Home > Resources > Compliance Guides > FTA/TSA Compliance Guide
TRANSIT WORKER SAFETY COMPLIANCE
FTA and TSA Transit Worker Safety Requirements for Public Transportation Agencies
The December 26, 2024 deadline for FTA General Directive 24-1 has passed. Over two-thirds of transit agencies determined that assault mitigation measures are necessary. This guide breaks down what GD 24-1, the PTASP Final Rule, and the TSA Security Training Rule require, what documentation FTA expects, and what happens to agencies that fall short.
DOES THIS APPLY TO YOUR AGENCY?
Three Signals That Your Agency Has Compliance Exposure
Most transit agencies receiving FTA Section 5307 funds are subject to all three frameworks.
You Receive FTA Funding Under Section 5307
General Directive 24-1 applies to all transit agencies subject to PTASP regulations — recipients of FTA funds under 49 U.S.C. 5307. Agencies receiving funds only under 5310 or 5311 are excluded unless they operate a rail fixed guideway system. If your agency submitted a PTASP, you are subject to GD 24-1.
Your Operators and Station Agents Face Assault Risk
Major assaults on transit workers nearly tripled between 2008 and 2022, from 168 to 492 incidents nationally. Bus operators account for 62% of in-vehicle assaults. If your agency operates bus or rail service with frontline workers who interact with the public, FTA considers assault a recognized safety risk requiring documented mitigation.
You Have Not Yet Implemented the Mitigations You Reported
GD 24-1 required agencies to report mitigation status as Planned, In Progress, or Complete by December 2024. If your mitigations are still Planned or In Progress, FTA expects implementation to proceed on the timeline you submitted. Documentation of implementation progress is required under 49 CFR 673.31 with a three-year retention minimum.
THE REGULATORY FRAMEWORK
Three Federal Mandates That Converge on Transit Worker Assault Prevention
FTA General Directive 24-1
FTA General Directive 24-1 (September 25, 2024)
Required all PTASP-subject transit agencies to conduct a safety risk assessment focused on assaults against transit workers and submit mitigation plans via the SMS Report application. Agencies reported each mitigation as Planned, In Progress, or Complete with projected or actual dates. Large urbanized area agencies (population 200,000+) were required to involve their joint labor-management Safety Committee. This was a one-time submission requirement, but the underlying PTASP obligations are ongoing.
Deadline
December 26, 2024. Deadline has passed. Over two-thirds of agencies reported mitigations necessary.
Applies To
All transit agencies subject to PTASP regulations (FTA Section 5307 recipients). Excludes 5310/5311-only unless operating rail fixed guideway.
Penalties
FTA can withhold up to 25% of Section 5307 funding under 49 U.S.C. 5329. Must provide written notice and reasonable cure period first. Can also direct agencies to redirect federal funds toward correcting safety deficiencies.
PTASP Final Rule (49 CFR Part 673)
49 CFR Part 673 (April 2024 Amendments)
Requires transit agencies to maintain a Safety Management System with documented safety risk assessment and mitigation processes. The April 2024 amendments specifically require agencies to consider deployment of assault mitigation infrastructure and technology, including barriers to restrict unwanted entry into bus operator workstations. Safety Committee involvement is mandatory for large urbanized area providers. All SMS documentation must be retained for a minimum of three years.
Deadline
Ongoing. April 2024 amendments in force. No single compliance date — obligations are continuous.
Applies To
All transit agencies with Agency Safety Plans under 49 CFR 673. Large UZA agencies (200,000+ population) must have Safety Committees.
Penalties
Same enforcement authority as GD 24-1. FTA can withhold Section 5307 funding, issue Special Directives with specific corrective action timelines, and require more frequent reporting. Precedent: SEPTA Special Directive (July 2024).
TSA Security Training Rule (49 CFR Part 1582)
49 CFR Part 1582, Subpart B
Requires transit agencies to adopt and carry out a security training program for employees in security-sensitive positions. Covered positions include personnel who dispatch, transport, or deliver passengers, maintenance and custodial staff with restricted area access, and personnel in security operations. A security-sensitive employee cannot perform their function for more than 60 calendar days without completing security training.
Deadline
Ongoing. 60-day training threshold applies continuously for all new hires and role changes.
Applies To
Public transportation agencies and rail transit systems identified in 49 CFR 1582.101. Covers security-sensitive positions per Appendix B.
Penalties
Falls under FTA enforcement authority (49 U.S.C. 5329). Failure to maintain compliant training programs exposes agencies to funding sanctions.
Not Legal Advice
This guide summarizes publicly available federal regulatory information as of May 2026. It is not legal counsel. Consult your FTA regional office or qualified transit safety counsel for compliance guidance specific to your agency.
REGULATION-BY-REGULATION COMPARISON
How GD 24-1, PTASP, and TSA 1582 Compare
These three frameworks overlap but have distinct requirements. Compliance with one does not satisfy the others.
| Requirement | GD 24-1 | PTASP (49 CFR 673) | TSA (49 CFR 1582) |
|---|---|---|---|
| Focus | One-time assault risk assessment + mitigation plan submission | Ongoing Safety Management System with assault mitigation infrastructure | Security training for employees in security-sensitive positions |
| Core Obligation | Submit assessment + mitigation status via SMS Report tool | Maintain documented SMS. Consider assault mitigation infrastructure including operator barriers. | Complete security training within 60 calendar days of assignment to security-sensitive role. |
| Safety Committee | Required for large UZA agencies (200,000+ population) | Required for large UZA agencies. Must include management + workers. | Not specifically required. Security coordinator designation required. |
| Documentation | Mitigation status (Planned/In Progress/Complete) with dates and % complete. | Agency Safety Plan, SMS records, risk assessments, mitigation records. 3-year retention. | Training completion records. 60-day compliance tracking for all security-sensitive employees. |
| NTD Reporting | Supports GD 24-1 by providing assault data for risk assessment. | All assaults reported since April 2023. Major (S&S-40) and Non-major (S&S-50). | Not directly linked to NTD. TSA has separate incident reporting. |
| Enforcement | Up to 25% of Section 5307 funding withheld. Written notice required. | Same. Plus Special Directives with corrective action timelines. | FTA enforcement authority under 49 U.S.C. 5329. Funding sanctions. |
YOUR COMPLIANCE CHECKLIST
Six Steps to Verify Your Agency Is on Track
Use this checklist to assess where your agency stands against all three regulatory frameworks.
Confirm Your GD 24-1 Submission Status
Verify that your agency submitted its safety risk assessment and mitigation plan via the SMS Report application by the December 26, 2024 deadline. If your mitigations were reported as Planned or In Progress, confirm that implementation is proceeding on the timeline you submitted. FTA's January 2025 analysis reviewed all submissions, and agencies with incomplete or missing submissions face enforcement exposure.
Audit Your Mitigation Implementation Progress
For each mitigation you reported as In Progress, document the current percentage of completion. If you committed to deploying assault mitigation technology on your fleet, record how many vehicles are equipped. If you committed to operator barriers, document how many buses have been retrofitted. FTA can request implementation updates, and your reported projected completion dates create an accountability baseline.
Verify Safety Committee Involvement Is Documented
If your agency serves an urbanized area with population over 200,000, your Safety Committee must be involved in assault risk mitigation decisions. Document meeting minutes showing committee discussion of assault mitigations, committee recommendations incorporated into your Agency Safety Plan, and committee-set safety performance targets. If your committee has not met on this topic, schedule it before FTA's next review.
Review NTD Assault Reporting Compliance
Since April 2023, your agency must report all transit worker assaults to the NTD, not just major events. Verify that your reporting process captures both physical and non-physical assaults across all location categories (in-vehicle, revenue facility, non-revenue facility, other). Major events require S&S-40 forms. Non-major events require S&S-50 monthly summaries. Check that your data collection captures the required fields.
Confirm TSA Security Training Is Current
Every employee in a security-sensitive position must complete security training within 60 calendar days of assignment. Pull your training records and verify that no employee has exceeded the 60-day threshold. For agencies with high turnover in operator or station agent positions, this requires active tracking. If your agency cannot produce training completion dates for every security-sensitive employee, that is a compliance gap.
Organize Three Years of SMS Documentation
49 CFR 673.31 requires three-year retention of all SMS documents: Agency Safety Plan, risk assessment results, mitigation implementation records, Safety Committee minutes, training records, and incident investigation files. FTA Triennial Reviews will examine these records. If your documentation is scattered across departments or individuals' files, consolidate it into a central system before the next review cycle.
CLOSING THE MITIGATION GAP
How Transit Agencies Implement Assault Mitigation Technology
The Requirement: Documented Assault Mitigation Infrastructure
The PTASP Final Rule requires agencies to consider deployment of assault mitigation infrastructure and technology. GD 24-1 required agencies to report what mitigations they are implementing and when. Over two-thirds of agencies determined that mitigations are necessary. The regulatory framework creates an expectation that agencies will deploy measurable, documentable assault risk reduction measures.
The Operational Reality: Transit Environments Break Most Technology
Bus depots, maintenance yards, underground rail stations, and outdoor transit centers present environments where cellular signals drop and Wi-Fi coverage is inconsistent. Bus operators cannot use smartphones while operating vehicles. Station agents working alone in underground facilities may have no cellular connectivity. The environments where transit workers face the highest assault risk are often the environments where communication technology is least reliable.
The Gap in Current Mitigation Approaches
App-based panic button solutions require transit workers to carry and operate smartphones — a direct conflict with bus operator safety policies. Cellular-dependent lone worker devices fail in underground stations and dense maintenance facilities. De-escalation training is a required mitigation component but provides no real-time alerting during an active assault. Operator barriers address one position (bus operators) but do not protect station agents, fare inspectors, or maintenance workers.
What Agencies Deploying Comprehensive Mitigations Are Using
Transit agencies implementing assault mitigation technology that works across their entire system are deploying wearable hardware on facility-deployed networks. These devices operate without smartphones, without cellular connectivity, and without dependency on agency IT infrastructure. Workers activate them with a single button press, generating a timestamped, location-tagged alert that becomes part of the agency's NTD-ready documentation.
How Positive Proof Addresses This
Positive Proof wearable panic buttons operate on a facility-deployed network that works in bus depots, underground stations, and maintenance yards without cellular or Wi-Fi dependency. Bus operators, station agents, fare inspectors, and maintenance workers all use the same wearable badge device — one press to alert. Each activation generates a timestamped record with location data, producing the documented mitigation evidence that FTA expects under GD 24-1 and the PTASP Final Rule. The system operates as an overlay independent of your agency's IT network.
Common Transit Safety Compliance Questions
Answers to the questions transit safety directors and operations teams ask most often.
Need to Document Assault Mitigation Progress for FTA?
Schedule a review with Positive Proof. We walk through your GD 24-1 mitigation commitments, identify coverage gaps across your transit system, and show how wearable panic technology maps to PTASP documentation requirements.
Schedule an Agency ReviewYOUR NEXT STEP
The GD 24-1 Deadline Has Passed. Implementation Is What FTA Measures Next.
Your agency reported its mitigation plan. Now FTA expects to see implementation progress on the timeline you committed to. Start closing the gap between your submission and your operational reality.
Contact Us