The bill adds “peace officer standards and training agencies” (POST agencies) to the list of entities eligible to receive criminal history record information under 28 U.S.C. §534(e). It defines POST agencies as state statutory authorities that set hiring, training, ethical conduct, and retention standards for law enforcement through certification, licensing, or similar processes, and it explicitly includes U.S. territories in the definition of “State.”
The Attorney General must amend Part 20 of Title 28, Code of Federal Regulations, within 180 days to implement the change. Practically, the amendment will permit POST agencies to obtain FBI criminal history records for uses such as background checks, certification and decertification decisions, and misconduct investigations — shifting how states will assemble and act on officer-background information and raising privacy, data-governance, and interoperability questions for federal and state actors.
At a Glance
What It Does
The bill inserts POST agencies into 28 U.S.C. §534(e) as authorized recipients of criminal history record information and requires the Attorney General to update Part 20 of Title 28, CFR, within 180 days to carry out the authorization. The statutory definition limits POST agencies to those with state statutory authority over hiring, training, certification, licensing, or retention of law enforcement officers.
Who It Affects
State and territorial peace officer standards and training agencies, state law enforcement executives who rely on POST certification/decertification, FBI/CJIS as the record steward, and officers and former officers whose records may be accessed for administrative and employment decisions.
Why It Matters
This change creates an express federal pathway for POST agencies to obtain national criminal-history information directly, enabling more comprehensive vetting and decertification workflows but also centralizing sensitive data outside traditional employer or prosecutorial channels.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The bill creates a narrow but consequential change to federal criminal-record access rules. Today’s federal framework limits dissemination of FBI criminal history information to certain criminal-justice actors; this bill adds state peace officer standards and training agencies to that roster.
By defining POST agencies as state entities with statutory authority over hiring, training, ethical conduct, and retention via certification or licensing, the text ties access to agencies that play a formal gatekeeping role in law enforcement careers.
Beyond the statutory insertion, the bill forces a regulatory follow-up: the Attorney General must revise Part 20 of Title 28 (the set of FBI rules that govern who may receive and how to handle identification records) within 180 days. Those regulatory changes are where practical constraints — credentialing requirements, record scope (convictions vs. arrests), retention limits, and security controls — will be clarified.
The statute itself does not spell out permitted uses or procedural safeguards, so the Part 20 amendments will determine whether POST agencies can receive full criminal-justice information, only conviction data, or limited extracts, and what training, audit, and systems-security measures they must maintain.Operationally, adding POST agencies as authorized recipients changes common state practices. Many states now rely on local agencies, background-check vendors, or state police to collect federal records for POST purposes; direct access to FBI records will let POST agencies run their own checks for hiring, mandatory decertification reviews, reciprocity decisions, and investigations into misconduct.
That can speed decisions and create a more uniform national view of officer histories, but it also centralizes authority to hold and act on sensitive records at a state-level regulatory body rather than solely with employers or courts.Because the bill’s statutory text is brief and delegates detail to the Attorney General’s regulation, much of the real-world impact will depend on the forthcoming Part 20 amendments: whether they require MOUs, specify record types, set minimum security standards consistent with CJIS rules, or create audit and individual-redress mechanisms. The lack of statutory constraints on use and retention means those regulatory choices will be decisive for privacy, inter-state information-sharing, and the scope of POST agencies’ oversight powers.
The Five Things You Need to Know
The bill amends 28 U.S.C. §534(e) by adding a new paragraph (3) to authorize "peace officer standards training agencies" to receive criminal history record information.
It defines a "peace officer standards and training agency" as a State agency with statutory authority to set hiring, training, ethical conduct, and retention standards for law enforcement through certification, licensing, or similar qualification processes.
The statute explicitly defines "State" to include the 50 States, the District of Columbia, Puerto Rico, the Virgin Islands, Guam, American Samoa, the Northern Mariana Islands, and any U.S. territory or possession.
The Attorney General has a 180-day deadline from enactment to amend Part 20 of Title 28, Code of Federal Regulations, to implement the new disclosure authority.
The bill does not itself specify what categories of criminal-history information POST agencies may receive, leaving scope, use-limits, and safeguards to the Part 20 regulatory revisions.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Short title
Designates the statute’s name as the "Criminal History Access Act of 2025." This is procedural but signals the statute’s narrow focus on access to criminal-history information rather than broader police reform or oversight measures.
Definitions — POST agency and State
Defines the key terms that determine who gains access. "Peace officer standards and training agency" is tied to an agency’s statutory authority over certification, licensing, hiring, training, ethical conduct, and retention, which confines access to bodies with explicit statutory gatekeeping power over officers. The expanded definition of "State" ensures U.S. territories can use the authority, avoiding an access gap in non-state jurisdictions.
Statutory amendment to 28 U.S.C. §534(e)
Inserts POST agencies as a new class of authorized recipients within the existing federal statute that controls dissemination of criminal-history information. Mechanically, this adds paragraph (3) to section 534(e), putting POST agencies on the same statutory footing as other enumerated recipients; it does not itself change any substantive limits on what information the FBI may share, only who is statutorily eligible to receive it.
Regulatory implementation — Part 20 amendments
Directs the Attorney General to amend Part 20 of Title 28, CFR, within 180 days to implement the statutory change. This clause shifts operational detail to the Department of Justice: the Part 20 amendments will have to define the mechanics of access (application, credentialing, permissible uses, record types, retention, oversight and auditing), and will be the primary vehicle for privacy and security safeguards.
This bill is one of many.
Codify tracks hundreds of bills on Justice across all five countries.
Explore Justice in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- State and territorial POST agencies — Gain statutory authority to request and receive FBI criminal-history data directly, enabling more comprehensive background checks, decertification reviews, and cross-jurisdictional vetting.
- State-level law enforcement oversight and certification boards — Can assemble national histories without relying on intermediaries, which could speed reciprocity, misconduct investigations, and consistent certification decisions across agencies.
- Employers and hiring managers in law enforcement — Indirectly benefit from more complete records supplied by POST agencies if states use the data to standardize vetting, helping avoid rehiring officers with problematic histories.
- Public safety and accountability stakeholders — Benefit from the potential for a more complete, centralized record for use in decertification and misconduct inquiries, enabling stronger oversight at the state level.
Who Bears the Cost
- State POST agencies — Must build or upgrade procedures, IT security, and staff capabilities to request, receive, protect, and use federal criminal-history records in compliance with Part 20 and CJIS standards, creating administrative and budgetary burdens.
- Department of Justice / FBI (CJIS) — Faces implementation costs to update Part 20, manage additional access relationships, monitor compliance, and potentially handle an increase in disclosure requests.
- Individual officers and applicants — Face intensified background scrutiny and potential career consequences if POST agencies expand use of federal records for decertification or licensing decisions, including use of non-conviction information depending on regulations.
- Privacy advocates and state civil-rights agencies — Bear monitoring and enforcement burdens; they may need to contest overbroad disclosures or push for regulatory safeguards where the statute is silent.
Key Issues
The Core Tension
The bill pits two legitimate goals against each other: improving public-safety oversight and consistency in vetting law enforcement by giving POST agencies direct national-record access, versus protecting individual privacy and preventing misuse of sensitive criminal-history data when the statute leaves scope, safeguards, and uses to forthcoming regulations. The choice between stronger oversight and tighter privacy controls will be resolved largely in the Part 20 rulemaking rather than the statute itself.
The statute is short and delegates critical choices to the Attorney General’s Part 20 rulemaking, which concentrates the most consequential decisions in regulatory text rather than statute. That delegation leaves open fundamental questions: which categories of records (convictions, arrests, sealed or expunged records, disposition data) POST agencies may receive; whether POST agencies must enter MOUs or meet CJIS Security Policy requirements; and what auditing, retention, or redress mechanisms individuals will have when POST agencies act on the information.
Implementation also raises practical frictions. States vary widely in how they structure POST bodies and in certification standards; giving all such bodies direct access to FBI records could produce divergent uses and inconsistent thresholds for decertification or hiring decisions.
The bill’s inclusion of territories prevents coverage gaps but also requires DOJ to consider differing resource capacities and legal frameworks. Finally, centralizing more officer-history information at regulatory agencies can aid oversight but risks mission creep: data assembled for certification could be repurposed for employment policing or shared beyond intended uses unless Part 20 tightly circumscribes disclosures and mandates accountability mechanisms.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.