DOE Nuclear Information Protection — Restricted Data and Controlled Unclassified Nuclear Information

The Department of Energy controls two overlapping categories of sensitive nuclear information that neither the normal classified information system nor ordinary public records law adequately addresses: Restricted Data (the classified secrets of nuclear weapons design and production, defined by the Atomic Energy Act) and Unclassified Controlled Nuclear Information (UCNI) (sensitive but unclassified information whose public disclosure could enable nuclear sabotage or assist in producing nuclear weapons). The regulations at 10 CFR Part 1016 and 10 CFR Part 1017 govern how these two categories of information must be handled by companies, universities, and other entities that access them under DOE authorization — establishing the physical security, access controls, handling, storage, transmission, and destruction requirements that apply outside DOE's own facilities.

Legal Authority

• 42 U.S.C. § 2201 — Atomic Energy Act of 1954, Section 161: authorizes the Secretary of Energy (and predecessor Atomic Energy Commission) to establish safeguards for classified nuclear information; basis for DOE's authority over Restricted Data and UCNI programs
• 42 U.S.C. § 2168 — Atomic Energy Act, Section 148: specifically authorizes controls on Unclassified Controlled Nuclear Information (UCNI) — the category covering nuclear weapons design information that falls below the Restricted Data threshold but still poses proliferation risks
• 10 CFR Part 1016 — DOE regulations governing safeguarding of Restricted Data by access permittees (private parties who receive access to classified nuclear weapons design information)
• 10 CFR Part 1017 — DOE regulations governing UCNI: defines what qualifies as UCNI, what disclosures are controlled, and what safeguards apply

Key Mechanics

DOE manages two distinct categories of controlled nuclear information. Restricted Data (RD) is defined by statute in the Atomic Energy Act as information concerning nuclear weapon design, production, and materials — it is classified by operation of law (the "born classified" doctrine) rather than by administrative determination. UCNI is a lower tier of control: information that has been declassified or was never classified as RD but still could contribute to nuclear weapons proliferation; UCNI is controlled by administrative designation rather than statute. Access to RD requires a DOE Q clearance (the equivalent of a Top Secret clearance); UCNI does not require a formal security clearance but does require training and an authorized purpose for access.

Current Rules (2026)

Two Regulatory Regimes for Nuclear Information

10 CFR Part 1016 — Restricted Data by Access Permittees

Restricted Data is a unique legal category created by the Atomic Energy Act and found nowhere else in federal law. It means all data concerning nuclear weapons design and functioning, nuclear material production, and nuclear weapon special materials — and it is born classified: it is protected from the moment it comes into existence, regardless of whether the government has formally stamped it secret. Restricted Data never passes into the public domain through declassification unless explicitly removed from the Restricted Data category by DOE and the Department of Defense together.

Most Restricted Data is held at DOE's own national laboratories and weapons facilities (Los Alamos, Sandia, Lawrence Livermore, Y-12, Pantex). But some companies — defense contractors, research universities, specialized manufacturing firms — receive access to Restricted Data under Access Permits when their work requires it. Part 1016 governs how these access permittees must handle that information. It covers Secret and Confidential Restricted Data; Top Secret information cannot be forwarded to access permittees at all under this framework.

10 CFR Part 1017 — Unclassified Controlled Nuclear Information (UCNI)

UCNI is the mirror image: information that is not classified but is nonetheless sensitive enough that its unauthorized dissemination could reasonably be expected to have a significant adverse effect on U.S. nuclear safety or security — for example, detailed specifications of physical protection systems at nuclear facilities, specific vulnerabilities in nuclear material accounting procedures, or technical parameters useful for sabotage. UCNI was created by § 148 of the AEA (42 U.S.C. § 2168) to fill the gap between fully classified Restricted Data and ordinary unclassified information. Part 1017 governs who may access UCNI, how to mark documents containing it, and how to handle, store, transmit, and destroy those documents. Unlike Restricted Data, UCNI can be decontrolled — a Reviewing Official can remove the UCNI designation when the information is no longer sensitive or has been superseded.

Key Provisions — Part 1016: Restricted Data Safeguards

• § 1016.1–1016.2 — Scope: applies to all persons who access Restricted Data under an Access Permit; does not apply to DOE's own employees and contractors at DOE facilities (they are covered by DOE's internal security orders); covers use, processing, storage, reproduction, transmission, and handling of Secret or Confidential Restricted Data
• § 1016.10 — Security facility approval: before receiving Restricted Data, an access permittee's facility must obtain DOE security facility approval — a review of the facility's physical security measures, personnel security procedures, and information systems; DOE grants, denies, or suspends approval in writing; approval can be terminated when there is no longer a need for the information or when security conditions are not met
• § 1016.13 — Storage: Restricted Data not in use must be stored in a locked GSA-approved security container (safe or vault); Secret Restricted Data requires stronger storage than Confidential; the permittee may not store Restricted Data in any manner that could allow unauthorized access during non-working hours
• § 1016.14 — While in use: Restricted Data in active use must be under the direct physical control of a person with appropriate access authorization — it may not be left unattended in an area accessible to unauthorized persons; access is limited to those with a need to know and the appropriate DOE-issued access authorization ("Q" clearance for Secret; "L" clearance for Confidential)
• § 1016.15 — Security areas: when the nature or size of Restricted Data makes locked container storage impractical (for example, large maps, physical models, or extensive document sets), the permittee must establish a formal security area with controlled access and physical barriers; armed protective personnel (holding Q or L clearance) are required in some security areas
• § 1016.18 — Access control: no person may access Restricted Data in the permittee's possession unless authorized by DOE; the permittee must maintain a need-to-know determination for each person who accesses the material; access authorizations are granted by DOE and cannot be delegated by the permittee
• § 1016.19 — Classification and marking: all Restricted Data generated by the permittee in the course of its work must be classified and marked appropriately; the permittee does not declassify Restricted Data — all classification changes require DOE authorization; classification markings must appear on documents in accordance with DOE classification guidance
• § 1016.20 — External transmission: Restricted Data may only be transmitted to persons with appropriate access authorization; Secret Restricted Data requires protected transmission methods (courier, secure telecommunications); Confidential Restricted Data may be mailed in double-wrapped, sealed packaging; no Restricted Data may be transmitted via ordinary email or unsecured networks
• § 1016.21 — Accountability: each permittee holding Secret Restricted Data must maintain an inventory — a record of every classified document (or classified electronic file) in its possession, with receipts for transfers; annual inventories must account for all items; discrepancies trigger reporting obligations
• § 1016.22 — Reproduction: Secret Restricted Data may not be reproduced without written permission from the originator or DOE; Confidential Restricted Data may be reproduced as needed for authorized purposes; all reproductions must carry the same classification markings as the original and must be inventoried
• § 1016.24 — Destruction: Restricted Data documents may be destroyed by burning, pulping, or another method that assures complete destruction; electronic media containing Restricted Data must be destroyed according to DOE approved procedures for classified media destruction; a certificate of destruction must be maintained
• § 1016.25 — Computer and electronic media: Restricted Data on computers, networks, and electronic devices must be handled according to DOE's classified information systems requirements; classified processing is restricted to DOE-approved systems; no Restricted Data may be processed on unclassified networks or on personally owned devices
• § 1016.26–1016.27 — Revocation and termination: if an individual's access authorization is suspended or revoked, the permittee must immediately deny that person access to Restricted Data; when the permittee's security facility approval terminates, all Restricted Data in its possession must be transferred back to DOE or destroyed under DOE supervision

Key Provisions — Part 1017: UCNI Controls

• § 1017.1 — Purpose: implements AEA § 148, which prohibits unauthorized dissemination of certain unclassified nuclear information whose release could adversely affect U.S. nuclear non-proliferation, safety, or physical protection interests; applies to any person who is or was authorized UCNI access or who attempts to gain unauthorized access
• § 1017.10 — Adverse effect test: for information to be designated UCNI, a Reviewing Official must determine that unauthorized dissemination could "reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security" — the test focuses on real-world harm from disclosure, not just sensitivity; it must meet a materiality threshold, not merely be tangentially nuclear-related
• § 1017.11 — Exemptions: information may not be designated UCNI if it is already protected as Restricted Data, is required to be publicly released by law, is in the public domain, or if the UCNI designation would conceal violations of law, prevent embarrassment, or prevent competition — these exclusions prevent UCNI from being used to classify information that belongs in public discourse
• § 1017.14–1017.15 — Reviewing Officials: DOE designates Reviewing Officials in each program office with cognizance over nuclear information; Reviewing Officials determine whether specific documents or materials meet the adverse effect test and must make the UCNI determination in writing; they issue quarterly reports on new UCNI determinations
• § 1017.16 — Marking: documents containing UCNI must be marked with "UNCLASSIFIED CONTROLLED NUCLEAR INFORMATION" on the cover, first page, and each page that contains UCNI; the marking signals to recipients that the information, while not classified, requires controlled handling and may not be publicly released
• § 1017.19–1017.21 — Access: routine access to UCNI is granted by the Authorized Individual — the Reviewing Official who makes the initial determination — to persons who need the information for official purposes; limited access (for a specific, bounded need) can be granted by a DOE Program Secretary's officer; persons granted UCNI access must be notified of the protection requirements and agree to comply
• § 1017.23 — Protection in use: a person with UCNI access must maintain physical control over documents containing UCNI while in use; UCNI may not be left unattended in areas where unauthorized persons could access it
• § 1017.24 — Storage: UCNI not in use must be stored in locked containers or areas to prevent unauthorized access; UCNI does not require GSA-approved security containers (unlike classified Restricted Data) but must be stored more securely than ordinary unclassified records
• § 1017.26 — Destruction: UCNI documents must be destroyed by cross-cut shredding producing particles no larger than 1/4-inch wide and 2 inches long; burning and pulping are also acceptable; this is a stronger destruction standard than ordinary records destruction but less stringent than classified destruction requirements
• § 1017.27 — Transmission: UCNI may be transmitted by U.S. first class, express, certified, or registered mail in a single opaque envelope; it may not be sent by postcard or ordinary courier without equivalent protection; the transmission rules are designed to prevent inadvertent public exposure without requiring the secure channels mandated for classified information

Access Permit Application and Issuance (10 CFR Part 725)

Before any non-DOE entity may receive Restricted Data, it must obtain an Access Permit from the Department of Energy's Office of Environment, Health, Safety and Security. 10 CFR Part 725 governs the permit application process — the threshold step that precedes compliance with Part 1016's handling requirements.

• § 725.1 — Purpose: Part 725 establishes procedures and standards for issuing Access Permits to any person subject to AEA § 145 who requires access to Restricted Data; the Access Permit is DOE's formal authorization for a non-government entity to receive and use Restricted Data — without it, no transfer of Restricted Data from DOE to an outside entity may occur
• § 725.2 — Applicability: applies to any person within or under U.S. jurisdiction who wishes to access Restricted Data and is not a DOE employee or contractor already covered by DOE's internal security orders; the target population is defense contractors, research universities, specialized manufacturers, and others who need access to nuclear weapons design information for legitimate contract or research purposes
• § 725.11 — Applications: any person seeking an Access Permit submits a written application to DOE containing: identification of the applicant, a description of the purpose for which access is required, the type and level of Restricted Data needed (Secret or Confidential), the period of time access is needed, and a description of the applicant's physical security arrangements; DOE may request additional information at any time (§ 725.13)
• § 725.12 — Noneligibility: the following are categorically ineligible for Access Permits: corporations not organized under U.S. law, foreign nationals, persons with adverse DOE security determinations, and persons who have been convicted of violating the AEA; the noneligibility provisions implement the AEA's requirement that Restricted Data be protected from foreign access and from persons with demonstrated security risks
• § 725.14 — Public inspection of applications: applications are available for public inspection under FOIA; however, information that would itself disclose Restricted Data or that would reveal the specific nature of classified nuclear programs is withheld; this creates a careful balance — permit applications are public records, but the fact that a company needs access to nuclear weapons design information does not in itself reveal that information
• § 725.15 — Requirements for approval: DOE approves an application if the applicant (a) has a legitimate need to access Restricted Data for a specific purpose, (b) has adequate physical security measures in place at the facility where Restricted Data will be used, (c) meets personnel security requirements (all persons who will access the data must have appropriate DOE access authorizations — "Q" clearance for Secret Restricted Data, "L" clearance for Confidential), and (d) agrees to comply with Part 1016's safeguards requirements
• §§ 725.21–725.22 — Issuance and scope: upon approval, DOE issues an Access Permit that specifies the scope of authorized Restricted Data, the period of authorization (typically tied to contract performance), and the facility(ies) where Restricted Data may be used; the permit may authorize access to Secret Restricted Data, Confidential Restricted Data, or both; it may be limited to specific subject matter or nuclear program areas; all access must be on a "need to know" basis — the permit's scope does not authorize accessing all Restricted Data, only the specific information needed for the permitted purpose
• § 725.23 — Terms and conditions: Access Permits impose binding terms: the permittee must comply with Part 1016's handling requirements, must allow DOE inspection of facilities where Restricted Data is held, must report security incidents immediately, and must return or destroy Restricted Data when the permit terminates; the permit may be revoked at any time if DOE determines the permittee no longer meets eligibility requirements or has violated permit conditions

The Access Permit process is the gateway between DOE's national laboratory and weapons complex (where Restricted Data is created and maintained) and the private sector entities that need it for contract work. Approximately several hundred organizations hold DOE Access Permits at any given time — primarily defense contractors supporting weapons programs at NNSA and DOE. The permit process parallels the Defense Counterintelligence and Security Agency (DCSA) facility clearance process for DoD classified information, but DOE runs its own process because Restricted Data is a unique legal category created by the AEA, not by executive order, and DOE retains exclusive authority over access.

How It Affects You

If your company or university holds a DOE Access Permit: Part 1016 is your security compliance framework. The requirements are analogous to, but distinct from, DoD contractor security rules under the National Industrial Security Program Operating Manual (NISPOM). The key differences: Restricted Data has a uniquely permanent classification status (it cannot pass into the public domain the way ordinary classified information can when a classification period expires or a President orders declassification); and DOE — not the Defense Counterintelligence and Security Agency (DCSA) — is the authority for Restricted Data access authorizations and facility approvals. If your facility handles both DoD classified information and DOE Restricted Data, you must comply with both frameworks simultaneously. Annual inventories and access authorization management are the most common compliance pain points for access permittees.

If you work at a nuclear facility or handle nuclear physical protection information: Part 1017 may apply to information you handle routinely — specifications of security systems, material quantity records above certain thresholds, facility vulnerability assessments. The Reviewing Official designation is critical: only specifically designated officials may make UCNI determinations. If you receive a document marked UCNI, you are bound by Parts 1017's handling, storage, and transmission rules regardless of whether you participated in the original determination. Failure to protect UCNI is a federal violation under AEA § 148; civil penalties may be assessed under 10 CFR Part 820.

If you work on nuclear non-proliferation policy or export controls: UCNI and the broader DOE controlled information framework intersect with nuclear export licensing under 10 CFR Part 110 (NRC export controls) and the Department of Commerce export control regulations for "nuclear technology." Information about physical protection, criticality safety parameters, and weapons design features that falls short of Restricted Data may still be UCNI and subject to the transmission restrictions in Part 1017 — understanding the boundary between UCNI and ordinary unclassified technical information matters for technology transfer decisions.

Statutory Authority

These rules implement:

• 42 U.S.C. § 2201 (AEA § 161) — the general authority provision of the Atomic Energy Act, authorizing DOE to establish rules and regulations governing the safeguarding of Restricted Data and the security of nuclear activities; the foundational authority for Part 1016
• 42 U.S.C. § 2168 (AEA § 148) — specifically authorizes the Secretary of Energy to prohibit the unauthorized dissemination of unclassified information pertaining to physical protection of nuclear facilities and material, nuclear material quantities, and safety training — the foundation for the UCNI category and Part 1017

Recent Rulemakings

Part 1016: The 2017 amendments (82 FR 41505–41508) updated the regulation to address electronic information systems, computer networks, and mobile devices — reflecting the shift from paper-based classified document management to electronic classified systems. Prior major amendments in 1983 (48 FR 36432) established the foundational safeguarding requirements for access permittees.

Part 1017: The current version reflects amendments through the mid-2000s. The UCNI program was established following the Energy Reorganization Act and has been refined through internal DOE policy guidance more than through formal rulemaking. DOE periodically updates its UCNI Reviewing Official guidance to address emerging categories of sensitive unclassified information — particularly as DOE's nuclear material accounting data and physical protection technologies have become more technologically sophisticated.

Pending Action