On Friday, August 22, 2025, the United States Court of Appeals for the District of Columbia Circuit issued its opinion in the City of Billings, et. al. v. Transportation Security Administration (City of Billings). The court vacated the Transportation Security Administration (TSA) Aviation Worker Screening (AWS) National Amendment requiring airport operators to screen aviation workers that have unescorted access to secured airport areas for weapons and other dangerous items before these employees enter secured areas for work. The court found the TSA failed to provide the public notice of the new rule or allow for public comment in accordance with the Administrative Procedure Act (APA). See 5 U.S.C. § 553(b). The APA requires federal agencies follow specific procedures in promulgating rules or taking other administrative actions, to include notice and comment in some circumstances.

The court stayed issuance of its order until TSA either completes an appropriate rulemaking process or decides to forgo the rule. Bottom line – the requirements remain in place until TSA decides to follow proper rulemaking procedure or determines that the requirements are not necessary. The decision requires the agency to report status of the rulemaking to the court every 60 days. What is not clear at this point is what the court will deem acceptable progress and what action the court will take if it believes the TSA has not taken acceptable steps to remediate the rulemaking.

This note will explore what the decision means for AWS, for TSA regulations in general, and what airport operators should be thinking about in terms of managing their airport security programs (ASPs).

What does the decision mean for AWS from a TSA Perspective?

The court decision means that TSA will need to go back to the drawing board for AWS. The agency will need to decide whether to pursue rulemaking, identify an alternative solution, or scrap AWS altogether.

TSA pursuing rulemaking for AWS is not guaranteed for three reasons. First, federal rulemaking is currently a politically charged topic. The Trump Administration has made clear it opposes further government regulation and will require agencies to repeal 10 regulations for every new regulation. See Executive Order 14192. TSA will need to argue an exemption to this Trump Administration Executive Order or identify 10 regulations to cut to pursue a new rulemaking.  

Second, TSA will need to consider its administrative ability to manage a rulemaking process. The rulemaking will need to closely align with APA requirements to defend the rulemaking against a potential second round of challenges. This will require TSA to devote significant resources to the administrative rulemaking process likely at the cost of other priorities. The agency may find the costs and burden of rulemaking do not outweigh the benefit of the AWS rule.

Third, the APA processes require Office of Management and Budget (OMB) review where the rule is deemed significant. Therefore, the TSA will likely need to follow the additional step of seeking OMB approval. If TSA chooses to move forward with rulemaking without OMB review, airport operators will have grounds to challenge the rulemaking. With the current Trump Administration position regarding rulemaking, resource burden, and need to engage OMB, TSA has an uphill battle to convince appropriate government officials that rulemaking is beneficial here.

TSA will also need to consider International Civil Aviation Organization (ICAO) requirements and negotiations in determining how to move forward. The European Union pushed hard through ICAO for the U.S. to adopt AWS. TSA dropping the AWS requirement may have implications on other ICAO or bilateral negotiations such as One Stop Security.

TSA may alternatively consider moving forward with the AWS as an interpretive rule. Airports will not be required to implement AWS but TSA will be on record supporting the measures as beneficial to aviation security. An airport that chooses not to implement AWS in this scenario may face challenges if an incident occurs at their airport. The airport will need to defend why it has not implemented the TSA recommended program and justify what measures it has in place to mitigate the vulnerability.

What should airports do regarding AWS?

Airport operators are now in a wait-and-see period as TSA decides how to proceed. Airports must consider how they will move forward with AWS investments, such as acquiring and deploying explosive-detection equipment.  

Airport should expect that TSA may pursue enforcement actions under the current rule during this transition period if TSA deems such action necessary. The rule is in place and therefore TSA may argue they can enforce. Airport operators should consult counsel to identify an appropriate strategy to manage this gray area during the transition.

Can airports challenge other TSA regulations?

Simply put, yes. The court’s decision lays the groundwork for challenging TSA requirements by finding that TSA does not have the statutory authority to subvert APA requirements when implementing a legislative rule. Legislative rules typically cause “a substantive change in existing law or policy” and have the “force and effect of law”. See City of Billings pg. 8. Alternatively, interpretive rules lack the force of law and provide an agency’s interpretation or guidance of preexisting legal obligations. Id. Legislative rules must follow APA requirements whereas interpretive rules do not require any procedure. Airports can challenge TSA rules on the basis that TSA has failed to follow proper notice and comment procedures. Therefore, TSA rules are interpretive in nature rather than legislative with the force of law.

Airports have always raised frustration with how TSA uses Security Directives and ASP Amendments to impose new security requirements on airport operators. Security Directives were intended to address threat assessments or imminent security threats. See Aviation Transportation Security Act 49 U.S.C. 114. In practice, TSA has used Security Directives to implement permanent security requirements without an apparent use of the checks intended by Congress. Airport operators can reasonably argue TSA has exceeded its statutory authority and subverted APA requirements by implementing permanent security requirements that have the force of law through the Security Directive process.

Similarly, ASP amendments, as discussed in City of Billings, do not subvert TSA’s responsibility to follow APA rules when implementing a new requirement that will have the force of law. Amendments provide an avenue for TSA to work with an airport and amend its ASP where safety and the public interest require. See 49 CFR §1542.105(C). This does not open the door to imposing new security requirements but rather amending practices and procedures within pre-existing requirements.

Airport operators should review their ASPs with counsel and consider potential strategies to address practices and procedures that TSA has required they implement.

Why didn’t the court vacate the rule immediately?

The court pointed to the potential for security risks in absence of the rule as justification for its exception to stay the mandate. This decision fails to provide airports necessary relief from this burdensome requirement, but this is not surprising as many entities unquestionably defer to TSA when TSA states a security concern exists.

‍