Get extra lift from AOPA. Start your free membership trial today! Click here
News & Media Inside the flight training security rule

Inside the flight training security rule

November 26, 2024 By Dan Hassing

AOPA has received several calls from members who are flight instructors seeking guidance on how to comply with the Transportation Security Administration’s (TSA’s) new Flight Training Security Program (FTSP) Rule. The rule became effective July 30, though it gave flight training providers until November 1 to designate and register their security coordinators with the TSA.

Photo by Chris Rose.
Photo by Chris Rose.

All flight schools and individual flight instructors are defined as “flight training providers” under the rule.  This includes those who provide flight training or flight training equipment (simulators) and those who lease flight training equipment.

Providing flight training

Flight schools and individual certificated flight instructors who wish to provide flight training must first determine whether the instruction a person seeks is subject to the rule’s requirements. The rule applies to the following training events:

  • Initial pilot certification, whether a private, recreational, or sport pilot certificate.
  • Instrument rating.
  • Multiengine rating.
  • A type rating.
  • Recurrent training to maintain or renew a pilot certificate or type rating already held by a pilot.

The rule does not apply to any other training a pilot may seek. In other words, unless a pilot is seeking training within one of these categories, the rules regarding security threat assessments do not apply.

Assuming the type of training sought is within the rule, a flight training provider must next determine whether an individual is a U.S. citizen or national. If the person seeking training is a U.S. citizen, the flight training provider may provide training to the student. As indicated below, the flight training provider should retain records showing that the student’s citizenship was verified. This record could be a statement in the student’s and flight training provider’s logbooks.

If the student is not a citizen, the flight training provider should determine whether the student is a Department of Defense designee. Such designees are exempt from the TSA’s security threat assessment requirement. A flight training provider can use the FTSP Portal to verify that an applicant is a DOD designee.

If the prospective student is neither a citizen nor a DOD designee, a flight training provider must notify the TSA of the start of any training events. The flight training provider must provide the information necessary under 49 CFR 1552.51, including a photograph of the candidate. Once the information has been submitted, flight training may begin if more than 30 days have passed since the TSA acknowledged receipt of the information. A waiting period applies if the candidate was eligible for expedited processing (per 1552.51(f)(2)). The flight training provider must advise the TSA whether the training was completed and, if it was not, the reason why training was not completed.

Appointing a security coordinator

Flight training providers must also designate a security coordinator. This designee is intended to be a rapid point of contact for the TSA in the event of an emergency and should be accessible to the TSA at any time. Even if not providing flight training to non-U.S. citizens, flight schools and individual instructors must appoint a security coordinator. If you are a one-person flight training provider, you can function as your own security coordinator. Flight training providers should use the FTSP Portal to designate a security coordinator.

It is expected that the security coordinator will actively review TSA updates and security advisories and include that information in security awareness training.

Providing security awareness training

The new rule also requires all flight training providers to give security awareness training to their employees. This requirement includes both initial security training and refresher security training. Initial security awareness training must be given to employees within 60 days of hiring.

Initial security awareness training is available via AOPA’s General Aviation Security course, via a third party, or through a course designed by the flight training provider itself.

Refresher security training must be provided at least every two years. The security awareness training must cover the topics outlined in 49 CFR 1552.13. The TSA envisions security awareness training as a module that will evolve over time, with information updated to respond to threats that are identified. To that end, the TSA does not intend for the refresher course to simply repeat the initial training, but rather to address information specific to the flight training provider (i.e. security protocols, examples of security incidents, and other topics).

Recordkeeping

There are also recordkeeping requirements that are outlined in 49 CFR1552.15. Flight training providers must retain the following records for at least five years after the record is created:

  • Records showing that employees have undergone security awareness training. Records must also be kept for former employees, although records for former employees need only be retained for one year instead of five.
  • Records that demonstrate candidates’ flight training eligibility.
  • Records showing that the flight training provider verified a student’s U.S. citizenship. This record can include a statement in the provider’s logbook and the student’s logbook.
  • DOD endorsement records showing that the flight training provider verified the endorsee’s identity.

FTSP Portal

There has also been some confusion over whether flight training providers must create accounts on the FTSP Portal. The answer is that, if a flight training provider is actively providing instruction to any students (whether foreign or not), they must register through the FTSP Portal. AOPA recommends that ALL flight instructors register, even if they are inactive, in order to avoid a future oversight.

Also, the rule requires that flight training providers provide information regarding their security coordinator through the FTSP Portal. Since all flight training providers must have a security coordinator, they all must have an FTSP Portal account.

Conclusion

In short, all flight training providers are affected by the rule. Even those who train only U.S. citizens or nationals are required to register on the FTSP Portal, verify U.S. citizenship, and retain records for five years. They also must designate a security coordinator and provide initial and biennial security awareness training to their employees. When flight training providers are training non-citizen candidates, the requirements become more complicated.

While this article is intended to provide an overview, AOPA’s Pilot Information Center can assist members who are unsure of how the rules may be applied to a particular situation. Further help is available on the FTSP website.

Dan Hassing
Daniel Hassing is an in-house attorney with AOPA’s Legal Services Plan who counsels Plan members on a daily basis. He is a private pilot and a Part 107 UAS pilot. Before joining AOPA’s Legal Service Plan, Dan worked at a firm for 10 years, litigating cases across the United States. Dan also clerked for a Justice of the Nebraska Supreme Court for two years. Dan received his law degree at the University of Nebraska College of Law and received his bachelor’s degrees at the University of Nebraska-Omaha. In his free time, Dan enjoys spending time with his family, flying, and golf.
Go to Dan Hassing's Profile
Topics: Advocacy, Pilot Regulation, Security

Related Articles