LegisTrack
Back to Executive Orders
Executive Order 14086Executive Order

Enhancing Safeguards for United States Signals Intelligence Activities

Donald J. Trump
Signed: Oct 7, 2022
Published: Oct 14, 2022
Federal Register
Standard Summary
Comprehensive overview

Executive Order 14086, titled Enhancing Safeguards for United States Signals Intelligence Activities, establishes a comprehensive framework to govern U.S. signals intelligence (SIGINT) activities with stronger privacy and civil liberties safeguards. Issued by President Biden, the order directs intelligence community agencies to ensure that SIGINT is authorized by statute or presidential directive, tightly tailored, and conducted under robust oversight. It introduces new or strengthened mechanisms for privacy protections, emphasizes minimization and data handling standards, requires prioritization and validation of collection efforts, and creates a formal redress process for complaints from foreign authorities, including a data protection review process with an independent court-like body. The order also targets greater transparency by requiring timely updates to policies and, where possible, public release of those policies. Overall, it seeks to balance national security needs with privacy protections for individuals, including non-U.S. persons. Key components include a detailed set of legitimate objectives for SIGINT, explicit prohibitions on certain uses, rigorous privacy safeguards (including minimization, data handling, retention, and access controls), enhanced oversight (including PCLOB involvement and internal compliance roles), a formal redress mechanism for qualifying complaints, and the creation of a Data Protection Review Court to review contested determinations and remediation decisions. The order also establishes timelines for updating policies, publishing procedures, and implementing the new oversight and review processes.

Key Points

  • 1Principles for SIGINT activities
  • 2- SIGINT must be authorized by statute or Presidential directive and conducted consistent with the Constitution and applicable laws, with privacy and civil liberties integral to planning and execution.
  • 3- Activities must be necessary to advance a validated intelligence priority, proportionate to that priority, and subject to rigorous oversight.
  • 4Objectives and prohibitions
  • 5- Legitimate objectives include understanding foreign governments, organizations, transnational threats, terrorism, cybersecurity, protection of personnel, and other national security aims.
  • 6- The President may update the objectives; updates must be publicly released unless risk to national security is present.
  • 7- Prohibited objectives include suppressing dissent or privacy rights, limiting legal counsel, or discriminating on the basis of ethnicity, race, gender, religion, etc.
  • 8- It is not a legitimate objective to collect foreign private commercial information solely to give U.S. companies a competitive advantage.
  • 9Validation and prioritization
  • 10- The Director of National Intelligence (through the National Intelligence Priorities Framework, NIPF) must obtain a Civil Liberties Protection Officer (CLPO) assessment before presenting priorities to the President, ensuring priorities comply with privacy protections and do not contravene prohibited objectives.
  • 11Privacy and civil liberties safeguards
  • 12- Collection: must be necessary to advance a validated priority; alternatives and less-intrusive methods should be considered; collection should be as tailored as feasible to minimize privacy impacts.
  • 13- Bulk collection: to be used only when necessary to advance a priority and when targeted collection cannot obtain required information; data minimization measures must limit data to what is necessary.
  • 14- Handling of personal information: strict minimization, limitations on dissemination (especially of non-U.S. persons’ data), retention limits, and robust data security controls; restrictions on access to authorized personnel with proper training.
  • 15- Data quality and query controls: ensure accuracy, avoid inappropriate uses, and govern how bulk-collected data may be queried.
  • 16- Documentation: agencies must document the basis for collection and the need to advance a priority to aid oversight.
  • 17Policies, publication, and oversight
  • 18- Existing policies under PPD-28 will be used until updated; updates must be completed within 1 year and publicly released to the extent consistent with protecting sources and methods.
  • 19- The Privacy and Civil Liberties Oversight Board (PCLOB) will review updated policies; agencies must consider and implement PCLOB recommendations within 180 days of their review.
  • 20Compliance, training, and significant incidents
  • 21- Each IC element must have senior legal, oversight, and compliance officials (including an Inspector General and a Privacy and Civil Liberties Officer) with broad access to necessary information.
  • 22- Training requirements for all personnel with SIGINT access; prompt reporting of significant incidents of non-compliance and remediation measures.
  • 23Redress mechanism for foreign complaints (Section 3)
  • 24- Establishes a process to handle qualifying complaints from appropriate public authorities in qualifying states about U.S. SIGINT activities.
  • 25- The process includes initial CLPO review, remediation decisions, and classified reporting to the relevant authorities, with potential for review by the Data Protection Review Court.
  • 26Data Protection Review Court (DP Court)
  • 27- The Attorney General will establish a DP Court to review CLPO determinations.
  • 28- A three-judge panel with security clearances will hear applications for review, with a special advocate to represent complainants’ interests.
  • 29- The DP Court's findings influence remediation decisions and have binding effect unless overridden by the court.
  • 30Documentation and transparency
  • 31- Agencies must maintain documentation supporting SIGINT activities and remediation actions to facilitate oversight and redress processes.
  • 32Savings clause
  • 33- The order does not limit SIGINT techniques authorized under the National Security Act, FISA, EO 12333, or other laws, provided activities comply with this order’s safeguards.
  • 34Timelines
  • 35- Within 1 year: update and publicly release policies and procedures to implement the order’s safeguards.
  • 36- Within 60 days: AG to promulgate regulations establishing the Data Protection Review Court.
  • 37- Within 60 days: process for handling qualifying complaints to be established.
  • 38- PCLOB reviews to be conducted within 180 days of completed policy updates.
Generated by gpt-5-nano on Oct 3, 2025