RegImpact
federal registerproposed· Published 5/6/2026

Intent To Request Extension From OMB of One Current Public Collection of Information: Security Threat Assessment for Individuals Applying for a Hazardous Materials Endorsement for a Commercial Driver's License

The Transportation Security Administration (TSA) invites public comment on one currently approved Information Collection Request (ICR), Office of Management and Budget (OMB) control number 1652-0027, abstracted below, which we will submit to OMB for an extension in compliance with the Paperwork Reduction Act (PRA). The ICR describes the nature of the information collection and its expected burden. The collection involves a driver's voluntary submission of biometric and biographic information for TSA's Security Threat Assessment (STA) to obtain the Hazardous Materials Endorsement (HME) on a Commercial Driver's License (CDL) issued by states and the District of Columbia.

What this rule actually says

The TSA is updating paperwork requirements for people who want a Hazardous Materials Endorsement (HME) on their commercial driver's license. The rule clarifies what biometric and background information the TSA can collect from applicants—things like fingerprints, photos, and criminal history—to assess whether someone is a security threat. This is a procedural update about *how* the TSA collects this data, not a new restriction on who can get an HME.

Who it applies to

  • If you're building AI for transportation or logistics: You handle driver data, background checks, or licensing compliance → monitor this.
  • If you're building AI for hiring in transportation: You screen commercial driver applicants → this is relevant.
  • If you're building hiring tools, medical scribes, or chatbots outside transportation: This does NOT apply to you.
  • Jurisdiction: This applies everywhere in the US (all states and DC issue CDLs).
  • Data scope: The rule only covers biometric/biographic data collected *during the HME application process*. It doesn't govern how your AI product uses driver data after collection.

What founders need to do

  1. Check if your product touches HME screening (1-2 hours): Does your AI help employers, testing centers, or state agencies process HME applications? If no, stop here.
  1. Review the TSA's updated data collection requirements (2-3 days): Once finalized (expected late 2026), read the full rule to understand what biometric data you must request, store, or validate. Update your data collection flow if needed.
  1. Update privacy disclosures (1-2 days): If you collect or process biometric data for HME applicants, ensure your privacy policy explicitly mentions TSA compliance and what data you share with them.
  1. Coordinate with your compliance team (ongoing): If you're selling to state DMVs or transportation companies, confirm they understand the new TSA requirements. You may need to adjust contracts or data-handling agreements.
  1. Monitor comment period (1 week): Public comments close ~30 days after publication (by early June 2026). If this significantly affects your product, consider submitting feedback through regulations.gov.

Bottom line

Unless you're specifically building tools for commercial driver licensing or HME security assessments, ignore this—but transportation-focused founders should monitor the rule's finalization in late 2026 and prepare a compliance review by Q4 2026.