C-TPAT and Container Security Initiative — Supply Chain Security Programs
The SAFE Port Act of 2006 (codified at 6 U.S.C. Chapter 3) established the federal framework for securing the international maritime supply chain. Its two central programs are the Container Security Initiative (CSI) — which stations U.S. Customs and Border Protection (CBP) officers at foreign ports to screen high-risk containers before they board ships bound for the U.S. — and the Customs-Trade Partnership Against Terrorism (C-TPAT) — a voluntary trusted-trader program that gives participating importers, carriers, and logistics providers expedited CBP processing in exchange for meeting rigorous supply chain security standards. Together with the Automated Targeting System (ATS), which analyzes advance cargo data to flag high-risk shipments, these programs form the backbone of how the U.S. screens roughly 11 million containers arriving at seaports each year. For the general CBP import framework, see U.S. Customs & Import Procedures.
Current Law (2026)
| Parameter | Value |
|---|---|
| Core statute | 6 U.S.C. §§ 941-985 (SAFE Port Act of 2006) |
| Administered by | U.S. Customs and Border Protection (CBP) |
| C-TPAT participants | ~11,500 certified partners (importers, carriers, brokers, freight forwarders, foreign manufacturers) |
| CSI ports | 60+ foreign seaports with CBP officer presence |
| ATS screening | 100% of container shipments receive an ATS risk score before arrival |
| High-risk scanning | 100% of high-risk containers must be scanned or physically searched (§ 982) |
| 100% scanning goal | 100% scanning of all inbound containers — statutory goal, repeatedly waived in practice |
| C-TPAT tiers | 3 tiers with increasing benefits and validation requirements |
| Strategic plan | Secretary must update supply chain security strategic plan every 3 years (§ 941) |
The Automated Targeting System — § 943
Every container shipment bound for the United States must submit advance electronic cargo data — the Importer Security Filing ("10+2") — at least 24 hours before loading at a foreign port. CBP's Automated Targeting System (ATS) analyzes this data, along with intelligence, manifests, and trade history, to assign each shipment a risk score before the vessel departs.
ATS draws on:
- Importer and consignee history and compliance records
- Shipper and supplier information
- Origin and transit route patterns
- Intelligence from law enforcement and foreign partners
- Carrier security compliance history
Shipments that score above the high-risk threshold are flagged for physical inspection or non-intrusive imaging (X-ray/gamma-ray scanning). C-TPAT participants receive a reduction in their ATS score — up to 20% of the high-risk threshold for Tier 1, greater reductions for Tier 2 and 3 — meaning their shipments are less likely to be pulled for inspection.
Container Security Initiative (CSI) — § 945
CSI extends the U.S. inspection perimeter to foreign ports. CBP officers are stationed at 60+ major foreign seaports — including Rotterdam, Singapore, Antwerp, Hong Kong, Shanghai, and others — with authority to identify and examine containers that pose a security risk before loading on a vessel bound for the U.S.
How CSI works:
- ATS flags a shipment as high-risk before loading
- CBP officers at the origin port coordinate with host-country customs to examine the container
- The container may be scanned, physically opened, or held
- If cleared, it is sealed with a tamper-evident seal and cleared for loading
- If not resolved, the container is not loaded
CSI is built on bilateral agreements between the U.S. and host countries. Host-country customs authorities retain jurisdiction and perform the actual examinations; CBP officers observe and coordinate. CSI ports account for the majority of U.S.-bound container volume.
C-TPAT — Customs-Trade Partnership Against Terrorism (§§ 961-973)
C-TPAT is a voluntary partnership between CBP and private-sector entities in the supply chain. Participants agree to implement specified security measures and practices throughout their supply chains. In return, they receive reduced CBP inspection rates, expedited processing, and other facilitation benefits.
Who can join
C-TPAT is open to:
- U.S. importers of record
- U.S./Canada and U.S./Mexico highway carriers
- Air freight carriers
- Ocean freight carriers and consolidators
- Licensed U.S. Customs brokers
- Freight forwarders
- Foreign manufacturers (must be nominated by a C-TPAT importer partner)
- Non-vessel operating common carriers (NVOCCs)
- Port authorities and terminal operators
The three tiers
Tier 1 — Certified: The applicant has submitted a security profile demonstrating compliance with C-TPAT minimum security criteria. CBP has reviewed and certified the profile. Benefits include up to 20% reduction in ATS risk score (meaning fewer random inspections).
Tier 2 — Validated: CBP has completed an on-site validation at the applicant's facilities and key foreign supplier locations, confirming that stated security measures are actually in place. Tier 2 participants receive greater ATS score reductions, priority processing lanes at land borders, and eligibility for the Free and Secure Trade (FAST) lane program at U.S.-Canada and U.S.-Mexico crossings.
Tier 3 — Approved: The highest tier. Participants demonstrate security practices that exceed validation standards — embedded security culture, continuous improvement programs, and third-party audits. Tier 3 participants receive the maximum facilitation benefits, including the lowest inspection rates of any commercial participant in the import system.
Security criteria
C-TPAT minimum security criteria cover:
- Business partner requirements — vetting and monitoring of suppliers, carriers, and service providers
- Container/trailer security — structural integrity checks, seal integrity, container inspection procedures
- Physical access controls — employee badging, visitor management, perimeter security
- Personnel security — background checks, employment verification, drug testing
- Procedural security — cargo handling, loading/unloading procedures, documentation controls
- Information technology security — access controls, data integrity, password management
- Agricultural security — measures to prevent contamination and pest introduction
- Training and threat awareness — annual security training programs
Foreign manufacturers applying through the importer-partnership route must also meet the criteria applicable to their country and sector.
Suspension and removal — § 967
If a C-TPAT participant's security measures fail, CBP may deny benefits in whole or in part without notice in cases involving imminent threats. For non-emergency situations, CBP must provide notice and an opportunity to respond before revoking benefits. Participants may appeal suspension and removal decisions. Reapplication is permitted after remediation.
Third-party validation — § 968
CBP may authorize third-party auditors to conduct C-TPAT validations on its behalf. Third-party validators must be approved by CBP and meet CBP's standards for independence and competence. Third-party validation is particularly relevant for foreign manufacturer applications where CBP resources for overseas site visits are limited.
The 100% Scanning Mandate — § 982
The SAFE Port Act included an ambitious mandate: 100% of cargo containers arriving at U.S. seaports must be scanned using non-intrusive imaging technology. This was always aspirational. CBP consistently waives the 100% scanning goal for foreign ports on grounds of insufficient scanning infrastructure, trade disruption risk, and diplomatic considerations.
What § 982 actually requires and enforces:
- 100% screening using ATS risk-scoring — achieved
- 100% scanning of high-risk containers — achieved for containers CBP has flagged
- 100% scanning of all containers — repeatedly waived; current implementation is risk-based
The DHS Secretary must certify annually to Congress whether the 100% scanning goal can be achieved at each port. In practice, scanning rates vary significantly by port; U.S.-bound containers from high-volume ports like Shanghai and Rotterdam are scanned at far lower than 100% rates due to equipment and capacity constraints.
Post-Incident Trade Resumption — § 942
The SAFE Port Act also requires CBP to maintain protocols for resuming trade after a transportation security incident — a maritime attack, a nuclear device discovered in a container, or a catastrophic port disruption. These "playbooks" specify:
- Who serves as incident commander
- Which ports can serve as alternative routing points
- How trusted-trader participants (C-TPAT Tier 2 and 3) get priority resumption
- How intelligence is shared with foreign partners during the incident
- Timelines for resumption of normal operations
C-TPAT participants have a significant advantage in post-incident scenarios because their pre-validated security profiles allow CBP to clear their shipments faster when trade resumes.
How It Affects You
<!-- pria:personalize type="impact" -->If you import goods into the United States: C-TPAT membership directly reduces your per-shipment CBP inspection rate, translating to lower detention and demurrage costs, shorter port dwell times, and more predictable delivery windows. For importers with high container volumes, Tier 2 or Tier 3 status can save tens or hundreds of thousands of dollars annually by avoiding holds that can run $300–$500 per day per container. The path to membership: submit a security profile at cbp.gov/trade/trusted-trader-programs/ctpat, pay no fee, and wait for CBP certification (typically 60–90 days for Tier 1). After certification, CBP schedules an on-site validation visit within 1–3 years to advance you to Tier 2. Start gathering documentation of your container inspection procedures, employee vetting practices, and supplier security agreements before applying — the security profile requires specifics, not generalities.
If you are a foreign manufacturer supplying U.S. importers: Your U.S. buyer may soon require C-TPAT compliance as a contractual condition of the supply relationship — large retailers like Walmart and Target and major manufacturers routinely mandate C-TPAT membership or equivalent AEO certification for their supplier base. Non-compliance can cost you the contract. Foreign manufacturers cannot apply to C-TPAT directly — you must be nominated by an existing C-TPAT importer partner. Work with your U.S. buyers to initiate the application, then prepare for a CBP validation of your physical facilities. The EU's Authorized Economic Operator (AEO) program and C-TPAT have a Mutual Recognition Arrangement, so EU-certified manufacturers may qualify for equivalent treatment without a separate C-TPAT application.
If you are a customs broker or freight forwarder: C-TPAT participation reduces your clients' ATS risk scores and can serve as a competitive differentiator when clients compare service providers. Licensed customs brokers are eligible to apply independently at cbp.gov/trade/trusted-trader-programs/ctpat/how-to-apply. Broker C-TPAT membership also gives your employees access to dedicated CBP account managers and early notification of changes to filing requirements and security criteria — operational intelligence that non-members don't receive. For clients already in C-TPAT, make sure your ISF ("10+2") filings are accurate and timely; errors in advance cargo data undermine a client's ATS score and can trigger holds that offset their C-TPAT benefits.
If you are a U.S. domestic trucking carrier for import cargo: FAST lane access — available to Tier 2+ C-TPAT highway carriers — can cut crossing times at congested U.S.-Canada and U.S.-Mexico ports of entry from 2–4 hours to 20–40 minutes during peak periods. At the Laredo, Texas crossing (the busiest land port in the country), FAST lane crossings move at roughly 4× the speed of standard lanes. Apply for C-TPAT carrier membership at cbp.gov and then apply separately for FAST lane enrollment for each driver — drivers must pass a CBP background check and hold a valid FAST card ($50 application fee, 5-year validity). The ROI on FAST enrollment typically pays back in the first week of use for carriers running multiple daily crossings.
<!-- /pria:personalize -->Mutual Recognition Arrangements
CBP has negotiated Mutual Recognition Arrangements (MRAs) with the customs authorities of major trading partners — including the EU's Authorized Economic Operator (AEO) program, Canada's Partners in Protection (PIP), Japan's AEO program, and others. Under an MRA, a company that is certified under a foreign trusted-trader program receives equivalent benefits in the U.S. as a C-TPAT member, and vice versa. MRAs reduce duplicative compliance burdens for companies operating in multiple markets.
State Variations
C-TPAT is a federal program with no state-level analog. Port authorities and terminal operators — which may be state or local entities — can participate in C-TPAT in their own right. State transportation agencies may interact with C-TPAT through hazardous materials routing coordination but have no separate oversight role.
Recent Developments
C-TPAT has been an active program throughout the 2020s:
- COVID-19 supply chain disruptions tested the post-incident resumption protocols and exposed gaps in supply chain transparency; CBP added supply chain mapping requirements for Tier 2 and Tier 3 participants
- Section 301 tariff environment made C-TPAT facilitation benefits more valuable as inspection-related delays became more costly for companies managing complex tariff compliance
- Forced labor enforcement (Uyghur Forced Labor Prevention Act, 2021) created new supply chain due diligence requirements that interact with C-TPAT — C-TPAT membership does not insulate against Withhold Release Orders for forced labor, but it does require participants to demonstrate supply chain visibility that supports forced labor compliance
- Digital container tracking — CBP has been expanding ATS integration with commercial supply chain visibility platforms, potentially reducing the documentation burden for C-TPAT participants with advanced track-and-trace systems