR 122.48a--Electronic Information for Air Cargo Required
in Advance of Arrival
2. 19 CFR 122.48b--ACAS
D. TSA Requirements
E. Air Cargo Security Risks
F. The Enhanced ACAS Program Development Process
IV. ACAS Program Revisions
A. Enhanced ACAS Data Element Definitions
B. Mandatory Data Elements
C. Conditional Data Element: Master Air Waybill Number
D. Conditional Data Element: Verified Known Consignor
Information
E. Conditional Data Elements That May Be Required When There Is
Not a Verified Known Consignor
F. Optional Data Elements
G. Retention of Government-Issued Photo Identification Document
Copies
H. Exemption of ACAS Data From Disclosure
I. Phased Enforcement
J. Severability
V. Statutory and Regulatory Reviews
A. Administrative Procedure Act
B. Executive Orders 12866, 13563, and 14192
C. Regulatory Flexibility Assessment
D. Unfunded Mandates Reform Act
E. Privacy Act of 1974 and E-Government Act of 2002
F. Paperwork Reduction Act
G. International Trade Impact Assessment
H. Congressional Review Act
Table of Abbreviations
ABI--Automated Broker Interface
ACAS--Air Cargo Advance Screening
APA--Administrative Procedure Act
ATS--Automated Targeting System
BLS--Bureau of Labor Statistics
CBP--U.S. Customs and Border Protection
CFR--Code of Federal Regulations
CRA--Congressional Review Act
DHS--Department of Homeland Security
DNL--Do-Not-Load
EIA--Energy Information Administration
E.O.--Executive Order
EU--European Union
FDM--Flight Departure Message
FR--Federal Register
GDP--Gross Domestic Product
HAWB--House Air Waybill
IFR--Interim Final Rule
IG--Implementation Guide
IP--Internet Protocol
IT--Information Technology
MAC--Media Access Control
MAWB--Master Air Waybill
NCSP--National Cargo Security Program
OMB--Office of Management and Budget
PNR--Passenger Name Record
PRA--Paperwork Reduction Act
RFA--Regulatory Flexibility Act
SBA--U.S. Small Business Administration
SKU--Stock Keeping Unit
SSI--Sensitive Security Information
TSA--Transportation Security Administration
UMRA--Unfunded Mandates Reform Act
URL--Uniform Resource Locator
U.S.--United States
U.S.C.--United States Code
VPN--Virtual Private Network
I. Public Participation
Interested persons are invited to participate in this rulemaking by
submitting written data, views, or arguments on all aspects of this
interim final rule (IFR). CBP also invites comments that relate to the
economic, environmental, or federalism effects that might result from
this IFR. Comments that will provide the most assistance to CBP will
reference a specific portion of the IFR, explain the reason for any
recommended change, and include data, information, or authority that
support such recommended change.
II. Executive Summary
Intentional attacks on international aviation continue to pose a
significant threat to the security of aircraft and individuals entering
the United States. For example, in July 2024, incendiary devices caused
fires at several air cargo facilities in Europe. If the devices had
ignited mid-air, the resulting fires could have caused the catastrophic
loss of an aircraft, threatening the safety and security of all
individuals and property in the vicinity of the incident.
The Department of Homeland Security (DHS) was established, in part,
to prevent such attacks, and to ensure aviation safety and security.
Within DHS, U.S. Customs and Border Protection (CBP) and the
Transportation Security Administration (TSA) have responsibilities for
securing international air cargo bound for the United States. Working
together, CBP and TSA employ a layered security approach to secure
aircraft entering the United States, which includes risk assessment
methods that identify high-risk cargo for further screening.
As part of this layered security approach, CBP's Air Cargo Advance
Screening (ACAS) program requires inbound air carriers or other
eligible filers to transmit specified air cargo data as early as
practicable, but no later than prior to the loading of the cargo onto
an aircraft. This data is analyzed as part of a joint CBP-TSA targeting
operation that identifies high-risk cargo for further interventions
before the cargo can be
[[Page 52797]]
loaded onto an aircraft bound for the United States. In response to the
July 2024 incidents, CBP, in coordination with TSA, determined that it
is necessary to modify the ACAS program to more effectively identify
high-risk air cargo.
CBP, in collaboration with TSA, established the ACAS program in
response to an October 2010 attack in which terrorists placed concealed
explosive devices in cargo on board two aircraft destined for the
United States. The devices, disguised as printers, were designed to
detonate mid-air over the continental United States with enough
explosive potential to cause catastrophic damage to the two aircraft.
The attack was ultimately thwarted when the devices were discovered
through the combined efforts of multiple foreign and domestic
intelligence agencies. If not discovered, the devices could have caused
significant loss of life and damage to property on board any of the
aircraft that the devices transited on, including passenger aircraft
that carry air cargo. Despite the positive conclusion, the attack
highlighted significant vulnerabilities in air cargo security as the
devices had flown on board several flights prior to discovery.
To address vulnerabilities identified in CBP's analysis of the
October 2010 attack, CBP, in collaboration with TSA, established the
ACAS program to expedite the transmission of certain air cargo
information used by CBP when conducting risk assessments. CBP and TSA
also established a joint CBP-TSA targeting operation that analyzes
transmitted air cargo data by utilizing CBP's Automated Targeting
System (ATS) and other available intelligence as a risk targeting tool.
This targeting operation enables CBP and TSA to address specific threat
information in real time and identify high-risk cargo shipments that
require further scrutiny. CBP's objective for the ACAS program is to
obtain the most accurate data at the earliest time possible while
minimizing any impact that the collection of data might have on the
flow of commerce. The ACAS transmission timeline enables CBP and TSA to
deter and disrupt threats faced by aircraft carrying cargo into the
United States by identifying high-risk air cargo prior to an aircraft's
departure for the United States. CBP and TSA requirements ensure that
high-risk cargo shipments identified through this process receive
appropriate screening and, if necessary, are prevented from transport
in civil aviation. Following extensive discussions with members of
industry and testing, CBP and TSA mandated participation in the ACAS
program through the publication of CBP's ACAS IFR, effective June 12,
2018 (83 FR 27380) (``2018 IFR''), and through revisions to TSA's
standard security programs.
Under section 122.48a of title 19 of the Code of Federal
Regulations (19 CFR 122.48a), for any inbound aircraft required to make
entry under 19 CFR 122.41 that will have commercial cargo aboard, CBP
must receive air cargo information from the air carrier or other
approved party no later than the time of departure (when the aircraft
departs from certain foreign ports near the United States) or no later
than four hours prior to arrival in the United States (when the
aircraft departs from any other foreign area). Prior to the
implementation of the ACAS program in 2018, the 19 CFR 122.48a timeline
for the transmission of electronic information meant that an aircraft
could depart from a foreign port and be airborne, enroute to the United
States before any information regarding air cargo on board was
transmitted to CBP. Without CBP's receipt of air cargo data and the
completion of an effective risk assessment prior to an aircraft's
departure from a foreign port, a threat actor could place dangerous
cargo on board an aircraft, threatening the security of the aircraft
and any persons or property in its vicinity.
CBP's ACAS requirements, 19 CFR 122.48b, apply to any inbound
aircraft required to make entry under 19 CFR 122.41 that will have
commercial cargo on board. The ACAS data transmission is in addition to
the advance filing requirements for aircraft under 19 CFR 122.48a.
Under the ACAS program, an inbound air carrier and/or other eligible
ACAS filer must transmit specified air cargo data (hereafter referred
to as ``ACAS data'') to CBP as early as practicable, but not later than
prior to the loading of the cargo onto the aircraft. This time frame
allows CBP to analyze ACAS data, identify if the cargo has a nexus to a
threat, and, with TSA, take the necessary action, such as preventing
loading of the suspected high-risk cargo on aircraft, to thwart
potential threats before an aircraft departs for the United States. A
complete ACAS filing includes the transmission of all applicable ACAS
data as required by 19 CFR 122.48b(d). The ACAS regulations refer to
individual ACAS data requirements as data elements. In the 2018 IFR,
CBP listed six mandatory data elements which must be transmitted for
each ACAS filing and one conditional data element which must be
transmitted only under certain circumstances. The regulation also
provides that ACAS filers may choose to provide certain optional data
elements.
Information received under the ACAS program enables the joint CBP-
TSA targeting operation to identify high-risk cargo and CBP to issue
Do-Not-Load (DNL) instructions or referrals for additional information
or screening. When the available information points to an immediate or
lethal threat to the aircraft and its vicinity, the ACAS regulations
enable CBP to issue DNL instructions which prohibit the transportation
of cargo. Referrals for information are issued if a risk assessment
cannot be conducted due to non-descriptive, inaccurate, or insufficient
information in the ACAS filing. Referrals for screening are issued
pursuant to CBP authorities and resolved using the enhanced screening
procedures required by TSA-approved or accepted security programs.
TSA enforces the implementation of enhanced screening methods
through security program requirements under 49 CFR parts 1544 and 1546.
In accordance with TSA regulations, inbound air carriers are required
to comply with their respective TSA-approved or accepted security
program, including any changes being implemented for purposes of the
enhanced ACAS program.
The ACAS requirements and corresponding TSA-approved or accepted
security program requirements enhance the ability of CBP and TSA to
prevent air cargo that may contain a potential bomb, improvised
explosive device, or other material that may pose an immediate, lethal
threat to the aircraft or its vicinity from being loaded on board an
aircraft and allows law enforcement authorities to coordinate with
necessary parties.
Air cargo information received under the ACAS program has been an
effective risk-assessment tool for CBP's ongoing efforts to ensure
aviation safety and security including, but not limited to, combatting
terrorist threats to the homeland. However, recent developments
prompted CBP to review the ACAS program's requirements and announce
revisions that provide CBP with a more complete understanding of the
evolving threat environment. As explained under Section III.E. and
Section V.A., the July 2024 incendiary incidents, in combination with
specific, classified intelligence regarding the intent of threat actors
to exploit similar vulnerabilities, informed CBP's decision to
immediately revise the ACAS program in collaboration with TSA.
To address this new threat, CBP determined that it is necessary to
modify the ACAS program to require
[[Page 52798]]
inbound air carriers and other eligible filers to submit additional
ACAS data elements. As illustrated in Table 1, CBP is revising 19 CFR
122.48b(d) to include new mandatory, conditional, and optional data
elements applicable to air carriers and other eligible ACAS filers.
This IFR does not modify any existing substantive requirements under
the ACAS regulations other than the addition of the new ACAS data
elements. As such, CBP does not address any comments made or issues
identified under the 2018 IFR.
Unlike the previous set of ACAS data elements which were entirely a
subset of the data elements that must be submitted under 19 CFR
122.48a, the enhanced set of ACAS data elements combines the previous
subset of 19 CFR 122.48a data elements with a new set of data elements
unique to the ACAS program. The enhanced ACAS data elements will
provide CBP and TSA with a more complete picture of the parties
involved in cargo shipment transactions, the nature of the parties'
relationships, financial data related to cargo shipments, and
additional identifying information for certain online marketplaces and
shipments originating from individuals with unknown risk profiles. The
enhanced ACAS data elements were developed, in part, based on CBP's and
TSA's understanding of various indicators of the relative risk of cargo
shipments and will allow the joint CBP-TSA targeting operation to more
effectively identify cargo shipments that require further scrutiny.
As discussed in Section III.F., CBP conducted an implementation
period beginning in August 2024 to ensure the feasibility of sourcing
and transmitting the enhanced ACAS data elements. The implementation
period included extensive discussions with members of industry and
government agencies to assess and reduce any potential complications
associated with the new data elements. During the implementation
period, members of industry initiated the development of the
technological capabilities and business processes necessary to comply
with the enhanced ACAS data element requirements. Based on industry
feedback and CBP's own observations, CBP determined that it was
necessary to promulgate regulations under CBP's authorities that could
permanently mandate the transmission of the enhanced ACAS data
elements.
The table below contains a list of the ACAS data elements
previously required under 19 CFR 122.48b and the additional data
elements introduced by this rulemaking.
BILLING CODE 9111-14-P
[[Page 52799]]
[GRAPHIC] [TIFF OMITTED] TR21NO25.013
[[Page 52800]]
[GRAPHIC] [TIFF OMITTED] TR21NO25.014
BILLING CODE 9111-14-C
III. Background and Purpose\1\
---------------------------------------------------------------------------
\1\ The revisions to the list of data elements under 19 CFR
122.48b are discussed in greater detail in Section IV.
---------------------------------------------------------------------------
Within DHS, CBP and TSA have responsibilities for securing air
cargo bound for the United States from foreign ports. CBP, in
consultation with TSA, established the mandatory ACAS program in 2018
to require the transmission of certain air cargo data prior to the
departure of a U.S.-bound aircraft from a foreign port. The following
subsections describe the regulatory history of the ACAS program, the
statutory authorities for the ACAS program, existing CBP and TSA
regulatory requirements, the security threat that prompted the
publication of this IFR, and the development process for the enhanced
ACAS data elements required by this IFR.
A. Regulatory History
On December 5, 2003, the Bureau of Customs and Border Protection
(now CBP) published the Required Advance Electronic Presentation of
Cargo Information final rule to require the transmission of electronic
cargo information for cargo arriving in or departing from the United
States by any mode of transportation.\2\ The 2003 final rule added 19
CFR 122.48a to require the electronic transmission of certain
information pertaining to the commercial cargo on board aircraft
entering the United States no later than the time of departure from
certain ports near the United States or no later than
[[Page 52801]]
four hours prior to arrival in the United States when the aircraft
departs from any other foreign area.
---------------------------------------------------------------------------
\2\ 68 FR 68140 (Dec. 5, 2003).
---------------------------------------------------------------------------
In October 2010, a terrorist plot to place explosives on board
cargo aircraft destined for the United States highlighted
vulnerabilities in cargo aviation security. In response to this threat,
CBP, in collaboration with TSA, established the Air Cargo Advance
Screening (ACAS) pilot program in December 2010. The ACAS pilot
required participants to provide certain information concerning air
cargo at the earliest point practicable in the supply chain.
Participation in the ACAS pilot was on a voluntary basis. CBP and TSA
also established a joint CBP-TSA targeting operation that utilizes
CBP's ATS as a dynamic risk targeting tool to analyze the ACAS data and
other available intelligence to better identify cargo that poses a high
security risk. The ACAS data transmission timeline allows the joint
CBP-TSA targeting operation to identify high-risk cargo for further
screening prior to the departure of an aircraft bound for the United
States. The ACAS pilot was formalized and expanded in an October 2012
Federal Register notice; however, participation was still on a
voluntary basis.\3\ As the ACAS program developed, CBP determined that
it was necessary to mandate the transmission of ACAS data.
---------------------------------------------------------------------------
\3\ 77 FR 65006 (Oct. 24, 2012).
---------------------------------------------------------------------------
On June 12, 2018, CBP published the ACAS interim final rule
(IFR).\4\ The 2018 IFR implemented a mandatory ACAS program under 19
CFR 122.48b, which specifies the general ACAS requirements, the
eligible filers, the ACAS data elements, the time frame for providing
the data to CBP, the responsibilities of the filers, and the process
regarding ACAS referrals and DNL instructions.
---------------------------------------------------------------------------
\4\ 83 FR 27380 (Jun. 12, 2018).
---------------------------------------------------------------------------
Through the 2018 IFR, CBP also amended 19 CFR 122.48a to reference
the ACAS requirements and to incorporate a few additional changes.
Specifically, CBP amended 19 CFR 122.48a to revise the definition of
the consignee name and address data element to provide a more accurate
and complete definition, and to add a new data element requirement, the
flight departure message (FDM), to enable CBP to determine the
timeliness of ACAS transmissions. CBP also amended the applicable bond
provisions in 19 CFR part 113 to incorporate the ACAS requirements.
For a detailed discussion of the statutory and regulatory
histories, the factors governing the development of the ACAS
regulations, and the changes to the regulations prior to the issuance
of this IFR, see the 2018 ACAS IFR.\5\
---------------------------------------------------------------------------
\5\ 83 FR 27380 (Jun. 12, 2018).
---------------------------------------------------------------------------
B. Statutory Authority
Section 343(a) of the Trade Act of 2002 (Trade Act), as amended,
authorizes CBP to promulgate regulations providing for the mandatory
transmission of electronic cargo information by way of a CBP-approved
electronic data interchange (EDI) system before cargo is brought into
or departs from the United States.\6\ Section 343(a)(2) of the Trade
Act authorizes CBP to require the transmission of any cargo information
that CBP ``determines to be reasonably necessary to ensure cargo safety
and security pursuant to those laws enforced and administered by
[CBP].''
---------------------------------------------------------------------------
\6\ See Trade Act of 2002, Public Law 107-210, 116 Stat. 982
(codified as amended at 19 U.S.C. 1415). This section was formerly
codified as a note to 19 U.S.C. 2071.
---------------------------------------------------------------------------
When developing regulations under CBP's section 343(a) Trade Act
authority, CBP must adhere to parameters under section 343(a)(3) that
require CBP to give due consideration to the concerns of the industry
and the flow of commerce. These parameters include, among others,
provisions requiring consultation with affected parties and the
consideration of the differences in commercial and operational
practices among the different parties. In addition, in determining the
timing for transmittal of any information, the statute requires CBP to
balance the likely impact of the data collection on the flow of
commerce with the cargo safety and security benefits. The statute also
requires CBP to protect the privacy of business proprietary and any
other confidential cargo information provided to CBP and ensure that
the information collected pursuant to the regulations be used for
ensuring cargo safety and security, preventing smuggling, and
commercial risk assessment targeting. Finally, the statute requires
that the obligations imposed must generally be upon the party most
likely to have direct knowledge of the required information, and if
not, that the obligations imposed take into account ordinary commercial
practices for receiving data and what the party transmitting the
information reasonably believes to be true.
The FAA Reauthorization Act of 2018, Public Law 115-254 (FAA Act),
was enacted on October 5, 2018, nearly four months after the
publication of the 2018 ACAS IFR. Among other things, section 1951 of
the FAA Act (codified at 49 U.S.C. 44901 note) requires the
Commissioner of CBP and the Administrator of TSA to establish an air
cargo advance screening program for the collection of advance
electronic information from air carriers and other persons within the
supply chain regarding cargo being transported to the United States by
air in order to perform risk targeting to prevent the loading and
transportation of high-risk cargo. Section 1951 also requires that CBP,
in coordination with TSA, issue final regulations that implement the
air cargo advance screening program within 180 days of enactment of the
FAA Act, by April 5, 2019. Despite some minor differences in the
terminology used in the 2018 IFR and the FAA Act regarding some of the
specific requirements, the ACAS program established by CBP, as set
forth in the 2018 IFR, is the type of program that Congress envisioned
in the FAA Act and the 2018 IFR substantially fulfills the requirements
of the FAA Act.
C. CBP Regulatory Requirements
Section 343(a) of the Trade Act authorizes CBP to promulgate
regulations providing for the mandatory transmission of cargo
information by way of a CBP-approved electronic data interchange (EDI)
system before the cargo is brought into or departs from the United
States by any mode of commercial transportation. Under section
343(a)(2) of the Trade Act, CBP may require cargo information that is
reasonably necessary to ensure cargo safety and security pursuant to
the laws enforced and administered by CBP. As described in Section
III.A., CBP previously issued a 2003 final rule and a 2018 IFR to
promulgate regulations requiring the transmission of advance air cargo
information under the Trade Act.
For any inbound aircraft required to make entry under 19 CFR 122.41
\7\ that will have commercial cargo aboard, the inbound air carrier or
other eligible filer must transmit certain data regarding that cargo to
CBP through a CBP-approved EDI system under two separate, but related,
sets of requirements. The following two subsections detail CBP's
transmission requirements for certain air cargo data under 19 CFR
122.48a (air manifest data) and 19 CFR 122.48b (ACAS). Section III.C.2.
describes the ACAS program requirements that have existed prior to
modification by this IFR. While the following summary is not inclusive
of all of the differences between the two
[[Page 52802]]
sets of requirements, the 19 CFR 122.48a filing requirements and the
ACAS requirements can be most notably distinguished by the differing
timelines for transmission of the data elements, the differing but
overlapping lists of data elements, and the differing lists of eligible
filers.
---------------------------------------------------------------------------
\7\ With certain limited exceptions, all aircraft coming into
the United States from a foreign area must make entry under subpart
E of 19 CFR part 122. See 19 CFR 122.41.
---------------------------------------------------------------------------
1. 19 CFR 122.48a--Electronic Information for Air Cargo Required in
Advance of Arrival
Under 19 CFR 122.48a, for any inbound aircraft required to make
entry that will have commercial cargo on board, air carriers or other
eligible filers are required to transmit certain air cargo data to CBP.
The data must be received by CBP no later than the time of departure
(when the aircraft departs from specified foreign areas near the United
States) or no later than four hours prior to arrival in the United
States (when the aircraft departs from all other foreign areas). The
individual data requirements are known as data elements.
The 19 CFR 122.48a data elements include:
(1) Air waybill number(s) (master and house, as applicable)
(2) Trip/flight number
(3) Carrier/ICAO (International Civil Aviation Organization) code
(4) Airport of arrival
(5) Airport of origin
(6) Scheduled date of arrival
(7) Total quantity based on the smallest external packing unit
(8) Total weight
(9) Precise cargo description
(10) Shipper name and address
(11) Consignee name and address
(12) Consolidation identifier (conditional)
(13) Split shipment indicator (conditional)
(14) Permit to proceed information (conditional)
(15) Identifier of other party which is to submit additional air
waybill information (conditional)
(16) In-bond information (conditional)
(17) Local transfer facility (conditional)
(18) Flight departure message
Paragraph (d) of 19 CFR 122.48a specifies, based on the type of
shipment, what data the inbound carrier must transmit to CBP and what
data other eligible filers may elect to transmit to CBP. There are
different requirements for consolidated and non-consolidated shipments.
A consolidated shipment consists of a number of separate shipments that
have been received and consolidated into one shipment by a party such
as a freight forwarder for delivery as a single shipment to the inbound
carrier. Generally speaking, a master air waybill (MAWB) is an air
waybill that is generated by the inbound carrier for a consolidated
shipment. In addition, each of the shipments in the consolidated
shipment has its own air waybill, referred to as the house air waybill
(HAWB). The HAWB provides the information specific to the individual
shipment that CBP needs for targeting purposes. The HAWB does not
include the flight and routing information for the consolidated
shipment (which is included on the MAWB). For consolidated shipments,
the inbound carrier must transmit to CBP the above cargo data that is
applicable to the MAWB, and a subset of the above data for all
associated HAWBs, unless another eligible filer transmits this data to
CBP. For non-consolidated shipments, the inbound carrier must transmit
to CBP all of the above cargo data for the air waybill record, as
applicable. For split shipments, i.e., shipments that have been divided
into two or more smaller shipments, either sent together or separately,
the inbound carrier must transmit an additional subset of this data for
each HAWB.
Eligible filers under 19 CFR 122.48a include the inbound air
carrier, whose participation is mandatory, Automated Broker Interface
(ABI) filers, Container Freight Stations/deconsolidators, Express
Consignment Carrier Facilities, and air carriers that arranged to have
the incoming air carrier transport the cargo into the United States.
Foreign indirect air carriers, which includes freight forwarders as
defined under 19 CFR 122.48b, are notably not included in the list of
potential 19 CFR 122.48a filers. This list of eligible filers contrasts
with the list of eligible filers under the ACAS program, as described
in the following subsection.
2. 19 CFR 122.48b--ACAS
CBP's regulatory ACAS requirements can be found under 19 CFR
122.48b. The ACAS requirements are the only regulatory requirements
amended through this IFR. CBP introduced the mandatory ACAS program in
2018 to require earlier transmission of ACAS data which, previous to
this IFR, was entirely a subset of the data collected under 19 CFR
122.48a. CBP relies on the timely transmission of the ACAS data
elements to create an informed assessment regarding the relative
security risk a particular shipment poses. ACAS data must be
transmitted as early as practicable, but no later than prior to the
loading of cargo onto an aircraft, which is in contrast to the broader
set of 19 CFR 122.48a data which may, in some cases, be transmitted
after the departure of an aircraft from a foreign port. This timing
requirement is one of the most significant operational differences
between the requirements found under 19 CFR 122.48a and those found
under 19 CFR 122.48b.
The inbound air carrier is ultimately responsible for ensuring that
mandatory and applicable conditional ACAS data elements are transmitted
to CBP. However, the ACAS regulations allow other entities to elect to
be ACAS filers. The following types of entities can elect to be an ACAS
filer, provided that the entities meet the ACAS filer requirements: ABI
filer (importer or its customs broker) as identified by its ABI filer
code; a Container Freight Station/deconsolidator as identified by its
FIRMS (Facilities Information and Resources Management System) code; an
Express Consignment Carrier Facility as identified by its FIRMS code;
an air carrier as identified by its carrier IATA (International Air
Transport Association) code, that arranged to have the inbound air
carrier transport the cargo to the United States; or a foreign indirect
air carrier (a term which encompasses freight forwarders). The
inclusion of foreign indirect air carriers in the list of eligible
filers for the ACAS program is different from the list of eligible
filers found under 19 CFR 122.48a. If an eligible party other than the
inbound air carrier files the ACAS data, the inbound air carrier may
also choose to transmit its own ACAS filing.
If a party that is eligible to elect to file ACAS data does not
participate in an ACAS filing, the party that arranges for and/or
delivers the cargo to the inbound air carrier must fully disclose and
present to the inbound air carrier any required ACAS data. See 19 CFR
122.48b(c)(4). If any third party that is not an eligible ACAS filer
possesses required ACAS data, that party must fully disclose and
present the required ACAS data to either the inbound air carrier or
other eligible ACAS filer for transmission to CBP. See 19 CFR
122.48b(c)(5).
ACAS filers are responsible for the accuracy of any ACAS data they
transmit. In accordance with Trade Act parameters, CBP recognizes that
certain factors outside of an ACAS filer's control could affect the
accuracy of ACAS data. Thus, ACAS data is accurate if it is the best
available data at the time of filing which is determined by
considering, in accordance with ordinary commercial practices, how the
presenting party acquired the information and whether and how the
presenting party is able to verify the
[[Page 52803]]
information. When a presenting party is not reasonably able to verify
the information, the standard of evaluation for accuracy is that which
the presenting party reasonably believes to be true. See section
343(a)(3)(B) of the Trade Act (19 U.S.C. 1415(a)(3)(B)); 19 CFR
122.48b(c)(6). If any of the ACAS data changes or more accurate ACAS
data becomes available after the initial ACAS filing, the ACAS filer
must update the initial filing up until the deadline listed for 19 CFR
122.48a data. See 19 CFR 122.48b(b)(2).
Under the regulations promulgated through the 2018 IFR, CBP
required ACAS filers to transmit six mandatory data elements in all
circumstances, one data element on a conditional basis, and recommended
the transmission of other data elements on an optional basis. The ACAS
data elements, found under 19 CFR 122.48b(d), utilized the same
definitions as the broader set of data elements found under 19 CFR
122.48a. The six mandatory data elements which must be transmitted in
each ACAS filing at the lowest air waybill level are:
(1) Shipper name and address;
(2) Consignee name and address;
(3) Cargo description;
(4) Total quantity based on the smallest external packing unit;
(5) Total weight of cargo; and
(6) Air waybill number.
The 2018 IFR also required the transmission of one conditional ACAS
data element, the master air waybill (MAWB) number. Conditional data
elements are only required under certain circumstances. If a
conditional data element is not required, transmission of the data
element is optional, but encouraged. The conditional MAWB number data
element provides the location of the high-risk cargo and allows CBP to
associate the cargo with an ACAS transmission. The MAWB number data
element is required (1) when the ACAS filer is a different party than
the party that will file the 19 CFR 122.48a data; (2) when the ACAS
filer transmits all the 19 CFR 122.48a data in the applicable ACAS time
frame through a single filing; or (3) when the inbound air carrier
would like to receive a status check from CBP on the ACAS assessment of
specific cargo. If not required under one of the three circumstances
listed above, transmission of the MAWB number is optional.
Under the 2018 IFR, CBP also created the optional category of data
elements which means that transmission of those data elements is
recommended, but not required. CBP specifically allowed for the
optional designation of a ``Second Notify Party'' to receive shipment
status messages from CBP. Additionally, CBP encouraged ACAS filers to
transmit any additional data elements listed under 19 CFR 122.48a that
are not required under 19 CFR 122.48b and any additional information
regarding ACAS data elements.
If CBP issues a referral for information under 19 CFR
122.48b(e)(1)(i), the ACAS filer may be required to submit additional
information beyond what is required under the ACAS data elements, such
as flight numbers and routing information, to resolve the ACAS
referral. See 19 CFR 122.48b(e)(2)(i). When necessary, this information
will be requested in a referral message.
CBP may issue a referral for screening if the potential risk of the
cargo is deemed high enough to warrant enhanced security screening.
When CBP issues a referral for screening under 19 CFR
122.48b(e)(1)(ii), the ACAS filer may resolve the referral using TSA-
approved enhanced screening methods if it is a party recognized by TSA
to perform screening. See 19 CFR 122.48b(e)(2)(ii). TSA approves the
use of enhanced screening methods pursuant to security programs issued
under 49 CFR parts 1544 and 1546; thus, an ACAS filer is not recognized
by TSA to perform the enhanced screening necessary to resolve a
referral unless the ACAS filer is regulated by TSA under 49 CFR part
1544 or 1546. See 83 FR 27380, 27381, 27384-85 (Jun. 12, 2018). If the
ACAS filer is a party other than the inbound air carrier and chooses
not to address the referral or is not a party recognized by TSA to
perform screening, the ACAS filer must notify the inbound air carrier
of the referral for screening. The inbound air carrier is responsible
for addressing referrals for screening unless another ACAS filer has
addressed the referral by performing the required enhanced screening.
Referrals for screening can only be resolved by parties recognized by
TSA to perform screening. See 19 CFR 122.48b(e)(2)(ii). To resolve a
referral for screening, the inbound air carrier and/or other eligible
ACAS filer must respond to the referral with information on how the
cargo was screened in accordance with TSA-approved or accepted enhanced
screening methods.
CBP may also issue a DNL instruction if it is determined, based on
the risk assessment and other intelligence, that the cargo may contain
a potential bomb, improvised explosive device, or other material that
may pose an immediate, lethal threat to aircraft, persons aboard, and/
or the vicinity. If a DNL instruction is issued, the cargo must not be
loaded onto the aircraft. The party in physical possession of the cargo
at the time the DNL instruction is issued must adhere to the
appropriate CBP and TSA protocols and the directions provided by the
applicable law enforcement authority. See 19 CFR 122.48b(f).
The ACAS regulations also enable CBP to take appropriate
enforcement action against ACAS filers who do not comply with the ACAS
requirements. Through the transmission of an ACAS filing, the ACAS
filer assumes certain responsibilities, including the responsibility to
provide accurate data to CBP and update that data if necessary, the
responsibility to transmit the ACAS data to CBP within the required
time frame, and the responsibility to resolve ACAS referrals prior to
the departure of an aircraft and respond to DNL instructions in an
expedited manner. See 19 CFR 122.48b(b), 122.48b(c)(6), 122.48b(e), and
122.48b(f). An ACAS filer's failure to perform those responsibilities
could result in CBP issuing liquidated damages and/or assessing
penalties. See 83 FR 27392 (Jun. 12, 2018) (discussing amendments to
the relevant bond conditions to account for enforcement of ACAS
requirements). Furthermore, TSA may assess additional penalties for
violations of TSA's regulations.
D. TSA Requirements
Under the Aviation and Transportation Security Act (ATSA) of
November 2001, TSA is required to ``provide for the screening of all
passengers and property . . . that will be carried aboard a passenger
aircraft operated by an air carrier or foreign air carrier in air
transportation . . . .'' 49 U.S.C. 44901(a). Additionally, TSA is
required to ensure a system is in operation to ``screen, inspect, or
otherwise ensure the security of all cargo that is to be transported in
all-cargo aircraft in air transportation . . . .'' 49 U.S.C. 44901(f).
Under the Implementing Recommendations of the 9/11 Commission Act of
2007, TSA was further required to ``establish a system to screen 100
percent of cargo transported on passenger aircraft operated by an air
carrier or foreign air carrier in air transportation . . . .'' 49
U.S.C. 44901(g). To satisfy these statutory mandates, TSA is authorized
to promulgate regulations and issue security requirements for U.S. and
foreign air carriers at non-U.S. locations for flights departing a
foreign port bound for the United States.\8\
---------------------------------------------------------------------------
\8\ TSA is authorized to promulgate regulations that ``are
necessary to carry out the functions of the Administration.'' 49
U.S.C. 114(l). TSA regulations are found under Title 49 CFR Chapter
XII (parts 1500 through 1699). Parts 1544 and 1546 are specific to
U.S. aircraft operators (i.e., domestic or U.S. flagged air
carriers) and foreign air carriers. Sections 1544.205(f) and
1546.205(f) provide that U.S. aircraft operators and foreign air
carriers, respectively, must ensure that cargo loaded on board an
aircraft inside the United States, or outside the United States and
destined to the United States, is screened in accordance with the
requirements in their security program. Sections 1544.101 and
1546.101 require that certain U.S. aircraft operators, and certain
foreign air carriers landing or taking off in the United States,
must adopt and implement a security program in the form and with the
content approved or accepted by TSA pursuant to the provisions in
Sec. Sec. 1544.103 and 1546.103.
---------------------------------------------------------------------------
[[Page 52804]]
Under TSA's regulatory framework, air carriers are required to
implement TSA-approved security programs that are tailored to each air
carrier's security and operational needs. A security program may
describe, among other things, screening requirements for air cargo
departing from a foreign port bound for the United States. Details
related to the security programs are considered Sensitive Security
Information (SSI),\9\ and are made available to carriers as necessary.
Alternatively, carriers may request TSA approval to follow National
Cargo Security Program (NCSP) recognition procedures in lieu of TSA
security program requirements.\10\ When the security environment or
operational factors necessitate the modification of a security program,
TSA or an air carrier may initiate a security program amendment.\11\
TSA also has the regulatory authority to issue Security Directives and
Emergency Amendments which impose immediate security measures that
supersede other requirements based on changing security environments,
intelligence, and emergency situations.\12\
---------------------------------------------------------------------------
\9\ ``Sensitive Security Information'' or ``SSI'' is information
obtained or developed in the conduct of security activities, the
disclosure of which would constitute an unwarranted invasion of
privacy, reveal trade secrets or privileged or confidential
information, or be detrimental to the security of transportation.
The protection of SSI is governed by 49 CFR part 1520.
\10\ To approve and officially recognize a foreign country's air
cargo security program, the Administrator of TSA must make a
determination that the foreign country's air cargo security program
provides a level of security commensurate with the level of security
required by United States air cargo security programs. See FAA
Extension, Safety, and Security Act of 2016, Public Law 114-190,
sec. 3205, 130 Stat. 615, 653.
\11\ See 49 CFR 1544.105(b), (c), and (d); 49 CFR 1546.105(b),
(c), and (d).
\12\ Security Directives based on TSA's regulatory authority
impose mandatory security requirements on certain air carriers that
are generally U.S.-based. Emergency Amendments impose mandatory
security requirements on foreign air carriers. See 49 CFR 1544.305,
1546.105(d).
---------------------------------------------------------------------------
TSA regulations and security programs require carriers to perform
screening procedures and security measures on all cargo inbound to the
United States. These requirements are met through a risk-based
combination of assessments, aided by data collected by CBP, and
screening, as required by an air carrier's TSA-approved or -accepted
security program.
TSA routinely inspects carriers' cargo facilities to ensure
compliance with the required measures of the carriers' security
programs. If TSA determines that violations of the requirements have
occurred, appropriate measures will be taken and penalties may be
levied.
E. Air Cargo Security Risks
Intentional attacks on international aviation continue to pose a
significant threat to the security of international air cargo
operations. In 2018, CBP published the ACAS IFR to address risks
initially identified in response to the October 2010 incident in which
explosive devices were concealed in two shipments of printers addressed
for delivery to Chicago, Illinois. While that attack was successfully
thwarted by the combined intelligence efforts of several foreign
countries, CBP and TSA determined that a mandatory ACAS program was
necessary to provide a systematic and targeted approach to identifying
high-risk cargo prior to departure from a foreign port. Although the
ACAS program has previously been successful in identifying high-risk
cargo and continues to do so, threat actors have evolved to exploit
additional vulnerabilities in air cargo security that necessitate
modification of the ACAS program.
Recent events, such as the October 2023 HAMAS attack on Israel and
ongoing conflicts in the Middle East, have inspired terrorists to renew
calls for attacks against civil aviation.\13\ Certain state actors,
such as Iran, also pose a threat to the safety and security of
international aviation due to their support for international terrorist
organizations and statements indicating an intent to harm the United
States.\14\ Additionally, certain ongoing international conflicts have
increased the threat of asymmetric attacks in neutral territories, the
effects of which could be felt in the United States.\15\
---------------------------------------------------------------------------
\13\ See Dept. of Homeland Security, 2025 Homeland Threat
Assessment 24 (Oct. 2024), <a href="https://www.dhs.gov/publication/homeland-threat-assessment">https://www.dhs.gov/publication/homeland-threat-assessment</a>.
\14\ See Office of the Director of National Intelligence, Annual
Threat Assessment of the U.S. Intelligence Community (Mar. 25,
2025), <a href="https://www.dni.gov/index.php/newsroom/reports-publications/reports-publications-2025/4058-2025-annual-threat-assessment">https://www.dni.gov/index.php/newsroom/reports-publications/reports-publications-2025/4058-2025-annual-threat-assessment</a> (last
visited Aug. 8, 2025); Press Release, U.S. Department of State,
Joint Statement on Iranian State Threat Activity in Europe and North
America (July 31, 2025), <a href="https://www.state.gov/releases/office-of-the-spokesperson/2025/07/joint-statement-on-iranian-state-threat-activity-in-europe-and-north-america">https://www.state.gov/releases/office-of-the-spokesperson/2025/07/joint-statement-on-iranian-state-threat-activity-in-europe-and-north-america</a>.
\15\ See Office of the Director of National Intelligence, Annual
Threat Assessment of the U.S. Intelligence Community (Mar. 25,
2025), <a href="https://www.dni.gov/index.php/newsroom/reports-publications/reports-publications-2025/4058-2025-annual-threat-assessment">https://www.dni.gov/index.php/newsroom/reports-publications/reports-publications-2025/4058-2025-annual-threat-assessment</a> (last
visited Aug. 8, 2025).
---------------------------------------------------------------------------
In July 2024, incendiary devices caused fires at multiple air cargo
facilities in Europe.\16\ While investigators continue to probe the
sources and motives of the entities that introduced those devices into
the air cargo supply chain, existing circumstances suggest that these
incidents were intentional attacks. Had the devices activated during a
flight, the resulting conflagration could have caused catastrophic
damage to the aircraft, potentially resulting in the complete
destruction of the aircraft and its cargo and loss of life for any crew
or passengers on board. These attacks also pose risks to individuals
and property on the ground due to the potential loss of an aircraft.
Additionally, as demonstrated by the July 2024 incendiary attacks,
attacks on the air cargo supply chain also threaten the security of air
cargo infrastructure while a device is in transit prior to or following
transportation by air.
---------------------------------------------------------------------------
\16\ See, e.g., German Firms Warned of Packages Containing
Incendiary Devices, Reuters (Aug. 30, 2024), <a href="https://www.reuters.com/world/europe/german-security-services-warn-danger-packages-containing-incendiary-devices-2024-08-30/">https://www.reuters.com/world/europe/german-security-services-warn-danger-packages-containing-incendiary-devices-2024-08-30/</a>.
---------------------------------------------------------------------------
In consideration of these recent attacks and classified information
regarding a specific threat to air cargo security, CBP determined that
it is necessary to modify the ACAS program to better address these
evolving threats. With the increasing sophistication of attacks on air
cargo infrastructure, CBP requires additional ACAS data to effectively
identify and target high-risk shipments.
F. The Enhanced ACAS Program Development Process
In response to the threats discussed in Section III.E., CBP updated
the ACAS Implementation Guide (IG) to version 2.3.1 on August 30,
2024.\17\ Version 2.3.1 contained a number of new data elements under
section 3.3.2, Data Recommended Pre-Loading. These recommended data
elements were introduced to provide immediate actionable steps members
of industry could take to improve air cargo security.
---------------------------------------------------------------------------
\17\ CBP, Air Cargo Advance Screening (ACAS) Implementation
Guide, version 2.3.1 (Aug. 30, 2024), <a href="https://www.cbp.gov/sites/default/files/2024-09/ACAS%20IG%20v2.3.1_508.pdf">https://www.cbp.gov/sites/default/files/2024-09/ACAS%20IG%20v2.3.1_508.pdf</a> (last visited Sept.
29, 2025).
---------------------------------------------------------------------------
In the period between the publication of the recommended data
elements in
[[Page 52805]]
August 2024 and the publication of this IFR, CBP conducted extensive
outreach with members of the air cargo industry to determine the
feasibility of permanently requiring the transmission of the
recommended data elements through the revision of the ACAS regulations.
During critical periods of the implementation process, CBP conducted
regularly scheduled meetings with a broad range of interested parties
including, but not limited to, trade associations, software providers,
air carriers, and freight forwarders. Through this outreach, CBP worked
to limit any potential burden on members of the air cargo industry by
refining the list of recommended data elements. Additionally, prior to
the publication of this IFR, CBP published several revised versions of
the ACAS Implementation Guide and frequently asked questions and
answers on CBP's website to reflect the results of CBP's discussions
with members of the air cargo industry.\18\
---------------------------------------------------------------------------
\18\ Supplementary information regarding the ACAS program can be
found online at <a href="https://www.cbp.gov/border-security/ports-entry/cargo-security/acas">https://www.cbp.gov/border-security/ports-entry/cargo-security/acas</a>. Previous versions of the ACAS Implementation
Guide are listed in a table contained in each revised ACAS
Implementation Guide.
---------------------------------------------------------------------------
The recommended data elements under the ACAS Implementation Guide
provided the basis for the mandatory and conditional data elements
included in this IFR. As a direct result of CBP's engagement with
industry and the air cargo industry's active participation in securing
air cargo infrastructure, a number of ACAS filers have been regularly
transmitting many of the enhanced ACAS data elements prior to the
publication of this IFR.
IV. ACAS Program Revisions
In accordance with CBP's Trade Act authority to promulgate
regulations pertaining to the transmission of information for air cargo
entering the United States, as well as CBP's authority under the FAA
Act, CBP is revising the ACAS regulations to require the transmission
of additional data elements that will enable CBP to counter new threats
to air cargo security.
While the ACAS program, as originally implemented, has been
successful in identifying high-risk cargo, threat actors have evolved
to exploit additional vulnerabilities in air cargo security, including
the security of cargo entering the United States. To counter these
additional threats, CBP determined that it is necessary to modify the
ACAS program. The revisions to the ACAS program under this IFR are
limited to the addition of mandatory, conditional, and optional ACAS
data elements under 19 CFR 122.48b(d) and the addition of a records
retention requirement related to the new biographic data conditional
data element. This IFR does not alter or remove any of the ACAS data
elements required under the previous 19 CFR 122.48b(d); however, to
accommodate additional conditional data elements, optional data
elements, previously provided in 19 CFR 122.48b(d)(3), are now included
in 19 CFR 122.48b(d)(5). A summary of the data element changes made to
the CFR by this IFR can be found under Table 1.
The transmission of the enhanced ACAS data elements will allow CBP
to gain a more complete understanding of the financial, business, and
personal relationships between parties that are engaged in shipping air
cargo. The transmission of all required existing and new ACAS data
elements is essential for CBP to assess the risk associated with a
cargo shipment because CBP analyzes ACAS data elements and other
available intelligence in the aggregate. In other words, CBP's ATS
combines multiple individual data elements which can then be compared
against law enforcement, intelligence, or other enforcement data to
identify ACAS filings that require additional review. Data elements
that are innocuous when viewed in isolation may be suspect when viewed
in the aggregate. Alternatively, a single data element could prompt
additional review; however, the transmission of all required data
elements is still necessary to build the aggregate and identify high-
risk cargo because of the difficulty of predicting, prior to
transmission, which data elements will or will not indicate a
heightened level of risk.
The new data elements must be transmitted in accordance with the
existing ACAS timeline, as soon as practicable, but no later than prior
to the loading of cargo onto an aircraft. 19 CFR 122.48b(b)(1). This
timeline enables CBP to target high-risk cargo prior to loading with
the goal of preventing high-risk cargo from entering the United States
or causing harm while enroute to the United States. A later timeline
for some or all enhanced data elements would reduce the effectiveness
of CBP's pre-loading aggregate analysis and nullify the security
benefit of requiring additional data elements for the purposes of
thwarting threats prior to arrival of the aircraft. Building on this
understanding of why CBP collects a number of data elements prior to
the loading of cargo onto an aircraft, the following subsections
further detail CBP's rationale for requiring certain data elements.
CBP developed the enhanced ACAS data elements within the parameters
defined by the Trade Act to balance the imposition of any burden on the
public against the critical need for additional ACAS data. Consistent
with FAA Act requirements, CBP also (1) considered that the content and
timeliness of the available data may vary among entities in the air
cargo industry and among countries, and (2) explored procedures to
accommodate such variations while maximizing the contribution of such
data to the risk assessment process under the ACAS program, among other
requirements. Throughout the development of the enhanced ACAS data
elements, CBP conducted extensive outreach with members of the air
cargo industry to understand their business practices and to ensure
that the new data elements will not place unrealistic or undue burdens
on members of industry. CBP also considered the results of the
implementation period discussed in Section III.F., during which,
multiple ACAS filers transmitted many of the enhanced ACAS data
elements prior to the requirements imposed through the publication of
this IFR.
In developing these revisions, CBP considered international efforts
to develop advance air cargo data targeting programs. CBP also
coordinated with international trade associations and their members to
understand requirements imposed by other countries and limit any
potential conflicts. CBP will continue to engage with members of the
international community to work toward enhancing international
standards for the collection and analysis of air cargo data prior to
loading.
A. Enhanced ACAS Data Element Definitions
The ACAS data elements introduced under the 2018 IFR are entirely a
subset of the data elements that must be transmitted under 19 CFR
122.48a. Thus, the definitions for the initial ACAS data elements
introduced under the 2018 IFR can be found under 19 CFR 122.48a. This
definitional cross-reference is detailed in the introductory text of 19
CFR 122.48b(d). The new ACAS data elements introduced by this IFR are
unique to the ACAS program. As such, the definitions for the new ACAS
data elements can be found under the revised 19 CFR 122.48b(d) and are
not referenced under 19 CFR 122.48a.
B. Mandatory Data Elements
Mandatory ACAS data elements must be transmitted to CBP in all
circumstances. Through this IFR, CBP is
[[Page 52806]]
revising 19 CFR 122.48b(d)(1) to include several new mandatory ACAS
data elements. This revision of 19 CFR 122.48b(d)(1) does not remove or
otherwise modify existing ACAS data element requirements. The additions
to the list of mandatory ACAS data elements include consignee email
address, consignee phone number, shipment packing location and/or
scheduled shipment pickup location, and ship to party. The following
paragraphs describe what CBP will require for each new data element and
explain CBP's rationale for requiring the data elements.
(1) Consignee email address. This is the email address for the
party identified as the consignee under the consignee name and address
data element. The consignee name and address data element is currently
required under 19 CFR 122.48b(d)(1)(ii).
(2) Consignee phone number. This is the phone number for the party
identified as the consignee under the consignee name and address data
element. The consignee name and address data element is currently
required under 19 CFR 122.48b(d)(1)(ii).
These two new mandatory contact information data elements,
consignee email address and consignee phone number, will allow CBP to
improve its targeting of high-risk shipments by further identifying the
parties involved in the shipping process, by comparing transmitted
contact information with information in CBP databases, and by improving
CBP's ability to directly contact parties in the event of an emergency
involving a safety or security risk with the shipment.
The provision of additional contact information will allow CBP to
gain a more complete understanding of the parties involved in a
shipping transaction which can be compared against other data elements
to identify potential threats. As stated previously, CBP assesses data
elements in the aggregate; thus, seemingly mundane data elements such
as email addresses and phone numbers may gain significance when a
comparison against other transmitted data elements reveals ambiguities
or patterns consistent with the existence of a threat.
Contact information can also be compared against existing contact
information in CBP databases to identify threat actors. For example,
CBP conducts similar targeting for individuals entering and exiting the
United States through CBP's analysis of passenger name record (PNR)
data. In 2010, a terrorist attempted to detonate a car bomb in New
York's Times Square. The FBI quickly identified the terrorist's cell
phone number but had little additional information. Through
coordination between DHS and the FBI, CBP was able to compare the
terrorist's cell phone number with PNR data to identify and detain the
terrorist before the terrorist could flee the United States.\19\
---------------------------------------------------------------------------
\19\ Intelligence Sharing and Terrorist Travel: Hearing Before
the Subcomm. on Counterterrorism and Intelligence of the H. Comm. on
Homeland Security, 112th Cong. 7-10 (2011) (joint prepared statement
of David Heyman, Assistant Secretary for Policy, DHS, Mary Ellen
Callahan, Chief Privacy Officer, DHS, and Thomas Bush, Executive
Director of Automation and Targeting, CBP).
---------------------------------------------------------------------------
The new requirements to provide additional consignee contact
information also give CBP the ability to directly contact the relevant
party in the event of an emergency which improves CBP's ability to
respond to threat incidents and reduces impacts to the flow of commerce
by expediting the resolution of any issue.
(3) Shipment packing location and/or scheduled shipment pickup
location. The shipment packing location is the name and address of the
foreign warehouse, factory, or other place the cargo was initially made
ready for transportation before the cargo arrives at the location where
the cargo will be loaded on the aircraft. The scheduled shipment pickup
location is the name and address of the location where the cargo
shipment is scheduled to transfer from the custody of the shipper to
the custody of the inbound air carrier or other party arranging for
and/or delivering the cargo to the inbound air carrier. At minimum,
ACAS filers must transmit either the shipment packing location or the
scheduled shipment pickup location. It is optional, but recommended,
for ACAS filers to transmit both the shipment packing location and the
scheduled shipment pickup location if available.
Receipt of the shipment packing location and/or scheduled shipment
pickup location will allow CBP to better identify the location from
which a cargo shipment originated. In the course of normal business
practices, the shipper name and address, an existing mandatory ACAS
data element, may differ from the location where cargo is prepared for
shipment. For example, when a large corporation is listed as the
shipper, an ACAS filer might list the corporate headquarters of the
corporation in the address field. However, any cargo shipped by the
corporation would likely originate from a different address, such as a
warehouse or manufacturing center, that could be in a different city or
country. By identifying the actual location a cargo shipment originated
from, CBP will be able to identify locations that pose a heightened
risk to air cargo security and more effectively target cargo shipments
that originate from those locations.
CBP's early implementation guidance and discussions with members of
industry focused on the provision of the shipment packing location;
however, those discussions informed CBP that the collection and
transmission of the shipment packing location could be difficult under
certain business models. Thus, in recognition of Trade Act parameters
which require consideration of differences in commercial practices,
information availability, and operational characteristics, CBP
developed the scheduled shipment pickup location as an alternative to
the shipment packing location. The scheduled shipment pickup location
is readily available in the ordinary course of business because a cargo
shipment could not be collected by an inbound air carrier or party
transporting the cargo to an air carrier without that information.
(4) Ship to Party. This is the name and address of the first
deliver-to party scheduled to physically receive a shipment after the
shipment is released from CBP custody. The information transmitted for
the ship to party data element may be identical to the information
transmitted for the consignee name and address data element. If this
occurs, the ACAS filer should still transmit both data elements
independently.
This data element will allow CBP to more accurately assess the risk
of a shipment by further identifying the party that will physically
receive a cargo shipment. As discussed previously, CBP will now require
the transmission of both the shipper name and address and the shipment
packing location and/or scheduled shipment pickup location to allow CBP
to more completely identify the parties involved in preparing and
shipping cargo. On the receiving side of a shipping transaction, a
similar dynamic may occur under some business models where the
consignee name and address data element does not reflect the name and/
or location of the party that will physically receive a cargo shipment.
Thus, to more accurately identify the party that will physically
receive a cargo shipment, CBP will now require ACAS filers to transmit
the ship to party information in addition to the consignee name and
address data element.
When analyzed in conjunction with one another, the shipper name and
address, shipment packing location and/or scheduled shipment pickup
location, consignee name and address, and ship
[[Page 52807]]
to party data elements improve CBP's targeting capabilities by
providing a more complete understanding of supply chains and
transactions that lead to the shipment of cargo. Additionally, CBP will
be able to use these data elements to identify anomalous shipper and
recipient relationships. For example, the terrorists in the 2010
printer attacks shipped the explosive devices from the Middle East to
synagogues in the United States and addressed the packages to
historical figures.\20\
---------------------------------------------------------------------------
\20\ Mark Mazzetti & Scott Shane, In Parcel Bomb Plot, 2 Dark
Inside Jokes, N.Y. Times (Nov. 2, 2010), <a href="https://www.nytimes.com/2010/11/03/world/03terror.html">https://www.nytimes.com/2010/11/03/world/03terror.html</a>.
---------------------------------------------------------------------------
C. Conditional Data Element: Master Air Waybill Number
The MAWB number for each leg of the flight is an existing
conditional ACAS data element. See 19 CFR 122.48b(d)(2). Conditional
data elements are only required under certain circumstances. If the
circumstances listed for a particular data element do not exist,
transmission of the data element is optional, but encouraged. This IFR
does not make any substantive changes to the MAWB number conditional
data element.
As discussed previously, this IFR requires the transmission of new
data elements that are not required under 19 CFR 122.48a. The new data
elements that are unique to the ACAS program are defined under 19 CFR
122.48b and the original ACAS data elements that are a subset of the 19
CFR 122.48a requirements are defined under 19 CFR 122.48a. To clarify
that the MAWB number data element is one of the original ACAS data
elements that is defined under 19 CFR 122.48a, this IFR revises the
introductory text of 19 CFR 122.48b(d)(2) to state that the MAWB number
is required ``as defined under Sec. 122.48a.''
D. Conditional Data Element: Verified Known Consignor Information
This IFR contains multiple new conditional ACAS data elements that
are only required under certain circumstances. In this preamble and the
corresponding regulatory text, new 19 CFR 122.48b(d)(3), the Verified
Known Consignor data element is presented separately from the other new
conditional ACAS data elements because the circumstances under which
those data elements are required are first conditioned on the existence
or absence of a shipper's Verified Known Consignor status.
The Verified Known Consignor data element is required if the
shipper, identified under 19 CFR 122.48b(d)(1)(i), is designated as a
known consignor by a CBP-recognized designating body.\21\ If a shipper
is designated as a Verified Known Consignor by a CBP-recognized body,
the ACAS filer must transmit the registration number associated with
the shipper's Verified Known Consignor status and the CBP-specified
code, as detailed in the CBP ACAS Implementation Guide, representing
the designating body.
---------------------------------------------------------------------------
\21\ Instructions for accessing the list of CBP-recognized
designating bodies will be located in the CBP ACAS Implementation
Guide, <a href="https://www.cbp.gov/document/guides/air-cargo-advance-screening-acas-implementation-guide">https://www.cbp.gov/document/guides/air-cargo-advance-screening-acas-implementation-guide</a>.
---------------------------------------------------------------------------
The known consignor designation indicates a designating body's
level of trust in the security practices of a shipper that can assist
CBP in assessing the risk that cargo shipments originating from a
particular shipper carry. Verified Known Consignors meet rigorous
standards and regulations for the transportation of cargo by air and
are often subject to validation audits by the designating body. This
data element is conditional because a shipper may not have a known
consignor status; thus, the data element could not be transmitted in
those instances. It is within CBP's sole discretion to recognize known
consignor programs that could be used by an ACAS filer to complete this
data element field. CBP reserves the right to not recognize a known
consignor program or a particular shipper's known consignor status at
any time.
At the time of publication for this IFR, CBP plans to recognize the
known consignor program set forth under the European Union (EU)
Commission Implementing Regulation 2015/1998 \22\ as requiring
sufficiently rigorous status criteria and vetting standards. Thus, if
recognized, an entity designated as a known consignor by the
appropriate civil aviation authority of an EU member state would be
noted in this data element field. CBP also plans to recognize known
shippers, as designated under TSA's known shipper program at 49 CFR
1544.239, 1546.215, and 1548.17.
---------------------------------------------------------------------------
\22\ See Commission Implementing Regulation 2015/1998 of Nov. 5,
2015, Laying Down Detailed Measures for the Implementation of the
Common Basic Standards on Aviation Security, annex, 2015 O.J. (L
299) 1, <a href="https://data.europa.eu/eli/reg_impl/2015/1998/oj">https://data.europa.eu/eli/reg_impl/2015/1998/oj</a> (last
visited Sept. 29, 2025).
---------------------------------------------------------------------------
CBP encourages public comment on additional programs similar to the
EU's known consignor program or TSA's known shipper program that could
be used as a data point within the Verified Known Consignor conditional
data element.
E. Conditional Data Elements That May Be Required When There Is Not a
Verified Known Consignor
Conditional data elements are only required under certain
circumstances. The following conditional data elements are only
required if the shipper is not a Verified Known Consignor as described
under Section IV.D. of this IFR. For some of the following data
elements, the existence or absence of Verified Known Consignor status
is the only condition applicable to whether or not the data element is
required. The conditional data elements that are always required when
the shipper is not a Verified Known Consignor are shipper email
address, shipper phone number, the customer account shipping frequency/
volume, and the customer account billing type.
For the remaining data elements that may be required when the
shipper is not a Verified Known Consignor, the absence of a Verified
Known Consignor is a precondition, meaning that if a Verified Known
Consignor does not exist, additional conditions must then be considered
to determine whether the data element is required for a particular ACAS
filing. These data elements include shipping cost, unmasked IP address
or MAC address of the device that initiated shipment and the device
that filed the ACAS filing, biographic data, link to product listing,
and certain customer account data elements, including customer account
name, issuer, number, establishment date, and unmasked IP or MAC
address of the device used during account creation.
If the shipper is a Verified Known Consignor or, when applicable,
the shipper is not a Verified Known Consignor and the additional
circumstances listed for a particular data element do not exist,
transmission of the conditional data elements is recommended, but not
required. The ACAS conditional data elements that may be required when
there is not a Verified Known Consignor can be found under the new 19
CFR 122.48b(d)(4).
1. Customer Account Data Elements
Several of the new conditional ACAS data elements are prefaced with
the customer account descriptor. The customer account data elements
detail the business relationship between a customer and a logistics
provider. Generally, a customer that has a business relationship with a
logistics provider will have an account with that logistics provider,
hence the customer account descriptor. If a customer does not have an
account with a logistics provider, certain customer account data
[[Page 52808]]
elements must still be provided because the absence of an existing
account does not negate the role of the customer account data elements
in detailing the business relationship between the parties involved in
conducting a cargo shipment.
Under the new ACAS conditional data elements in 19 CFR
122.48b(d)(4), ``customer'' is defined as a party who has an ownership
interest in cargo, as either a buyer or seller, who engages with a
logistics provider to arrange transport of the cargo to the United
States. A foreign entity that provides services that involve
aggregating shipments from customers, in which the foreign entity acts
as a facilitator and engages with a logistics provider for the
importation of cargo into the United States, is not a customer for the
purposes of this definition.
Under the new ACAS conditional data elements, ``logistics
provider'' is defined as an entity that provides transportation,
importation, and/or delivery services for the importation of cargo into
the United States. The logistics provider could be, but is not limited
to, an air carrier, a customs broker, freight forwarder, or other
service provider.
CBP's definition of customer focuses on the party that engages with
the logistics provider to transport cargo and recognizes that the
customer may be a party other than the shipper. This definition and the
related customer account data elements support CBP's interest in
describing the account or business transaction that enabled the
movement of cargo. The customer account data elements are not a
replacement for data elements that provide information regarding
aspects of the shipper's identity, such as the shipper name and
address; however, transmitted data for certain customer account data
elements and other party identification data elements may overlap
depending on the business relationships involved in a particular ACAS
filing.
The customer account data elements include the customer account
name, customer account issuer, customer account number, customer
account shipping frequency/volume, customer account establishment date,
customer account billing type, and the unmasked internet protocol (IP)
address or media access control (MAC) address of the device used during
the creation of the customer account. The definitions for the customer
account data elements are detailed in the following subsections.
The customer account data elements will assist CBP in analyzing the
relative risk of a shipment because cargo shipments that occur within
an existing business relationship between parties that are known to CBP
may present a different risk profile compared to cargo shipments
occurring between parties that do not have a history of prior dealings.
The customer account data elements also assist CBP in identifying cargo
shipments that are anomalous within the context of two or more known
parties' previous shipments. Additionally, if high-risk cargo is
identified and associated with a particular customer's account, CBP can
readily identify other cargo shipments associated with that customer's
account for further intervention as necessary.
2. Data Elements Required for Each ACAS Filing When There Is Not a
Verified Known Consignor
The following data elements are required when the shipper is not a
Verified Known Consignor. This is the only condition applicable to the
following data elements. When the shipper is a Verified Known
Consignor, transmission of the following data elements is optional, but
recommended. The following data elements can be found under the new 19
CFR 122.48b(d)(4)(ii).
(i) Shipper email address. This is the email address for the party
identified as the shipper under the shipper name and address data
element. The shipper name and address data element is currently
provided under 19 CFR 122.48b(d)(1)(i).
(ii) Shipper phone number. This is the phone number for the party
identified as the shipper under the shipper name and address data
element. The shipper name and address data element is currently
provided under 19 CFR 122.48b(d)(1)(i).
Unlike the new consignee contact information data elements which
must be transmitted in all circumstances, CBP determined that the two
new shipper contact information data elements could be implemented as
conditional data elements, thus not required in all circumstances. This
decision was made, in part, by the introduction of the new Verified
Known Consignor data element which, when a shipper is designated as
such, provides CBP with information about the shipper that reduces the
net gain of requiring additional shipper contact information. In the
absence of a verified known consignor, the new conditional contact
information data elements, shipper email address and shipper phone
number, will allow CBP to improve its targeting of high-risk cargo
shipments by obtaining additional information about the shipper. These
data elements will also enable CBP to directly contact the shipper in
the event of an emergency, which improves CBP's ability to respond to
threat incidents and reduces impacts to the flow of commerce by
expediting the resolution of any issue.
(iii) Customer account shipping frequency/volume. This data element
describes the nature of the business relationship between the customer
and the logistics provider that issued the lowest level air waybill in
terms of the frequency and volume of shipments being conducted within
that business relationship. The ACAS filer must assign the code that
most accurately describes the frequency and volume of the customer's
cargo shipment transactions with the logistics provider that issued the
lowest level air waybill. CBP recognizes the following five codes:
shipping outlet/walk-in; immediate transaction; occasional shipper;
regular/daily shipper; and high-volume shipper. For each code, the
shipping frequency/volume is determined by the number of ACAS filings
that occurred in the course of a particular logistics provider's
interactions with a particular customer. The customer's cargo shipments
conducted with other logistics providers does not count toward the
customer's shipping frequency with the logistics provider that issued
the lowest level air waybill.
The shipping outlet/walk-in code should be assigned when a
customer, who does not have an account with a logistics provider,
enters a storefront and transfers physical custody of a cargo shipment
to a party that arranges the importation of the cargo into the United
States by air. An example of a scenario where the shipping outlet/walk-
in code should be applied is when an individual brings cargo to a
shipping outlet and the shipping outlet agrees to make all necessary
shipping and handling arrangements for the importation of the cargo
into the United States.
The immediate transaction code should be assigned when the
logistics provider that issued the lowest level air waybill receives an
isolated request for service from a customer who does not have an
account with the logistics provider. Under the immediate transaction
code, the party that would normally be identified as the customer
account issuer directly interacts with the customer, unlike the
shipping outlet/walk-in code where the customer account issuer
interacts with an intermediary storefront. An example of an immediate
transaction might be when a customer uses a guest account on a
logistics provider's website to request transportation services, and
some data, such as where to pick up the shipment, may have been
collected.
[[Page 52809]]
The occasional shipper code should be assigned when a customer who
has an account with the logistics provider that issued the lowest level
air waybill places requests for service on an as needed and/or
infrequent basis. CBP recognizes that determinations of frequency can
vary between different logistics providers and customers depending on
the scale of their respective operations. A determination that a
shipping frequency is occasional should be contextualized by the
conditions defined for the regular/daily shipper code. The occasional
shipper code should be assigned when a customer places requests for
service on an ``as needed'' basis, in contrast to the regular/daily
shipper code which should be assigned when there is a ``standing
request for pickups.'' Generally, occasional shipper codes should be
assigned when a customer places requests for service with a particular
logistics provider on a less than daily and irregular basis.
The regular/daily shipper code should be assigned for a customer
who has an account with the logistics provider that issued the lowest
level air waybill and has a standing request for pickups.
The high-volume shipper code should be assigned for a customer that
has an account with the logistics provider that issued the lowest level
air waybill and regularly ships at high-volume, enterprise levels. For
this type of customer, shipments are often delivered for transport from
the shipper's warehouse directly to the courier or consolidator's
facility.
The transmission of codes which identify the frequency and volume
of a customer's interactions with a logistics provider will enable CBP
to more effectively identify high-risk cargo by categorically assigning
certain aspects of risk to shipments and by identifying the parties'
importing relationships with the United States. For example, CBP
estimates that high-volume shipments, as defined within the ACAS
program, constitute approximately 80 percent of the total volume of
ACAS filings to be reviewed and cleared by CBP. The customers that fall
within the high-volume shipper code are often known to CBP; thus, they
carry a more recognizable risk profile compared to a customer that is
not known to CBP. Despite the likelihood that a customer is known to
CBP when a high-volume shipper code is assigned, it is still necessary
for ACAS filers to assign a customer account shipping frequency/volume
code because the assigned code represents the volume of filings between
the customer and the logistics provider that issued the lowest level
air waybill, not the overall volume of ACAS filings attributable to a
particular customer's shipments. This data element enables CBP to
determine the extent of a business relationship between a customer and
a logistics provider. Additionally, the assignment of shipping
frequency/volume codes limits the applicability of requirements to
provide other conditional data elements, such as the shipping cost data
element.
This categorical assessment of risk will also affect an ACAS
filer's obligation to file certain conditional ACAS data elements. CBP
determined that certain code assignments reflect a lack of targetable
information and heightened threat profiles which will necessitate the
transmission of additional ACAS data for targeting purposes when those
codes are assigned. To develop frequency codes that will best aid CBP's
targeting efforts, CBP conducted extensive outreach with industry and
reviewed internal data regarding filing frequencies. Additionally, CBP
considered how the use of the frequency codes as a determining
condition for other conditional data elements might affect regulated
entities. For example, one of the new conditional ACAS data elements
requires ACAS filers to transmit the unmasked IP or MAC address of the
device used to initiate a shipping transaction and the unmasked IP or
MAC address of the device used to file the ACAS filing. CBP considered
the potential security benefits and burdens of the requirement and
determined that, when a customer's shipments are assigned the regular/
daily shipper and high-volume shipper codes, the security benefit of
the requirement would be limited compared to the security benefit of
the requirement when the customer ships at a lower frequency; thus, CBP
will not require filers to transmit this particular data element when a
regular/daily shipper or high-volume shipper code is assigned.
(iv) Customer account billing type. Under this data element, the
ACAS filer must assign the code that most accurately describes the
customer's method of payment in the shipping transaction. Possible
account billing types include, but are not limited to, electronic funds
transfers (EFTs); mobile and person to person payments; credit card or
debit card transactions; cash payments; checks; cryptocurrency; and
periodic billing.
3. Conditional Data Elements That Are Required When the Customer
Account Shipping Frequency/Volume Data Element Is Assigned the Shipping
Outlet/Walk-In, Occasional Shipper, Regular/Daily Shipper, or High-
Volume Shipper Codes
In addition to the precondition of the absence of the shipper's
Verified Known Consignor status, the transmission of the following data
elements is required in all circumstances except for when an immediate
transaction code is assigned under the customer account shipping
frequency/volume data element. These data elements are related to the
creation or existence of a customer's account with a logistics
provider, a circumstance that does not exist when the immediate
transaction code is assigned. The following data elements can be found
under the new 19 CFR 122.48b(d)(4)(iii).
(i) Customer account name. When the customer account shipping
frequency/volume is assigned the high-volume shipper, regular/daily
shipper, or occasional shipper codes, this is the name of the customer.
Generally, these codes occur when the customer interacts directly with
the logistics provider that issued the lowest level air waybill.
If the customer account shipping frequency/volume data element is
assigned the shipping outlet/walk-in code, the ACAS filer must transmit
the name of the shipping outlet or other party that accepted the cargo
from the customer. When the shipping outlet/walk-in code is assigned,
the shipping outlet is the party that engages with the logistics
provider for the transportation of the cargo; thus, the relevant
account is between the shipping outlet and the customer account issuer.
The customer account name may be the same as the shipper name found
under 19 CFR 122.48b(d)(1)(i). If the shipper name, or any other ACAS
data element, and the customer account name are the same, the ACAS
filer must still transmit the customer account name and the shipper
name or other ACAS data element as separate entries. The combination of
the customer account name and the following customer account issuer and
customer account number data elements distinguishes the customer
account information from other ACAS data elements.
(ii) Customer account issuer. The customer account issuer is the
party that engaged with the party identified under the customer account
name for the purposes of importing cargo into the United States by air.
For most transactions, the customer account
[[Page 52810]]
issuer is the same entity that files the ACAS data, and may be, but is
not limited to, the freight forwarder, customs broker, air carrier, or
service provider. For this data element, the ACAS filer must transmit
the applicable code that identifies the customer account issuer. This
data element may be satisfied by transmitting the Air Waybill Prefix
(the three-digit code at the beginning of an air waybill number that
identifies the air carrier), the CBP Filer Code (the three-character
CBP filer code), or the ACAS Originator Code (the seven-character code
used to identify the ACAS participant, identified under 19 CFR
122.48b(c)(3)(iii)).
In the ordinary course of business, customers and customer account
issuers may have multiple accounts with other customers and customer
account issuers. Additionally, separate customer account issuers may
issue similar customer account numbers to customers that are otherwise
unrelated. Thus, CBP collects the customer account issuer information
as a code which can be combined with the following customer account
number to create a uniquely identifiable customer account code. The
combined code describes a specific customer and customer account issuer
relationship.
(iii) Customer account number. The customer account number is the
identifier assigned by the customer account issuer to represent the
customer account name. In other words, this is the identifier that
represents a customer's account with a logistics provider. When a
customer does not have an account with a logistics provider, different
requirements apply which vary depending on whether the customer account
shipping frequency/volume data element is assigned the shipping outlet/
walk-in code or the immediate transaction code.
The customer account number is linked to the customer account name;
thus, the same principles that apply when determining the customer
account name in the shipping outlet/walk-in context apply here in
determining which party's customer account number should be
transmitted. In the shipping outlet/walk-in context, the customer
account name refers to the establishment where the customer delivered
the cargo for shipment and not the identity of the customer. Since the
customer account number definition is linked to the customer account
name and not the identity of the customer, the customer account number
will also describe a party other than the customer when the shipping
outlet/walk-in code is transmitted under the customer account shipping
frequency/volume data element.
When the customer account shipping frequency/volume data element is
assigned the immediate transaction code, a customer account number is
not required. When the immediate transaction code is assigned, the
customer does not have an account number because an account does not
exist, and, unlike shipping outlet/walk-in scenarios, there is no
intermediate party that negotiates with the customer account issuer on
the customer's behalf.
(iv) Customer account establishment date. This refers to the date
the account was established between the parties identified under the
customer account issuer and the customer account name data elements.
For older accounts where only the year is known and the filer is
identifying the account as a valid, known, and long-established
account, an ACAS filer may fill in the month and date fields with a
``01'', but must accurately list the year in the year field.
The customer account data element will identify when the parties
involved in a shipping transaction originally entered into their
business relationship. The degree to which the parties involved in a
shipping transaction are known to each other and to CBP affects the
degree of risk assigned during CBP's targeting of high-risk cargo.
Similar to the circumstances described under the customer account
number data element, a customer account establishment date is not
required when the customer account shipping frequency/volume is
assigned the immediate transaction code. When a transaction frequency
is described as immediate, the relevant parties do not have a previous
course of dealing; thus, there is not an account establishment date.
(v) Unmasked internet protocol (IP) address or media access control
(MAC) address of the device used during account creation. This data
element collects the unmasked IP or MAC address of the device used to
create the account between the parties identified under the customer
account issuer and the customer account name data elements. The
collection of an IP or MAC address assists CBP's targeting of high-risk
air cargo by presenting an additional means of verifying the identity
and location of the parties engaged in the importation of cargo into
the United States by air.
The requirement to provide the IP or MAC address of the device used
during account creation applies when the customer account establishment
date, required under the new 19 CFR 122.48b(d)(4)(iii)(D), is dated
after the effective date of this IFR, subject to the phased enforcement
approach described in Section IV.I. CBP recommends, but does not
require, that ACAS filers provide the IP or MAC address of the device
used during account creation if the customer's account was created
before the effective date of this IFR.
The language used here and in the regulatory text states that ACAS
filers must transmit the ``unmasked'' IP or MAC address ``of the device
used'' during account creation. This language specifies that the data
element is not satisfied if the ACAS filer transmits an IP address or
MAC address that is the result of using any technique or technology to
mask or otherwise misrepresent IP or MAC addresses because that would
not be the ``unmasked'' IP or MAC address ``of the device used.''
Examples of masking include, but are not limited to, the use of proxy
servers and virtual private networks (VPNs).
CBP understands that some members of the air cargo industry may
need to adjust their business practices to collect and transmit the
unmasked IP or MAC addresses of devices used during account creation.
However, CBP has determined that IP and MAC address monitoring is an
important security feature given the significant consequences of
attempted and successful attacks and the heightened potential for
threat actors to obfuscate their identities when digitally interfacing
with ACAS filers.
In accordance with section 1951 of the FAA Act (49 U.S.C. 44901
note) and section 343(a)(3) of the Trade Act (19 U.S.C. 1415(a)(3)),
CBP considered how to best implement this requirement using an
operationally feasible and practical approach that considers the
application of the data element's requirements, the ability of filers
to acquire information for transmittal, and differences in commercial
practices, among other statutory requirements.
Using commercially available software, it is reasonably possible to
log the IP address or MAC address, as applicable, of devices that
interface with an ACAS filer's networks. Using commercially available
software, it is also possible to determine if a device is utilizing IP
or MAC address masking techniques when the device interacts with an
ACAS filer's networks. When a party attempts to mask their IP or MAC
address, it is within the discretion of each ACAS filer or the relevant
third party to determine the unmasked IP or MAC address of the party
and transmit that information, refuse to accept the cargo for shipment
until the party provides their unmasked IP or MAC
[[Page 52811]]
address for transmittal, or use some other reasonable means of
acquiring the unmasked IP or MAC address.
ACAS filers are responsible for the accuracy of any information
that filers transmit to CBP. However, when ACAS filers receive
information from another party, CBP will take into consideration how,
in accordance with ordinary commercial practices, the filer acquired
the information, and whether and how the filer is able to verify the
information. See section 343(a)(3)(B) of the Trade Act (19 U.S.C.
1415(a)(3)(B)); 19 CFR 122.48b(c)(6).
Given the commercial availability of technologies that can
facilitate the logging of IP or MAC addresses and the detection of
masking techniques, CBP anticipates that ACAS filers will be able to
acquire unmasked IP or MAC addresses of the device used in account
creation in most use cases. Additionally, ACAS filers may choose to
transmit either an IP address or a MAC address to satisfy this data
element. CBP allows this IP or MAC address choice in consideration of
certain trade practices where the provision of an IP address may be
impractical, such as when the ACAS filer is required to report the
address of a device on their own network that is not connected to the
internet. The option of providing an IP address or MAC address does not
excuse ACAS filers from their obligation to provide accurate
information for this data element. For example, if an ACAS filer or
relevant third party can reasonably confirm that an IP address is
unmasked, it would not be reasonable for the ACAS filer to report a MAC
address that the ACAS filer does not know to be accurate or unmasked.
When an ACAS filer is not reasonably able to provide either an
unmasked IP address or an unmasked MAC address of the device used
during account creation, CBP will permit the ACAS filer to transmit
data on the basis of what the filer reasonably believes to be true. See
section 343(a)(3)(B) of the Trade Act (19 U.S.C. 1415(a)(3)(B)); 19 CFR
122.48b(c)(6).
Similar to the circumstances described under the customer account
name, issuer, number, and establishment date data elements, this data
element is not required when the customer account shipping frequency/
volume is assigned the immediate transaction code. When a shipping
frequency is described as immediate, the relevant parties do not have a
previous course of dealing, thus an account does not exist, and an IP
or MAC address would not have been logged in the creation of an
account.
4. Conditional Data Elements That Are Required When the Customer
Account Shipping Frequency/Volume Data Element Is Assigned the Shipping
Outlet/Walk-In, Immediate Transaction, or Occasional Shipper Codes
The following data elements are conditioned on the ACAS filer's
assignment of certain codes under the customer account shipping
frequency/volume data element, specifically, the shipping outlet/walk-
in, immediate transaction, or occasional shipper codes. These codes are
associated with a low frequency of shipments conducted by the relevant
parties or the use of an intermediary, such as a shipping outlet, which
in turn, is correlated to an absence of data that could be used by CBP
in targeting high-risk cargo. Thus, it is necessary to require
additional data elements when these codes are assigned to improve CBP's
targeting of low-frequency shipments. The following data elements can
be found under the new 19 CFR 122.48b(d)(4)(iv).
(i) Shipping cost. The shipping cost is the total amount of charges
assessed by the carrier, freight forwarder, or other logistics provider
to deliver the cargo shipment. This amount must be reported in U.S.
dollars and includes any applicable shipping costs, such as taxes and
insurance. CBP will provide a ``less than one U.S. dollar'' option to
capture small internet marketplace transactions. The shipping cost, as
defined here, is generally negotiated between the customer and the
logistics provider that issued the lowest level air waybill; however,
circumstances may vary based on the details of a particular shipping
contract or commercial practice.
For certain cargo shipments, the ACAS filer might not be the party
that financially interacted with the customer, which could complicate
the ACAS filer's ability to provide the shipping cost as defined here.
For example, a freight forwarder might interact with a customer to
coordinate and accept payment for a cargo shipment. The freight
forwarder then contracts with parties such as an air carrier to
transport the cargo. The freight forwarder may be hesitant to share the
amount that the customer paid to the freight forwarder with the air
carrier because of the freight forwarder's interest in maintaining a
competitive business relationship with all involved parties. Section
343(a)(3)(C) of the Trade Act requires that CBP consider the existence
of competitive relationships when imposing information requirements. In
consideration of this parameter, CBP will accept an estimated shipping
cost for a particular cargo shipment when (1) the total amount of
charges will be assessed after the ACAS filing is transmitted; or (2)
the ACAS filer is not the carrier, freight forwarder, or other
logistics provider that assessed the total amount of charges to deliver
the shipment. The ACAS filer must transmit the true shipping cost to
CBP if it is known to the ACAS filer at the time of filing. If the ACAS
filer is not the carrier, freight forwarder, or other logistics
provider that assessed or will assess the total amount of charges to
deliver the shipment, other ACAS filers or third parties, as described
under 19 CFR 122.48b(c)(5), are not required to provide the shipping
cost to the ACAS filer because the data element can be satisfied by
transmitting an estimated shipping cost. When transmitted shipping cost
data is non-descriptive, inaccurate, or insufficient, CBP may require
ACAS filers to provide the contract of carriage as proof of the freight
charges under a referral for information.
The shipping cost data element will help CBP identify financial
information that, when combined with other data elements, will allow
CBP to identify suspicious or high-risk shipments.
(ii) Unmasked internet protocol (IP) address or media access
control (MAC) address of the device used to initiate the shipping
transaction and the unmasked IP address or MAC address of the device
used to file the ACAS filing each time an ACAS filing is submitted.
This data element collects both the IP address or MAC address of the
device used to initiate a shipping transaction and the IP address or
MAC address of the device used by an ACAS filer when transmitting each
ACAS filing.
As stated previously, shipping frequency/volume codes associated
with a low number of shipments or the use of an intermediary, such as a
shipping outlet, correlate to an absence of targetable data; thus, it
is necessary to require additional information for CBP to determine
whether those shipments present a threat to air cargo security. The
collection of an IP address or MAC address assists CBP's targeting of
high-risk air cargo by presenting an additional means of verifying the
identity and location of an ACAS filer and the party that initiated the
shipment.
Depending on the business models involved in a particular shipping
transaction, the device used to initiate the shipping transaction could
be the same device used to complete the ACAS filing. If this situation
occurs, the ACAS filer must transmit IP or MAC addresses for both the
initiating device and filing
[[Page 52812]]
device fields, even if the addresses are identical.
The language used here and in the regulatory text states that ACAS
filers must transmit the ``unmasked'' IP or MAC addresses ``of the
device used'' to initiate a shipping transaction and the device used to
complete an ACAS filing. This language specifies that the data element
is not satisfied if the ACAS filer transmits an IP address or MAC
address that is the result of using any technique or technology to mask
or otherwise misrepresent IP or MAC addresses because that would not be
the ``unmasked'' IP or MAC address ``of the device used.'' Examples of
masking include, but are not limited to, the use of proxy servers and
VPNs.
CBP understands that some members of the air cargo industry may
need to adjust their business practices to collect and transmit the
unmasked IP or MAC addresses of devices used to initiate shipping
transactions and devices used to file ACAS filings. However, CBP has
determined that IP and MAC address monitoring is an important security
feature given the significant consequences of attempted and successful
attacks and the heightened potential for threat actors to obfuscate
their identities when digitally interfacing with ACAS filers and CBP.
In accordance with section 1951 of the FAA Act (49 U.S.C. 44901
note) and section 343(a)(3) of the Trade Act (19 U.S.C. 1415(a)(3)),
CBP considered how to best implement this requirement using an
operationally feasible and practical approach that considers the
application of the data element's requirements, the ability of filers
to acquire information for transmittal, and differences in commercial
practices, among other statutory requirements.
Using commercially available software, it is reasonably possible to
log the IP address or MAC address, as applicable, of devices that
interface with an ACAS filer's networks. Using commercially available
software, it is also possible to determine if a device is utilizing IP
or MAC address masking techniques when the device interacts with an
ACAS filer's networks. When a party attempts to mask their IP or MAC
address, it is within the discretion of each ACAS filer or the relevant
third party to determine the unmasked IP or MAC address of the party
and transmit that information, refuse to accept the cargo for shipment
until the party provides their unmasked IP or MAC address for
transmittal, or use some other reasonable means of acquiring the
unmasked IP or MAC address.
ACAS filers are responsible for the accuracy of any information
that filers transmit to CBP. However, when ACAS filers receive
information from another party, CBP will take into consideration how,
in accordance with ordinary commercial practices, the filer acquired
the information, and whether and how the filer is able to verify the
information. See section 343(a)(3)(B) of the Trade Act (19 U.S.C.
1415(a)(3)(B)); 19 CFR 122.48b(c)(6).
Given the commercial availability of technologies that can
facilitate the logging of IP or MAC addresses and the detection of
masking techniques, CBP anticipates that ACAS filers will be able to
acquire unmasked IP or MAC addresses in most use cases. Additionally,
ACAS filers may choose to transmit either an IP address or a MAC
address to satisfy this data element. CBP allows this IP or MAC address
choice in consideration of certain trade practices where the provision
of an IP address may be impractical, such as when the ACAS filer is
required to report the address of a device on their own network that is
not connected to the internet. The option of providing an IP address or
MAC address does not excuse ACAS filers from their obligation to
provide accurate information for this data element. For example, if an
ACAS filer or relevant third party can reasonably confirm that an IP
address is unmasked, it would not be reasonable for the ACAS filer to
report a MAC address that the ACAS filer does not know to be accurate
or unmasked.
When an ACAS filer is not reasonably able to provide either an
unmasked IP address or an unmasked MAC address, CBP will permit the
ACAS filer to transmit data on the basis of what the filer reasonably
believes to be true. See section 343(a)(3)(B) of the Trade Act (19
U.S.C. 1415(a)(3)(B)); 19 CFR 122.48b(c)(6).
5. Conditional Data Elements Required Only in Certain Situations
The following data elements can be found under the new 19 CFR
122.48b(d)(4)(v).
(i) Biographic data. Biographic data is the data contained on a
CBP-approved government-issued photo identification document.
Biographic data also includes the date and time an individual presents
a CBP-approved government-issued photo identification document for the
collection of the text-based biographic data. The biographic data of an
individual presenting cargo for shipment must be transmitted when the
customer account shipping frequency/volume is assigned the shipping
outlet/walk-in code or when a shipment contains household goods or
personal effects.
When the conditions listed above occur, the individual presenting
cargo for shipment must provide the party taking custody of the cargo
for shipment with a CBP-approved government-issued photo identification
document. At minimum, CBP will recognize a document as CBP-approved if
it is a valid, unexpired government-issued driver's license or passport
that lists the required text-based biographic data and includes a photo
of the individual that the document is assigned to. CBP understands
that these documents may not be readily available to all individuals;
thus, CBP plans to list instructions for determining whether
additional, alternative documents are CBP-approved in the ACAS
Implementation Guide.\23\
---------------------------------------------------------------------------
\23\ The ACAS Implementation Guide will be located at <a href="https://www.cbp.gov/border-security/ports-entry/cargo-security/acas">https://www.cbp.gov/border-security/ports-entry/cargo-security/acas</a>.
---------------------------------------------------------------------------
The party accepting the cargo must verify that the document matches
the individual presenting the document. At minimum, the biographic data
transmitted to CBP must include the government-issued identification
document type, the identifier that is uniquely associated with the
identification document (e.g., an alphanumeric passport number), the
issuing government authority and country, the name of the individual,
and the date of birth. This data must be transmitted to CBP in a text
format. ACAS filers must also transmit the date and time when the
individual presented the government-issued photo identification
document.\24\
---------------------------------------------------------------------------
\24\ Instructions for formatting the biographic data date and
time reporting requirements will be located in the ACAS
Implementation Guide and Enhanced ACAS Frequently Asked Questions,
<a href="https://www.cbp.gov/border-security/ports-entry/cargo-security/acas">https://www.cbp.gov/border-security/ports-entry/cargo-security/acas</a>.
---------------------------------------------------------------------------
The government-issued photo identification document that is
presented by an individual for purposes of compliance with the
biographic data transmission requirement is subject to a copy retention
requirement found under the new 19 CFR 122.48b(c)(7). The data
collected under the biographic data date and time requirement will be
used by CBP to ensure ACAS filers' compliance with notifications to
obtain and retain copies of government-issued photo identification
documents. The copy retention requirement and CBP's analysis of data
collected under the biographic data date and time requirement are
discussed in more detail under Section IV.G. of this IFR.
CBP can more effectively assess the risk of a particular shipment
when the
[[Page 52813]]
parties involved in a shipping transaction are known to CBP and
regularly conduct similar transactions. Conversely, when a shipping
transaction occurs between parties that are not known to CBP as having
an ongoing business relationship, CBP's ability to accurately identify
the risk of a shipment based on the identity of the parties involved
diminishes. Thus, when the shipping outlet/walk-in code is assigned or
a shipment contains household goods or personal effects, CBP will
require the collection of biographic data to better identify the party
shipping the item. The collection of biographic data will allow CBP to
more effectively assess ACAS filings that contain cargo descriptions
that are generally assigned to shipments between individuals and
shipments between parties that are not known to CBP as having an
ongoing business relationship.
(ii) Link to product listing and unmasked IP address or MAC address
of the device used by the consignee to purchase the product. This data
element is required when a consignee, who does not have an account with
the logistics provider who issued the lowest level air waybill,
initiates a shipment by conducting a transaction on any internet store
or online marketplace platform (collectively, e-commerce platforms).
When this data element is required, the ACAS filer must transmit the
unmasked IP address or MAC address of the device used by the consignee
to purchase the product and either the uniform resource locator (URL)
or stock keeping unit (SKU) of the product.
As discussed below, e-commerce transactions present a special risk
to aircraft, crewmembers, and passengers, in part, due to the relative
anonymity associated with the transactions. To ensure that CBP receives
adequate identity and location information for parties involved in e-
commerce transactions, CBP determined that it is necessary to require,
under this link to product listing data element, the unmasked IP or MAC
address of certain consignees involved in e-commerce shipping
transactions.
This IFR separately requires the transmission of the unmasked IP or
MAC address of the device used to initiate the shipping transaction
when the customer account shipping frequency/volume data element is
assigned the shipping outlet/walk-in, immediate transaction, or
occasional shipper codes, which provides identity and location
information when there is a low frequency of shipments conducted by the
relevant parties or when there is an intermediary, such as a shipping
outlet. Under this low frequency condition set, ACAS filers would not
be required to transmit IP or MAC addresses for devices that initiate
shipping transactions on a regular/daily or high-volume basis. E-
commerce shipments will typically be assigned regular/daily or high-
volume frequency codes, thus, without a specific data element for e-
commerce consignees' IP or MAC addresses, CBP would be limited in its
ability to collect and analyze unmasked IP or MAC addresses for the
majority of e-commerce transactions. Additionally, in the e-commerce
context, the device that initiates the shipping transaction is likely a
device operated by the e-commerce platform and not the device used to
purchase the product; thus, the IP or MAC address of the device that
initiated the shipping transaction has limited usefulness in resolving
the anonymity issues associated with e-commerce transactions.
The language used here and in the regulatory text states that ACAS
filers must transmit the ``unmasked'' IP or MAC address ``of the device
used'' to purchase the product. This language specifies that the data
element is not satisfied if the ACAS filer transmits an IP address or
MAC address that is the result of using any technique or technology to
mask or otherwise misrepresent IP or MAC addresses because that would
not be the ``unmasked'' IP or MAC address ``of the device used.''
Examples of masking include, but are not limited to, the use of proxy
servers and VPNs.
CBP understands that some members of the air cargo industry and
third parties may need to adjust their business practices and incur
additional costs to collect and transmit the unmasked IP or MAC
addresses of the devices used by consignees to purchase products on e-
commerce platforms. However, CBP has determined that IP and MAC address
monitoring is an important security feature given the significant
consequences of attempted and successful attacks and the heightened
potential for threat actors to capitalize on the anonymity associated
with e-commerce transactions.
In accordance with section 1951 of the FAA Act (49 U.S.C. 44901
note) and section 343(a)(3) of the Trade Act (19 U.S.C. 1415(a)(3)),
CBP considered how to best implement this requirement using an
operationally feasible and practical approach that considers the
application of the data element's requirements, the ability of filers
to acquire information for transmittal, and differences in commercial
practices, among other statutory requirements.
Using commercially available software, it is reasonably possible to
log the IP address or MAC address, as applicable, of devices that
interface with a network. Using commercially available software, it is
also possible to determine if a device is utilizing IP or MAC address
masking techniques when a device interacts with a network. When a party
attempts to mask their IP or MAC address, it is within the discretion
of the ACAS filer or the relevant third party to determine the unmasked
IP or MAC address of the party and transmit that information, refuse to
complete an e-commerce transaction or accept the cargo for shipment
until the party provides their unmasked IP or MAC address for
transmittal, or use some other reasonable means of acquiring the
unmasked IP or MAC address.
For most of the IP or MAC address transmission requirements
introduced by this IFR, the IP or MAC address will be associated with a
device that interfaces directly with an ACAS filer's networks. However,
for this IP or MAC address of the e-commerce consignee requirement, the
device used by a consignee to purchase a product from an e-commerce
platform will likely interface with an e-commerce platform's networks
to purchase the product and will likely not interface with an ACAS
filer's networks. Thus, similar to how ACAS filers acquire information
from e-commerce platforms to identify U.S.-based consignees for
existing consignee data elements, such as the consignee name and
address, ACAS filers will need to engage with third parties, such as e-
commerce platforms, to ensure that the necessary information is
collected and provided to the ACAS filer for transmission to CBP.
ACAS filers are responsible for the accuracy of any information
that filers transmit to CBP. However, when ACAS filers receive
information from another party, CBP will take into consideration how,
in accordance with ordinary commercial practices, the filer acquired
the information, and whether and how the filer is able to verify the
information. See section 343(a)(3)(B) of the Trade Act (19 U.S.C.
1415(a)(3)(B)); 19 CFR 122.48b(c)(6).
Given the commercial availability of technologies that can
facilitate the logging of IP or MAC addresses and the detection of
masking techniques, CBP anticipates that ACAS filers will be able to
acquire unmasked IP or MAC addresses in most use cases. Additionally,
ACAS filers may choose to transmit either an IP address or a MAC
address to satisfy this data element. CBP allows this IP or MAC address
choice in consideration of
[[Page 52814]]
certain trade practices where the provision of an IP address may be
impractical, such as when the ACAS filer is required to report the
address of a device on their own network that is not connected to the
internet. The option of providing an IP address or MAC address does not
excuse ACAS filers from their obligation to provide accurate
information for this data element. For example, if an ACAS filer or
relevant third party can reasonably confirm that an IP address is
unmasked, it would not be reasonable for the ACAS filer to transmit a
MAC address that the ACAS filer does not know to be accurate or
unmasked.
When an ACAS filer is not reasonably able to provide either an
unmasked IP address or an unmasked MAC address, CBP will permit the
ACAS filer to transmit data on the basis of what the filer reasonably
believes to be true. See section 343(a)(3)(B) of the Trade Act (19
U.S.C. 1415(a)(3)(B)); 19 CFR 122.48b(c)(6).
In addition to identifying the IP or MAC address of the device used
to purchase a product from an e-commerce platform, ACAS filers are also
required to transmit a URL or SKU that identifies the product. If an
ACAS filer provides an inactive or defective URL, this data element is
not satisfied because the regulatory text requires the transmission of
the URL of the product, hence, an active link that CBP could use to
reference the product. CBP recognizes that the business practices of e-
commerce platforms may require the ongoing modification of a product's
URL. Thus, the link to product listing data element also provides for
the transmission of a SKU, so long as the ACAS filer provides the home
page of the e-commerce platform and entry of the SKU into the search
function of the website directs a user to the active product landing
page.
The large volume of shipments conducted as a result of e-commerce
transactions, the potential for the obfuscation of the true contents of
a shipment, and the relative anonymity afforded to participants in e-
commerce transactions presents a special risk to air cargo
security.\25\ For example, many e-commerce platforms facilitate
transactions between purchasers and third-party vendors that
independently package and ship merchandise. The degrees of separation
between the e-commerce platform and third-party vendors can make
oversight and enforcement difficult or unattractive for e-commerce
platforms. This anonymity and the relative ease of establishing a
business relationship with an e-commerce platform, among other factors,
can make e-commerce platforms effective distribution tools for
manufacturers of counterfeit consumer products and other illicit items.
As relevant to this emergency rulemaking, these factors of anonymity
and ease-of-use also present a specific security vulnerability that
threat actors can exploit to target aircraft, especially considering
the high volume of e-commerce shipments that enter the United States as
air cargo shipments.\26\
---------------------------------------------------------------------------
\25\ See DHS, Combating Trafficking in Counterfeit and Pirated
Goods (Jan. 24, 2020), <a href="https://www.dhs.gov/sites/default/files/publications/20_0124_plcy_counterfeit-pirated-goods-report_01.pdf">https://www.dhs.gov/sites/default/files/publications/20_0124_plcy_counterfeit-pirated-goods-report_01.pdf</a>
(last visited Sept. 29, 2025); GAO, Use of Online Marketplaces and
Virtual Currencies in Drug and Human Trafficking, GAO-22-105101
(Feb. 2022), <a href="https://www.gao.gov/products/gao-22-105101">https://www.gao.gov/products/gao-22-105101</a> (last
visited Sept. 29, 2025); cf. 90 FR 3048, 3060 (Jan. 14, 2025); 90 FR
6852, 6857 (Jan. 21, 2025).
\26\ See CBP, E-Commerce, <a href="https://www.cbp.gov/trade/basic-import-export/e-commerce">https://www.cbp.gov/trade/basic-import-export/e-commerce</a> (last visited Sept. 29, 2025) (regarding
the volume of e-commerce shipments that enter the United States as
air cargo).
---------------------------------------------------------------------------
This data element will allow CBP to identify the item being
imported into the United States, the marketplace that facilitated the
creation of the shipment, and the location of the device that purchased
the product. With this information, CBP can compare the cargo
description, an existing mandatory ACAS data element, and the URL or
SKU item description for discrepancies, identify online marketplaces
that present abnormal risk profiles, and identify discrepancies between
the location of the purchaser and the destination of the cargo
shipment.
Based on feedback from industry, CBP believes that an unmasked IP
or MAC address would only be required for a minority of ACAS filings
because the majority of ACAS filings involve a shipper that is a
Verified Known Consignor. In addition, even for those filings that do
not involve a shipper that is a Verified Known Consignor, the filer
would only be required to provide an individual's unmasked IP or MAC
address in certain circumstances. At the same time, CBP recognizes that
there may be privacy, security, or implementation cost concerns
associated with the requirement to provide unmasked IP or MAC addresses
in some circumstances, and that effects on companies could vary
depending on their existing information technology (IT) infrastructure
and business practices. Such concerns may arise from the requirement to
provide an actual IP or MAC address that is linked to a specific device
and not an address that is the result of using a masking technique,
such as the use of a proxy server or VPN. Concerns may also be related
to how parties might maintain, use, and disclose this information,
specifically, the collection of unmasked IP or MAC addresses by ACAS
filers and third parties that report information to ACAS filers, or
CBP's receipt of this information. Additionally, CBP recognizes that
the unmasked IP or MAC address requirements could create additional
financial burdens for parties who provide information to ACAS filers
(such as some e-commerce sites and their customers).
CBP recognizes that there are genuine, non-nefarious reasons for
seeking privacy protections, such as the use of IP or MAC address
masking techniques, when connected to the internet, including making it
harder for hackers to target an individual's device or steal sensitive
data. In addition, CBP recognizes that there are potential costs for
requiring this information, including costs that may extend beyond ACAS
filers. Similarly, CBP recognizes that there is a significant benefit
to requiring unmasked IP or MAC addresses, such as a greater chance of
averting an attack on international aviation that could result in a
significant loss of life and disrupt global supply chains.
In analyzing the July 2024 incidents and other potential threats,
CBP determined that the transmission of additional location or device
identity information, including the transmission of unmasked IP or MAC
addresses, would aid CBP's targeting of high-risk shipments in certain
circumstances. While other ACAS data elements also provide CBP with
location and identity information, such as the consignee name and
address, unmasked IP and MAC addresses may offer technically verifiable
location or device identity information that CBP believes is more
difficult for threat actors to misrepresent compared to other ACAS data
elements and generally provides an important additional point of
comparison. CBP determined that the value of unmasked IP or MAC address
information in conjunction with the significant and potentially life-
threatening consequences of attacks on international aviation warranted
the approach taken in this rule.
However, CBP has sought to limit the collection of these and other
conditional data elements to the extent possible. In addition to other
limiting conditions, unmasked IP or MAC addresses are only required if
the shipper is not identified as a Verified Known Consignor. As noted
above and as discussed in Section V.B., CBP believes that this
condition will significantly limit the applicability of the unmasked IP
or MAC address requirements, among other enhanced
[[Page 52815]]
ACAS data elements. These conditions impose transmission requirements
in scenarios associated with heightened threat levels, in which CBP
believes the security benefit justifies requiring unmasked IP or MAC
addresses in certain circumstances.
When unmasked IP or MAC addresses are transmitted to CBP, CBP will
use the information in accordance with statutory requirements
applicable to CBP's use of advance electronic information for cargo and
ACAS information specifically. See, e.g., 19 U.S.C. 1415(a)(3)(F), (G);
section 1951(h) of the FAA Act (49 U.S.C. 44901 note). Section V.E.
contains additional information regarding CBP's handling of information
collected pursuant to the ACAS program.
F. Optional Data Elements
Under the existing ACAS program, CBP encourages ACAS filers to
transmit data elements that are not required or additional information
regarding ACAS data as optional data elements. The transmission of
optional data elements is voluntary in all circumstances; however, CBP
recommends the transmission of these data elements when available
because these data elements improve CBP's targeting of high-risk cargo
and may allow for a faster ACAS disposition. To accommodate the
addition of new conditional data elements, the optional data elements
previously listed under 19 CFR 122.48b(d)(3) can now be found under the
new 19 CFR 122.48b(d)(5). These data elements provide additional points
of comparison during CBP's targeting of high-risk shipments that
complement or contrast against data elements that are required for
transmission. To gain the greatest possible security benefit from these
voluntary transmissions, CBP determined that it is necessary to provide
additional guidance to standardize the transmission of certain optional
data elements. Thus, CBP is revising the list of optional data elements
currently provided by regulation as follows:
(i) Second Notify Party. This is an existing optional data element
that allows the ACAS filer to voluntarily designate a second notify
party to receive shipment status messages from CBP. This IFR does not
modify the Second Notify Party optional data element.
(ii) Origin of Shipment. This is the International Standards
Organization (ISO) country code that represents the country where the
cargo was tendered for shipment. This data element can complement or
contrast against information reported under the shipment packing
location and/or scheduled shipment pickup location data element, among
others.
(iii) Declared Value. This is the U.S. fair market value of the
cargo in U.S. dollars.
(iv) Harmonized Commodity Code. This is the Harmonized Tariff
Schedule (HTS) code at the 6-digit or 10-digit level that most
accurately identifies the cargo. CBP's use of HTS refers to the
Harmonized Tariff Schedule of the United States.\27\ The first six
digits of a 10-digit HTS (HTS-10) code are identical to the digits
contained in a 6-digit HTS (HTS-6) code, sometimes referred to as a
Harmonized System code. The remaining four digits in an HTS-10 code
further classify the cargo, and within the ACAS program, provide CBP
with the most effective targeting information.
---------------------------------------------------------------------------
\27\ The Harmonized Tariff Schedule of the United States is
available electronically at <a href="https://hts.usitc.gov/">https://hts.usitc.gov/</a> (last visited
Sept. 29, 2025).
---------------------------------------------------------------------------
As a mandatory data element, ACAS filers are already required to
transmit a precise cargo description, which is defined under 19 CFR
122.48a as a precise cargo description or HTS-6 code. CBP introduced
this optional data element to clarify that ACAS filers are encouraged
to transmit both a precise cargo description and an HTS-6 or HTS-10
code.
(v) Transaction Type. This is the CBP-specified code that best
represents the transactional relationship between the shipper and the
consignee. For example, if an individual in a foreign country is
shipping cargo to a business in the United States, the ACAS filer
should assign the Consumer to Business code. These codes can be found
in the ACAS Implementation Guide.\28\ The list of transaction types
also includes special categories, such as live animals or dangerous
goods, which may complement the special handling type optional data
element.
---------------------------------------------------------------------------
\28\ The CBP ACAS Implementation Guide can be found at <a href="https://www.cbp.gov/document/guides/air-cargo-advance-screening-acas-implementation-guide">https://www.cbp.gov/document/guides/air-cargo-advance-screening-acas-implementation-guide</a> (last visited Sept. 29, 2025).
---------------------------------------------------------------------------
(vi) Special Handling Type. This is the CBP-specified special
handling or dangerous goods code applicable to certain cargo shipments.
A cargo shipment may have a special handling type to signify the
presence of special or dangerous cargo that requires non-standard
handling. These codes can be found in the CBP Export Manifest
Implementation Guide and the CBP ACAS Implementation Guide.\29\ For
example, a shipment of flowers could be assigned the ``PEF'' code. The
voluntary reporting of special handling types in the ACAS filing alerts
CBP to the presence of anomalous or unusual cargo which could benefit
the filer by hastening the resolution of, or avoiding the issuance of,
any potential referrals.
---------------------------------------------------------------------------
\29\ The CBP Export Manifest Implementation Guide can be found
at <a href="https://www.cbp.gov/document/guidance/ace-export-manifest-implementation-guide">https://www.cbp.gov/document/guidance/ace-export-manifest-implementation-guide</a> (last visited Jan. 28, 2025). The CBP ACAS
Implementation Guide can be found at <a href="https://www.cbp.gov/document/guides/air-cargo-advance-screening-acas-implementation-guide">https://www.cbp.gov/document/guides/air-cargo-advance-screening-acas-implementation-guide</a> (last
visited Jan. 28, 2025).
---------------------------------------------------------------------------
(vii) Customer Account Email Address. This is the email address
associated with the account identified under the customer account name
data element.
(viii) Customer Account Phone Number. This is the phone number
associated with the account identified under the customer account name
data element.
(ix) Shipper Manufacturer Identification (MID) Code or Authorized
Economic Operator (AEO) Number. This is the MID code or AEO number and
code representing the designating body for the party identified as the
shipper. Instructions for deriving a MID code can be found under
Customs Directive No. 3550-055.\30\ AEO numbers are issued by customs
agencies to identify parties involved in international trade that meet
certain security standards. If transmitting an AEO number, ACAS filers
must also identify the designating body.
---------------------------------------------------------------------------
\30\ CBP Customs Directive No. 3550-055, Attachment A (Nov. 24,
1986), <a href="https://www.cbp.gov/document/guidance/3550-055-instructions-deriving-manufacturershipper-identification-code">https://www.cbp.gov/document/guidance/3550-055-instructions-deriving-manufacturershipper-identification-code</a> (last visited Jan.
29, 2025).
---------------------------------------------------------------------------
For purposes of satisfying the Verified Known Consignor conditional
data elements, CBP plans to recognize certain MID codes or AEO numbers
associated with programs that meet CBP's security requirements. CBP is
introducing this optional data element to encourage the transmission of
MID codes or AEO numbers that are not used to satisfy the Verified
Known Consignor data element. MID codes and AEO numbers transmitted
under this optional data element can improve CBP's identification of
shippers and indicate the existence of certain risk factors.
(x) Consignee Importer of Record Number. This is the U.S. Social
Security number, Internal Revenue Service number, Employer
Identification Number (EIN), or CBP-assigned number used as the
importer of record number by the party identified as the consignee.
This data element will be used by CBP to identify the consignee that is
the importer of record for a particular cargo shipment.
[[Page 52816]]
(xi) Regulated Agent Name, Address, and Code. This is the name,
address, and code associated with a party that ensures security
controls for the transportation of cargo by air in accordance with
standards established by a CBP-recognized body. Regulated agent status
designates parties that undertake certain security controls in the
handling of cargo that may limit the security risk posed by those
shipments. It is within CBP's sole discretion to recognize regulated
agent programs that could be used by an ACAS filer to complete this
data element field. CBP reserves the right to not recognize a regulated
agent program or a party's regulated agent status at any time.
CBP currently plans to recognize the regulated agent program
specified under EU Commission Implementing Regulation 2015/1998 as
imposing sufficiently rigorous security standards.\31\ CBP encourages
public comment on additional programs similar to the EU's regulated
agent program that could be used to satisfy this data element.
---------------------------------------------------------------------------
\31\ See Commission Implementing Regulation 2015/1998 of Nov. 5,
2015, Laying Down Detailed Measures for the Implementation of the
Common Basic Standards on Aviation Security, annex, 2015 O.J. (L
299) 1, <a href="https://data.europa.eu/eli/reg_impl/2015/1998/oj">https://data.europa.eu/eli/reg_impl/2015/1998/oj</a> (last
visited Sept. 29, 2025).
---------------------------------------------------------------------------
(xii) ACAS Filing Type. This is a CBP-specified code that
represents the nature of the handling and transportation of the cargo.
The regulatory text provides the examples of standard, express, and e-
commerce; however, CBP may add additional filing types through further
guidance. The express filing type represents delivery services that are
offered to the public as door-to-door deliveries on a reliable and
timely basis. The standard filing type represents the remainder of
cargo shipments that are not advertised as an ``express'' option. E-
commerce cargo shipments may be transported as standard or express, but
are distinguished as a unique filing type by the presence of an online
store or internet marketplace that facilitates the cargo shipment.
(xiii) CBP is also revising the regulatory text from the previous
19 CFR 122.48b(d)(3), which encourages ACAS filers to transmit data
that is not required for a particular ACAS filing, to remove the
references to telephone numbers, email addresses, and internet protocol
addresses as examples of optional data elements. This revision
clarifies that some previously optional data elements are now mandatory
or conditional ACAS data elements. CBP continues to encourage ACAS
filers to submit additional information regarding any of the ACAS data
or any data listed in 19 CFR 122.48a that is not ACAS data, when
available. The regulatory text encouraging the transmission of
additional information regarding ACAS data or data listed in 19 CFR
122.48a can be found under the new 19 CFR 122.48b(d)(5)(xiii).
G. Retention of Government-Issued Photo Identification Document Copies
To support the new biographic data transmission requirement,
detailed under Section IV.E.5., CBP is adding a records retention
requirement under the new 19 CFR 122.48b(c)(7). When ACAS filers are
required to transmit the biographic data conditional data element
(i.e., when (1) the customer account shipping frequency/volume,
identified under 19 CFR 122.48b(d)(4)(ii)(C), is assigned the shipping
outlet/walk-in code, or (2) when a shipment contains household goods or
personal effects), CBP may, following prior notification from CBP to
ACAS filers, require that ACAS filers obtain a copy of the government-
issued photo identification document used to supply the text-based
biographic data and retain the copy for 3 years. During the retention
period, the ACAS filer must provide the copy to CBP if requested.
The language used here and in the regulatory text, new 19 CFR
122.48b(c)(7), specifies that ACAS filers are not required to retain
document copies by default; however, CBP may require the retention of
document copies at CBP's discretion. ACAS filers will not be required
to obtain and retain copies unless prior notification is provided to
ACAS filers by CBP. CBP will provide the notification to ACAS filers
through an established, pre-existing means of communication. For
example, CBP may send the notification to the email address provided by
ACAS filers under 19 CFR 122.48b(c)(3)(iv), the 24 hours/7 days a week
ACAS filer email address.
The biographic data transmission requirement found under the new 19
CFR 122.48b(d)(4)(v)(A) requires ACAS filers to transmit the date and
time the individual shipping the cargo provided the government-issued
photo identification document to supply the text-based biographic data.
An ACAS filer's compliance with the document copy retention requirement
will be determined by comparing the date and time CBP sent the copy
retention notification to the ACAS filer and the date and time an
individual presented a government-issued photo identification document
for the collection of text-based biographic data under the new 19 CFR
122.48b(d)(4)(v)(A).
CBP retains discretion over the applicability of any requirement to
retain copies, including, but not limited to, requirements to retain
copies on a temporary or ongoing basis and the applicability of
retention requirements to ACAS filings originating from certain ACAS
filers, geographic regions, or countries.
CBP selected a 3-year copy retention period to identify individuals
that present a risk to air cargo security, aid in the resolution of any
questions regarding an individual's identity, and assist CBP in
verifying the accuracy of transmitted biographic data under the new 19
CFR 122.48b(d)(4)(v)(A). As discussed previously, CBP will not require
ACAS filers to provide document copies to CBP unless CBP requests a
copy; thus, a 3-year copy retention period is also necessary to ensure
that document copies remain available in the event that an enforcement
action occurs. See 19 CFR 113.62(l), 113.63(h), 113.64(i).
H. Exemption of ACAS Data From Disclosure
Under section 343(a)(3)(G) of the Trade Act (19 U.S.C.
1415(a)(3)(G)), CBP is required to promulgate regulations that protect
the privacy of business proprietary and any other confidential cargo
information provided to CBP pursuant to the ACAS regulations. Data
electronically presented to CBP in accordance with 19 CFR 122.48a is
specifically exempt from disclosure as either trade secrets or
privileged or confidential commercial or financial information under 19
CFR 103.31a, unless CBP receives a specific request for such records
pursuant to 6 CFR 5.3, and the owner of the information expressly
agrees in writing to its release. 19 CFR 122.48a(a) states that ACAS
data is a subset of data required under 19 CFR 122.48a and notes that
any data identified as ACAS data under 19 CFR 122.48a(d) is ``subject
to the requirements and time frame described in Sec. 122.48b.''
The original ACAS data elements, delineated under the 2018 IFR, are
exempt from disclosure under 19 CFR 103.31(a) because those data
elements are entirely a subset of data required under 19 CFR 122.48a.
However, the enhanced set of ACAS data elements, introduced in this
IFR, combines the previous subset of 19 CFR 122.48a data elements with
a new set of data elements unique to the ACAS program (19 CFR 122.48b).
As such, information transmitted pursuant to the new ACAS data element
requirements would not be explicitly exempt from disclosure
[[Page 52817]]
unless 19 CFR 103.31a is revised to specifically exempt those data
elements.
While the ACAS data elements delineated in the 2018 IFR would
continue to be exempt from disclosure without revising 19 CFR 103.31a
and the new ACAS data elements could be protected by applicable Freedom
of Information Act (FOIA) exemptions (see 5 U.S.C. 552(b)), CBP
determined that it is necessary to modify 19 CFR 103.31a(a) to per se
exempt the new ACAS data elements introduced in this IFR from
disclosure.
Information transmitted pursuant to the new data element
requirements may contain trade secrets or privileged or confidential
commercial or financial information; thus, it is immediately necessary
to per se exempt information transmitted pursuant to those data element
requirements to promote industry compliance with the enhanced ACAS
requirements. If information transmitted pursuant to these data element
requirements were not per se exempt from disclosure, ACAS filers, and
parties who supply ACAS filers with information to complete ACAS
filings, may be hesitant to provide information that could be
disclosed. As discussed throughout this IFR, complete and accurate ACAS
data is necessary to inform CBP's assessments of threats to aircraft,
crewmembers, and passengers entering the United States. Thus, in
accordance with Trade Act requirements, CBP is adding a specific
reference to ``Sec. 122.48b'' in 19 CFR 103.31a(a) to ensure that the
new enhanced ACAS data elements introduced in this IFR receive the same
per se exemptions from disclosure that the original ACAS data elements
presently receive.
I. Phased Enforcement
As required under section 343(a)(3)(J) of the Trade Act (19 U.S.C.
1415(a)(3)(J)), CBP considered whether it would be appropriate to
provide a transition period between the promulgation of the new ACAS
data elements and the effective date of the regulation. Given the
immediate threat to aviation security discussed in Sections III.E. and
V.A., CBP determined that a delayed effective date would be
inappropriate because the immediate implementation of the new ACAS data
elements is necessary to address a demonstrated, existing security
vulnerability.
However, to provide members of industry sufficient time to adjust
to the new requirements and in consideration of the business process
changes that may be necessary to achieve full compliance, CBP will show
restraint in enforcing the data transmission requirements introduced by
this IFR for 12 months after the effective date, taking into account
difficulties that inbound air carriers and other eligible ACAS filers
may face in complying with the rule, so long as inbound air carriers
and other eligible ACAS filers are making significant progress toward
compliance and are making a good faith effort to comply with the rule
to the extent of their current ability.
While full enforcement will be phased in over this 12-month period,
willful and egregious violators will be subject to enforcement actions
at all times. CBP welcomes comments on this phased enforcement.
As required under section 343(a)(3)(E) of the Trade Act (19 U.S.C.
1415(a)(3)(E)), CBP also considered whether interim requirements may be
appropriate to the extent the technology necessary for parties to
transmit ACAS data, and for CBP to receive and analyze the data, is
available at the time of promulgation. Members of the air cargo
industry have successfully transmitted ACAS data to CBP on a mandatory
basis since 2018; thus, the technological framework for transmitting
ACAS data to CBP currently exists. Although the addition of new data
elements will likely require ACAS filers to modify their transmission
software to accommodate the new requirements, some ACAS filers have
already adapted their systems to source and transmit information for
many of the new requirements, and for other ACAS filers, updated
commercial software is available. CBP has developed the technical
ability to receive and analyze the enhanced ACAS data elements.
Based on these observations and CBP's conversations with members of
the air cargo industry, the technology necessary to implement the
enhanced ACAS data element transmission requirements exists and is
widely available. CBP recognizes that additional software development,
technology acquisition, and coordination and negotiation among supply
chain participants may be needed to implement the sourcing or
transmission of information for specific requirements. However, CBP
determined that the imposition of interim requirements would not be
appropriate because the technology necessary to transmit and source
information for the enhanced ACAS data elements presently exists.
Instead, CBP determined that the previously discussed phased
enforcement period would be most beneficial for ACAS filers in adapting
existing systems to source and transmit information for the enhanced
ACAS data element requirements. A phased enforcement period will
immediately provide CBP with available enhanced ACAS data and enable
ACAS filers to effectively allocate technology development resources
toward adapting existing technology to comply with one set of
requirements.
J. Severability
CBP intends for the decisions contained in this rule to be
severable from each other and to be given effect to the maximum extent
possible, such that if a court holds that any provision is invalid or
unenforceable--whether in their entirety or as to a particular person
or circumstance--the other provisions will remain in effect as to any
other person or circumstance.\32\ The various decisions in this IFR are
designed to function sensibly without the others, and CBP intends for
them to be severable so that each can operate independently.
---------------------------------------------------------------------------
\32\ Courts have uniformly held that the APA, 5 U.S.C. 706(2),
authorizes courts to sever and set aside ``only the offending parts
of the rule.'' Carlson v. Postal Regulatory Comm'n, 938 F.3d 337,
351 (D.C. Cir. 2019); see, e.g., K Mart Corp. v. Cartier, Inc., 486
U.S. 281, 294 (1988).
---------------------------------------------------------------------------
For example, CBP would intend to be able to implement as much of
the rule as possible, even if it could not implement some of the rule
(such as a conditional data element) due to a court order. This
approach ensures that CBP can make necessary security improvements to
the greatest extent possible.
Even if a court order were to render the requirement to transmit a
particular data element invalid or unenforceable and ACAS filers'
responses under that data element inform filers' responsibilities to
transmit other data elements, CBP would intend that ACAS filers
continue to provide the other data elements, using the preamble of this
IFR as guidance for the applicability of any conditions to the extent
this conditionality interpretation does not violate a court order. For
example, if a court holds that the requirement to provide the customer
account shipping frequency/volume data element is unenforceable, CBP
intends that ACAS filers would continue to be required to transmit
biographic data if the conditions described in the preamble for the
shipping outlet/walk-in code exist.
If a stricken provision creates a question of whether or not a
conditional data element should be transmitted, CBP intends that ACAS
filers would interpret the stricken provision as satisfied such that
transmission of the conditional data element is required.
[[Page 52818]]
For example, if a court holds that the verified known consignor
information data element is unenforceable, CBP would intend that ACAS
filers be required to provide a customer account establishment date for
all ACAS filings where the immediate transaction code was not assigned
to the ACAS filing. In this example, the verified known consignor
precondition under the new 19 CFR 122.48b(d)(4) would be considered
satisfied, regardless of the existence of a known consignor.
V. Statutory and Regulatory Reviews
A. Administrative Procedure Act
The Administrative Procedure Act (APA), 5 U.S.C. 551 et seq.,
generally requires agencies to publish a notice of proposed rulemaking
in the Federal Register and provide interested persons the opportunity
to submit comments prior to issuing a final rule. However, the APA
provides an exception to these requirements ``when the agency for good
cause finds (and incorporates the finding and a brief statement of
reasons therefor in the rules issued) that notice and public comment
thereon are impracticable, unnecessary, or contrary to the public
interest.'' 5 U.S.C. 553(b)(B). The good cause exception ``excuses
notice and comment in emergency situations . . . or where delay could
result in serious harm.'' \33\
---------------------------------------------------------------------------
\33\ Jifry v. FAA, 370 F.3d 1174, 1179 (D.C. Cir. 2004)
(citations omitted).
---------------------------------------------------------------------------
Notice and comment is impracticable when the due and required
execution of agency functions would be unavoidably prevented by
undertaking public rulemaking proceedings.\34\ Impracticability can
occur when there is an imminent hazard to aircraft, persons, or
property within the United States, or when immediate implementation of
a rule might directly affect public safety.\35\
---------------------------------------------------------------------------
\34\ See S. Doc. No. 248, 79th Cong., 2d Sess. 200 (1946).
\35\ See Jifry v. FAA, 370 F.3d 1174, 1179 (D.C. Cir. 2004);
NRDC v. Nat'l Highway Traffic Safety Admin., 894 F.3d 95, 114 (2d
Cir. 2018).
---------------------------------------------------------------------------
The public interest prong of the good cause exception applies when
ordinary procedures of notice and comment, generally presumed to serve
the public interest, would actually harm the public interest.\36\ This
prong is distinct from the need for immediacy under the
impracticability prong and is ``appropriately invoked when the timing
and disclosure requirements of the usual procedures would defeat the
purpose of the proposal.'' \37\
---------------------------------------------------------------------------
\36\ Mack Trucks, Inc. v. EPA, 682 F.3d 87, 95 (D.C. Cir. 2012);
see Florida v. HHS, 19 F.4th 1271, 1306 (11th Cir. 2021).
\37\ See Mack Trucks, Inc. v. EPA, 682 F.3d 87, 95 (D.C. Cir.
2012).
---------------------------------------------------------------------------
The implementation of this rule as an interim final rule, with
provisions for post-promulgation public comments, is based on the APA's
good cause exception. As explained below, delaying the publication of
this IFR for purposes of providing public notice and comment and
following the APA's 30-day waiting period would be impracticable and
contrary to the public interest.
Delaying the publication of this IFR for purposes of conducting
notice and comment would be impracticable because of the immediate need
for CBP to address imminent threats to the security of aircraft and
persons entering the United States. CBP issued the 2018 ACAS
regulations as an IFR because of specific, classified intelligence that
certain terrorist organizations sought to exploit vulnerabilities in
international air cargo security to cause damage to infrastructure and
to cause injury or loss of life in the United States. While the
regulations introduced by the 2018 IFR addressed certain security
risks, since then, CBP's ongoing review of the ACAS program and
specific, classified intelligence regarding the evolving threat
environment have identified additional vulnerabilities.
Recent incidents, such as the July 2024 incendiary attacks
described in Section III.E., demonstrate the immediate risk that threat
actors pose to the security of air cargo infrastructure and the safety
of individuals. CBP's discussions with members of the air cargo
industry during the implementation period, detailed in Section III.F.,
also highlighted the immediate need for CBP regulations that could
mandate the provision of the enhanced ACAS data elements for both air
carriers and other eligible ACAS filers. Given the demonstrated
vulnerability within air cargo security and heightened global tensions
that may result in further attempts to attack critical air cargo
infrastructure, it would be impracticable to delay the publication of
this IFR for the purposes of conducting notice and comment procedures.
Notice and comment procedures would be contrary to the public
interest because advance public notice of these regulations would
highlight a vulnerability that threat actors could leverage in the
period between the provision of public notice and the effective date of
the enhanced ACAS requirements. The abilities of threat actors vary
significantly; thus, while a threat from certain sophisticated actors
poses an imminent threat to air cargo security, other less
sophisticated actors may not be aware of the existence or full scope of
a vulnerability until public notice from a government entity alerts
that threat actor. In this case, public notice and comment procedures
would provide threat actors with the list of enhanced ACAS data
elements with sufficient time prior to the effective date of the
regulations to plan and act on any perceived vulnerabilities. In the
current threat environment, attempted or unsuccessful attacks can still
threaten the safety of the American public and have disruptive effects
to the supply chain similar to those of a successful attack, such that
any perceived actionable vulnerability significantly outweighs the
public's interest in conducting notice and comment prior to
implementation of the enhanced ACAS data elements.
For the reasons stated above, CBP has determined that it would be
impracticable and contrary to the public interest to delay the
implementation of this rule to provide for prior public notice and
comment. While CBP has determined that this rule is exempt from the
APA's notice and comment requirements, CBP is providing the public with
the opportunity to comment without delaying implementation of this
rule. CBP will accept public comments for 60 days following the
publication of this IFR. CBP will respond to the comments received when
it issues a final rule.
In addition to finding that this IFR meets the good cause exception
from the APA's notice and comment procedures, CBP finds that good cause
exists such that this rule is not subject to the 30-day delayed
effective date requirement found under 5 U.S.C. 553(d)(3); thus, this
rule is effective immediately upon publication. Delaying the effective
date of this rule for 30 days after publication would be impracticable
and contrary to the public interest for the same critical national
security reasons that necessitated the publication of this rule without
notice and comment procedures. Without an immediate effective date, the
United States would be left unnecessarily vulnerable to a specific
threat. Therefore, this rule is effective upon publication.
As such, CBP finds that this rule is exempt from the public notice
and comment and delayed effective date requirements of the APA under
the good cause exception.
B. Executive Orders 12866, 13563, and 14192
Executive Orders 12866 (Regulatory Planning and Review) and 13563
(Improving Regulation and Regulatory Review) direct agencies to assess
the costs and benefits of available regulatory alternatives and, if
regulation is
[[Page 52819]]
necessary, to select regulatory approaches that maximize net benefits.
Executive Order 13563 emphasizes the importance of quantifying costs
and benefits, reducing costs, harmonizing rules, and promoting
flexibility. Executive Order 14192 (Unleashing Prosperity Through
Deregulation) directs agencies to significantly reduce the private
expenditures required to comply with Federal regulations and provides
that ``any new incremental costs associated with new regulations shall,
to the extent permitted by law, be offset by the elimination of
existing costs associated with at least 10 prior regulations.''
The Office of Management and Budget (OMB) has designated this rule
an economically significant regulatory action as defined under section
3(f)(1) of E.O. 12866. Accordingly, the rule has been reviewed by the
Office of Management and Budget.
This rule is not an Executive Order 14192 regulatory action because
it is being issued with respect to a national security or homeland
security function of the United States. The benefit-cost analysis
demonstrates that the regulation is anticipated to improve national or
homeland security as its primary direct benefit and OIRA and the
promulgating agency agree the regulation qualifies for a `good cause'
exception under 5 U.S.C. 553(b)(B). See OMB Memorandum M-25-20,
``Guidance Implementing Section 3 of Executive Order 14192, titled
`Unleashing Prosperity Through Deregulation''' (Mar. 26, 2025). CBP
conducted an economic analysis to assess the potential impacts of this
IFR, which can be found in the following sections. Although this
analysis attempts to mirror the terms and wording of the rule, readers
are cautioned that the regulatory text, not the text of this
assessment, is binding. In summary, CBP expects that during the period
of analysis (from 2024 to 2033), the net cost of this IFR will range
from $877 million (7% discount rate, 2024 U.S. dollars) to $1.04
billion (3% discount rate, 2024 U.S. dollars). The annualized costs
will range from $116,754,193 to $118,721,545 (7% and 3% discount rate
respectively). This IFR will affect CBP, air carriers, and other trade
members engaging in the process of importing cargo into the United
States by air. CBP anticipates that this IFR will also provide added
benefits in the form of enhanced cargo safety and security measures
that will reduce the potential for the loss of life, destruction of
infrastructure, and the disruption of supply chains due to a threat.
Due to data limitations, CBP is unable to monetize the benefits of this
rule. Instead, CBP conducts a ``break-even'' analysis, which shows how
often a terrorist event must be avoided due to the rule for the
benefits to equal or exceed the costs of the enhanced ACAS program. As
this rule has annualized costs of over $100 million, the rule is
considered an economically significant rulemaking, and, in accordance
with OMB Circular A-4 and Executive Order 12866, CBP has provided
accounting statements in Table 2.
BILLING CODE 9111-14-P
[[Page 52820]]
[GRAPHIC] [TIFF OMITTED] TR21NO25.015
BILLING CODE 9111-14-C
1. Purpose, Background, and Baseline
Section 343(a) of the Trade Act authorizes CBP to promulgate
regulations providing for the mandatory transmission of cargo
information by way of a CBP-approved electronic data interchange (EDI)
system before the cargo is brought into or departs from the United
States by any mode of commercial transportation. The required cargo
information is that which is reasonably necessary to enable high-risk
cargo to be identified for purposes of ensuring cargo safety and
security pursuant to the laws enforced and administered by CBP. Within
DHS, CBP and TSA have responsibilities for securing inbound air cargo
and work together to identify high-risk cargo prior to the aircraft's
departure for the United States. CBP and TSA employ a layered security
approach to secure inbound air cargo, including using various risk
assessment methods to identify high-risk cargo and to mitigate any
risks posed.
For any aircraft required to make entry under 19 CFR 122.41 that
will have commercial cargo on board, an inbound air carrier or other
eligible party must transmit specified advance air cargo data to CBP.
See 19 CFR 122.48a. Under 19 CFR 122.48a, advance data pertaining to
air cargo
[[Page 52821]]
must be transmitted to CBP no later than the time of departure (when
the aircraft departs from certain foreign ports near the United States)
and four hours prior to arrival of the aircraft in the United States
(when the aircraft departs from any other foreign area). Under this
data transmission timeline, aircraft could depart from foreign ports
and be enroute to the United States prior to the transmission of air
cargo data or a risk assessment by CBP.
To address this issue, CBP published an IFR in 2018, establishing a
mandatory ACAS program that requires the transmission of certain
advance air cargo data earlier in the import process to the United
States. CBP's objective for the ACAS program is to obtain the most
accurate data at the earliest time possible with as little impact to
the flow of commerce as possible. CBP requires that ACAS data be
transmitted prior to the loading of cargo onto an aircraft departing
for the United States. This timeline is required to enable the
performance of a risk assessment for each cargo shipment and to conduct
the required screening. The earlier in the import process ACAS data is
transmitted, the sooner CBP can conduct risk assessments and
determinations can be communicated to air carriers and other trade
members, which minimizes the impact to operations. Obtaining this
import data in advance enables CBP to identify high-risk cargo before
the cargo is transported aboard an aircraft destined to the United
States. These ACAS requirements, in conjunction with the existing 19
CFR 122.48a data requirements and TSA's updated security programs,
enhance air cargo safety and security measures.
To provide added flexibility in the ACAS program, CBP allows for
any eligible party that has the most direct information about the data
elements to provide the information directly to CBP.\38\ However, the
air carrier is required to file the ACAS data if no other eligible
party elects to submit the data. The ACAS regulations divide the ACAS
data requirements into data elements. Mandatory data elements must be
transmitted in all circumstances. Conditional data elements must be
transmitted only in certain circumstances. The transmission of optional
data elements is recommended, but not required. CBP requires that ACAS
data be transmitted at the lowest air waybill level by all ACAS filers.
The ACAS data elements introduced through the publication of the 2018
IFR include (data elements are mandatory unless otherwise noted):
---------------------------------------------------------------------------
\38\ Eligible parties to provide ACAS data to CBP include
freight forwarders, Automated Broker Interface (ABI) filers,
Container Freight Station/deconsolidators, Express Consignment
Carrier Facilities, or the air carrier. CBP requires all ACAS filers
to meet the following requirements: establish the communication
protocol to properly transmit ACAS data to CBP through a CBP-
approved EDI system, possess the appropriate bond, have access to
report all of the originator codes that will be used to file ACAS
data, and provide 24 hours/7 days a week contact information
including a telephone number and email address that CBP can use to
notify and communicate as needed.
1. Shipper name and address \39\
---------------------------------------------------------------------------
\39\ The name and address of the foreign vendor, supplier,
manufacturer, or other similar party is acceptable. The address of
the foreign vendor, etc., must be a foreign address. The identity of
a carrier, freight forwarder, or consolidator is not acceptable.
---------------------------------------------------------------------------
2. Consignee name and address \40\
---------------------------------------------------------------------------
\40\ This is the name and address of the party to whom the cargo
will be delivered regardless of the location of the party; this
party need not be located at the arrival or destination port.
---------------------------------------------------------------------------
3. Cargo description \41\
---------------------------------------------------------------------------
\41\ A precise cargo description or the 6-digit Harmonized
Tariff Schedule (HTS) number must be provided.
---------------------------------------------------------------------------
4. Total quantity (based on the smallest external packing unit)
5. Total weight of cargo (expressed in lbs or kgs)
6. Air waybill number \42\
---------------------------------------------------------------------------
\42\ The air waybill number must be the same in the ACAS filing
and the 19 CFR 122.48a filing. The air waybill number is the
International Air Transport Association (IATA) standard 11-digit
number, as provided in 19 CFR 122.48a(d)(1)(i).
---------------------------------------------------------------------------
7. Master Air Waybill Number (MAWB) (conditional) \43\
---------------------------------------------------------------------------
\43\ The MAWB number is the IATA standard 11-digit number.
---------------------------------------------------------------------------
8. Second Notify Party (optional) \44\
---------------------------------------------------------------------------
\44\ Any secondary stakeholder or interested party in the
importation of goods to the United States, to receive shipment
status messages from CBP. This party does not have to be the inbound
air carrier or an eligible ACAS filer.
CBP also encourages ACAS filers to submit additional information
regarding any of the ACAS data or any data listed in 19 CFR 122.48a
that is not ACAS data. CBP and/or TSA may also require additional
information such as flight numbers and routing information to address
ACAS referrals for information. This information will be requested in a
referral message, when necessary.
As stated previously, CBP's objective with the ACAS program is to
obtain the most accurate data possible at the earliest point in the
import process. Therefore, CBP allows multiple parties to submit the
ACAS data and requires the ACAS data to be disclosed to the ACAS filer
by parties in the supply chain. If any third party that is not an
eligible ACAS filer possesses required ACAS data, that party must fully
disclose and present the required ACAS data to either the inbound air
carrier or other eligible ACAS filer for transmission to CBP. See 19
CFR 122.48b(c)(5). If no other eligible filer elects to submit the ACAS
data, then it is the inbound air carrier's responsibility to provide
the ACAS data to CBP. Even if another eligible party decides to submit
the ACAS data directly to CBP, the inbound air carrier may also elect
to file the ACAS data. The party that transmits the ACAS data to CBP
(the ACAS filer) is the party responsible for updating the information
if any data changes or more accurate information becomes available and
this party is also responsible for responding to any CBP questions or
referrals that may arise during the review of that ACAS data. CBP
requires ACAS filers to provide CBP with a telephone number and email
address that the filer must monitor 24 hours, 7 days a week to quickly
address any instructions or referrals that CBP issues. After ACAS data
is submitted to CBP, the ACAS filer receives a confirmation
message.\45\ CBP's ATS reviews each ACAS filing and uses targeting
strategies to identify filings that require additional review. ACAS
filings that are identified by ATS are then manually reviewed by a CBP
or TSA officer to determine if an ACAS referral or DNL instruction
should be issued. Once the determination is made by the CBP or TSA
officer, the ACAS filer is notified electronically.
---------------------------------------------------------------------------
\45\ If the ACAS filer designates a Second Notify Party, that
party will also receive the status notification (and any subsequent
status notifications).
---------------------------------------------------------------------------
There are two types of ACAS referrals that may be issued after an
officer manually reviews the ACAS filing information, a referral for
information and/or a referral for screening. The responsible party must
address any ACAS referrals no later than prior to the departure of the
aircraft to the United States. Until referrals are resolved, the
inbound air carrier is prohibited from transporting that cargo on an
aircraft destined to the United States. A referral for information is
issued after the ACAS filing is manually reviewed and determined to
have non-descriptive, inaccurate, or insufficient ACAS data, preventing
CBP from conducting a proper risk assessment.\46\ For these referrals,
the ACAS filer must resolve the referral by providing CBP with the
requested clarifying data. The last party to file the ACAS data is
responsible for addressing a referral for information because that
party is generally in the best position, relative to earlier filers, to
[[Page 52822]]
lead in correcting any data inconsistencies or errors.\47\
---------------------------------------------------------------------------
\46\ This can be due to typographical errors, vague cargo
descriptions, and/or unverifiable data.
\47\ For instance, when the inbound air carrier retransmits an
original ACAS filer's data and a referral for information is issued
after this retransmission, the inbound air carrier is responsible
for taking the necessary action to address the referral.
---------------------------------------------------------------------------
An ACAS referral for screening is issued after manual review of
ACAS data and the risk assessment concludes that the cargo presents an
elevated level of risk that warrants enhanced security screening. Once
a referral for screening is issued, the ACAS filer and/or the inbound
air carrier is required to respond with information on how the cargo
was screened in accordance with TSA-approved or accepted enhanced
screening methods.\48\ A referral for screening mandates that the ACAS
filer implement a higher security screening before the cargo can be
imported into the United States. The ACAS filer can perform the
necessary screening provided that it is a party recognized by TSA to
perform screening. If the ACAS filer is a party other than the inbound
air carrier and chooses not to perform the screening, or is not a party
recognized by TSA to perform screening, then that ACAS filer must
notify the inbound air carrier of the referral for screening. Once the
inbound air carrier is notified of the unresolved referral for
screening, the inbound air carrier must perform the enhanced screening
required, and/or provide the necessary information to TSA and/or CBP to
resolve the referral for screening.\49\ The ultimate responsibility to
resolve any outstanding referral for screening is placed on the inbound
air carrier because that is the party with physical possession of the
cargo prior to the departure of the aircraft.
---------------------------------------------------------------------------
\48\ All inbound cargo must be screened in accordance with the
TSA-approved or accepted enhanced screening methods contained in the
carrier's security program.
\49\ If a screening is not performed, TSA will follow up with
any administrative action against the ACAS filer.
---------------------------------------------------------------------------
If it is determined during a manual review of ACAS data that the
cargo contains a potential immediate and lethal threat to an aircraft
and/or its vicinity, CBP will issue a DNL instruction. If a DNL is
issued, the cargo must not be loaded onto the aircraft. If a DNL were
issued, it would pose significant costs to the airline and their
customers. Since the implementation of the 2018 ACAS IFR, CBP has
limited the issuance of DNL orders by working closely with carriers and
other ACAS filers to resolve issues as they arise; however, CBP
reserves the right to issue a DNL when necessary. Additionally, a DNL
prohibits any party that currently has physical possession of that
cargo from transporting that cargo until further guidance is received
from law enforcement authorities. When a DNL is issued, the ACAS filer
will be contacted by CBP and TSA using the 24/7 contact information
that must be provided for all eligible filers. CBP has defined the
process described above as the baseline scenario, the environment since
the 2018 ACAS IFR was implemented. The analysis of this IFR attempts to
measure any incremental costs, cost savings, or benefits compared to
the baseline scenario.
Since 2018, the ACAS program has improved CBP's ability to ensure
cargo safety and security; however, security concerns have expanded
while the amount and quality of information mandated to be transmitted
has remained static. As an example of expanding security concerns, in
recent months, there have been heightened concerns about unconventional
incendiary devices being sent in parcels which have avoided detection
and have caught fire while in transit.\50\ Experience has shown that
the existing ACAS regulations require further refinement for CBP to
effectively identify high-risk cargo.\51\ CBP believes an expansion of
the required ACAS data elements is needed to conduct effective pre-
loading cargo screening and targeting measures. This rule will require
inbound air carriers or other eligible filers to transmit this
additional data in advance of loading so that appropriate security
vetting can occur.
---------------------------------------------------------------------------
\50\ See, e.g., German Firms Warned of Packages Containing
Incendiary Devices, Reuters (Aug. 30, 2024), <a href="https://www.reuters.com/world/europe/german-security-services-warn-danger-packages-containing-incendiary-devices-2024-08-30/">https://www.reuters.com/world/europe/german-security-services-warn-danger-packages-containing-incendiary-devices-2024-08-30/</a> (last visited
October 18, 2024).
\51\ Other countries, including Australia and Canada, have also
taken steps to increase security measures on inbound air freight
shipments in recent months.
---------------------------------------------------------------------------
2. Enhanced ACAS Filing
Since 2018, air cargo imports to the United States have evolved and
increased significantly in volume. CBP determined that additional ACAS
data requirements are needed to ensure the safety and security of air
cargo entering the United States. To enhance CBP's ability to identify
high-risk cargo, prevent that cargo from being loaded onto aircraft
destined for the United States, and prevent aircraft with high-risk
cargo onboard from departing a foreign country and entering the United
States, CBP is introducing the enhanced ACAS filing which contains
additional data element requirements. CBP will continue to use ATS for
screening and risk assessment. Based on targeting results, CBP and TSA
officers will continue to review certain ACAS shipments and issue
referrals for information, referrals for screening, and DNL
instructions, as discussed above in the baseline. Additionally, ACAS
filers and other parties involved in the supply chain must meet the
same requirements as established in the 2018 ACAS IFR, and will
continue to be subject to penalties and/or claims for liquidated
damages of $5,000 for each violation up to a maximum of $100,000 per
conveyance arrival for noncompliance with the enhanced ACAS filing.\52\
---------------------------------------------------------------------------
\52\ See 83 FR 27392 (Jun. 12, 2018) (discussing amendments to
the relevant bond conditions to account for enforcement of ACAS
requirements).
---------------------------------------------------------------------------
The enhanced ACAS filing will include new mandatory and conditional
data elements, in addition to the existing ACAS data elements, which
must be transmitted no later than prior to the loading of cargo onto an
aircraft that is departing a foreign port bound for the United States.
ACAS filers must transmit ACAS data elements at the lowest air waybill
level. These data elements can be provided by any eligible ACAS filer;
however, if any party in the supply chain does not elect to provide the
enhanced ACAS filing data, then it must be provided by the air carrier
within the ACAS time frames. CBP lists the new mandatory and
conditional ACAS data elements below:
1. Consignee email address (mandatory)
2. Consignee phone number (mandatory)
3. Shipment packing location and/or scheduled shipment pickup location
(mandatory)
4. Ship to party (mandatory)
5. Verified Known Consignor (conditional)
6. Shipper email address (conditional)
7. Shipper phone number (conditional)
8. Customer account name (conditional)
9. Customer account issuer (conditional)
10. Customer account number (conditional)
11. Customer account shipping frequency/volume (conditional)
12. Customer account establishment date (conditional)
13. Customer account billing type (conditional)
14. Unmasked internet protocol (IP) address or media access control
(MAC) address of the device used during account creation (conditional)
15. Unmasked internet protocol (IP) address or media access control
(MAC) address of the device used to initiate the shipping transaction
and the unmasked IP address or MAC address of the device used to
[[Page 52823]]
file the ACAS filing each time an ACAS filing is submitted
(conditional)
16. Shipping cost (conditional)
17. Biographic data (conditional)
18. Link to product listing (conditional)
In addition to the data elements listed above, CBP is also revising
the list of optional data elements. Under the 2018 IFR, CBP encouraged
ACAS filers to transmit data elements that are not required or
additional information regarding data elements. CBP continues to
encourage these transmissions; however, CBP determined that additional
guidance was needed in the form of new optional data elements. CBP
continues to encourage the transmission of additional optional data
when available. CBP believes that filers will provide the optional
information if it is collected already and poses no extra burden to
collect. The additional information will further help CBP target high-
risk shipments. Higher levels of security will benefit trade members
who have valuable assets, such as aircraft, involved in the supply
chain. CBP lists the new optional data elements below:
1. Origin of shipment
2. Declared value
3. Harmonized commodity code
4. Transaction type
5. Special handling type
6. Customer account email address
7. Customer account phone number
8. Shipper Manufacturer Identification (MID) code or Authorized
Economic Operator (AEO) number
9. Consignee importer of record number
10. Regulated agent name, address, and code
11. ACAS filing type
This IFR will implement the addition of the enhanced data elements
and the retention of biographic data as noted in the regulatory text.
The process and requirements to complete an ACAS filing will continue
in the same manner as the baseline scenario prior to this IFR, but now
with the additional data elements.
3. Population Affected by Rule
CBP expects that this IFR will affect a number of different trade
members that engage in importing cargo into the United States in the
air environment. CBP expects that this IFR will affect all air carriers
currently participating in importing cargo into the United States and a
number of other trade members, such as freight forwarders, involved in
the process of importing cargo into the United States in the air
environment. In the regulatory impact analysis for the ACAS IFR
published in 2018, CBP expected there would be 293 unique ACAS filers
affected by the IFR, including passenger carriers, cargo carriers,
express carriers, and freight forwarders. CBP was able to obtain the
number of unique ACAS filers for fiscal years 2020 through 2024.\53\
The number of unique filers declined after the COVID-19 pandemic, but
is now trending upward toward, and remaining close to, pre-pandemic
levels. CBP anticipates that the number of unique ACAS filers will
remain relatively constant in the future because trade members that
will transmit enhanced ACAS data are already involved in transmitting
ACAS data to CBP. The level of ACAS filers has reached pre-pandemic
levels and CBP believes it will remain constant at this rate.\54\ CBP
assumes that the number of filers will remain constant, and that this
IFR will affect 281 trade members acting as ACAS filers, largely
including passenger carriers, cargo carriers, express carriers, and
freight forwarders. CBP anticipates that this IFR will also affect a
large number of other trade members, including freight forwarders and
customs brokers, that are involved in the process of importing cargo
into the United States in the air environment.
---------------------------------------------------------------------------
\53\ Data obtained from CBP, National Targeting Center, Cargo
Division, subject matter expert on Oct. 3, 2024. Number of unique
ACAS filers per fiscal year: 2020--295, 2021--204, 2022--227, 2023--
244, 2024--281.
\54\ Information obtained from CBP, National Targeting Center,
Cargo Division, subject matter expert on Oct. 7, 2024.
---------------------------------------------------------------------------
CBP also anticipates that this IFR will affect a number of software
vendors that provide data processing services to the trade community.
These companies will need to adjust their systems to incorporate the
additional enhanced ACAS data elements for their clients to provide the
enhanced ACAS data elements to CBP. CBP expects that around 50 software
vendors will be affected as a result of this IFR.\55\
---------------------------------------------------------------------------
\55\ CBP, ABI Software Vendors (Sept. 26, 2024), <a href="https://www.cbp.gov/document/guidance/abi-software-vendors-list">https://www.cbp.gov/document/guidance/abi-software-vendors-list</a> (last
visited Oct. 21, 2024). CBP assumes that ABI software vendors that
act as Entry Vendors or Entry Service Bureaus would be affected by
this IFR.
---------------------------------------------------------------------------
4. Time Period of Analysis
To estimate the effects from this IFR, CBP examines costs and
benefits to CBP, air carriers, and other trade members involved in the
process of importing cargo into the United States in the air
environment during a 10-year period of analysis from fiscal years 2024-
2033 compared to the baseline scenario (prior to requiring the enhanced
ACAS filing data elements). Though this rule was not in place in 2024,
many of the affected parties incurred costs in 2024 in anticipation of
this rulemaking, so we use 2024 as the first year of the analysis to
capture all relevant costs. Moving forward in this analysis, all
references to years are for fiscal years unless otherwise noted.
5. ACAS Filings, Referral Data, and Projections
CBP anticipates that this IFR will not affect the annual number of
ACAS filings submitted to CBP but may increase the time burden incurred
by trade members when submitting the additional data elements for each
ACAS filing.\56\ To determine how many ACAS filings will be submitted
in future years, CBP examined recent trends in the number of ACAS
filings. CBP was able to identify the actual number of ACAS filings
submitted to CBP by air carriers and other trade members from 2020-
2024.\57\ Additionally, as an ACAS filing may be resubmitted several
times prior to departure, we differentiate between the number of total
ACAS filings and the number of unique ACAS filings. Total ACAS filings
are the total number of submissions in a given year and unique ACAS
filings are the total number minus any resubmissions. We make this
differentiation to ensure that the time burden of submitting an ACAS
filing is not double counted.\58\
---------------------------------------------------------------------------
\56\ CBP expects that this IFR will increase the number of data
elements that need to be included in the ACAS filings. CBP does not
expect that this IFR will result in additional or fewer ACAS filings
when compared to the baseline scenario.
\57\ Information obtained from CBP, National Targeting Center,
Cargo Division, subject matter expert on Oct. 3, 2024.
\58\ Trade members have noted that they resubmit data at
specific intervals regardless of new information being added to the
filing. For example, an air carrier may submit the ACAS filing 12
hours before departure and then resubmit 8 hours before departure.
In these cases, resubmitting the same data would not increase the
time burden because the resubmission is automated. CBP filters data
for unique filings to ensure that this time burden is not double
counted.
---------------------------------------------------------------------------
First, we estimate the actual unique number of ACAS filings from
2020-2024 and CBP's estimates for the future number of unique ACAS
filings in Table 4. According to CBP data, the number of ACAS filings
have been increasing as e-commerce has increased significantly,
resulting in a higher volume of shipments to the United States in the
air environment. In 2020, there were a total of 237,778,028 unique ACAS
filings and filings increased by 108 percent in 2021 to 493,447,602.
Growth slowed in 2022 as unique ACAS filings only increased by 2
percent to 504,948,978, but ACAS filings increased by 53 percent in
2023, and by 62 percent in 2024 when there were 1,249,182,643 ACAS
filings. CBP subject matter experts anticipate that the
[[Page 52824]]
annual number of unique ACAS filings submitted will continue to
increase in future years as e-commerce continues to grow; however, CBP
does not expect unique ACAS filings to increase at the same rate as
2023 and 2024. The rapid growth of ACAS filings was tied to the
increase of direct business to consumer shipments, the COVID-19
pandemic, and the increase in the administrative exemption limit from
$200 to $800 (commonly referred to as the de minimis limit). CBP
believes that consumers have already adjusted their behavior to these
factors and that the rapid growth will not continue for the next 5
years. CBP also notes that ongoing policy developments, including
recent Executive Order 14324 which eliminated the tariff exemption for
de minimis shipments starting August 29, 2025, could have significant
effects on the number of unique ACAS filings.\59\ Since it is too soon
to determine the full impact of such factors affecting the volume of
shipments, CBP presents a range of estimates for the possible number of
future unique ACAS filings that will be submitted.
---------------------------------------------------------------------------
\59\ See, e.g., E.O. 14256, Further Amendment to Duties
Addressing the Synthetic Opioid Supply Chain in the People's
Republic of China as Applied to Low-Value Imports, 90 FR 14899 (Apr.
7, 2025).
---------------------------------------------------------------------------
To estimate how many unique ACAS filings will be submitted in
future years, CBP provides a primary, low, and high estimate. CBP
acknowledges that currently there is significant uncertainty on how
ongoing and future policy developments will affect the number of unique
ACAS filings. Specifically, this uncertainty refers to the effects of
changing tariff rates and the elimination of the de minimis tariff
exemption. It is too early to know exactly how trade members will
react, but CBP expects there could be a significant drop in the number
of unique ACAS filings as a result of this policy change. Thus, CBP
addresses this uncertainty by providing a wide range of estimates. As
CBP's primary estimate for the number of unique ACAS filings that will
be submitted in future years, CBP assumes the number of unique ACAS
filings will mirror gross domestic product (GDP) growth each year in
the future. CBP models growth in unique ACAS filings using the GDP
projection developed by the Energy Information Administration (EIA) for
its ``Annual Energy Outlook 2023.'' \60\ EIA projects real annual GDP
growth ranging from 1.56 percent to 2.11 percent for years 2025 through
2033 (see Table 3). CBP acknowledges that due to uncertainty from
ongoing policy developments, the actual number of unique ACAS filings
submitted could be more or less than what CBP expects. CBP's high
estimate shows how many unique ACAS filings would be submitted in
future years if the number of ACAS filings increases by 5 percent
annually (CBP's high estimate). CBP's low estimate assumes that the
elimination of the tariff exemption in 2025 could result in a
significant decrease (15%) in the number of unique ACAS filings in the
first year as trade adjusts to policy changes. Then CBP assumes that
the number of unique ACAS filings would continue slowing by 1 percent
each year, as ongoing trade policy developments could decrease the
overall number of unique ACAS filings despite increasing economic
growth. According to CBP's primary estimate, in future years (2024-
2033), trade members will submit a total of 12.3 billion unique ACAS
filings or, on average, 1.4 billion annually. CBP's low and high
estimates suggest that the number of unique ACAS filings in future
years of the period of analysis could range from 9.2 billion to 14.5
billion or, on average, trade members will submit 1.0 billion to 1.6
billion unique ACAS filings annually. CBP acknowledges that it is too
early to tell what the effect of ongoing policy decisions will be on
the number of unique ACAS filings in future years, and CBP intends to
revisit these estimates for the number of future unique ACAS filings in
the final rule.
---------------------------------------------------------------------------
\60\ U.S. Energy Information Administration, Macroeconomic
Indicators: Real Gross Domestic Product (Reference Case), <a href="https://www.eia.gov/outlooks/aeo/data/browser/#/?id=18-AEO2023&cases=ref2023&sourcekey=0">https://www.eia.gov/outlooks/aeo/data/browser/#/?id=18-AEO2023&cases=ref2023&sourcekey=0</a> (last visited Nov. 14, 2024).
---------------------------------------------------------------------------
BILLING CODE 9111-14-P
[GRAPHIC] [TIFF OMITTED] TR21NO25.016
[[Page 52825]]
[GRAPHIC] [TIFF OMITTED] TR21NO25.017
BILLING CODE 9111-14-C
Next, we estimate the total number of ACAS filings from 2020-2024
and CBP's estimates for the future number of total ACAS filings,
including resubmissions, in Table 5. According to a sample of
historical data, there are 12.5 resubmissions for every 100 unique ACAS
filings.\62\ We use this estimate to calculate the estimated total
number of ACAS filings from 2020-2024 by multiplying the unique number
of filings by 1.125 (1+0.125). CBP subject matter experts anticipate
that the total rate of resubmissions will remain constant in future
years. This analysis will apply the ra
[…truncated; see source link]Indexed from Federal Register on November 21, 2025.
This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.