Text

EGM-20-001, Rev. 5 February 5, 2026 Those on the Attached List Bo M. Pham, Acting Director Office of Enforcement ENFORCEMENT GUIDANCE MEMORANDUM (EGM) 2020-001 REV. 5, ENFORCEMENT DISCRETION NOT TO CITE CERTAIN VIOLATIONS OF 10 CFR 73.56 REQUIREMENTS MEMORANDUM TO:

FROM:

SUBJECT:

PURPOSE:

Consistent with Section 3.5, Violations Involving Special Circumstances, of the Enforcement Policy, this enforcement guidance memorandum (EGM) grants enforcement discretion not to cite certain violations of requirements in section (d)(3), Verification of true identity, of Title 10 Code of Federal Regulations (10 CFR) Part 73.56, Personnel Access Authorization Requirements for Nuclear Power Plants, as discussed more fully below.

BACKGROUND:

The U.S. Nuclear Regulatory Commissions (NRC) Office of Investigations conducted several investigations into potential violations of NRC regulations and associated wrongdoing by licensees implementing the requirements in 10 CFR 73.56(d)(3), Verification of true identity.

As a result of these efforts, the NRC identified the need to clarify existing regulatory requirements that licensees are required to meet to demonstrate compliance.

10 CFR 73.56(d)(3) states, Licensees, applicants, and contractors or vendors shall verify the true identity of an individual who is applying for unescorted access (UA) or unescorted access authorization (UAA) in order to ensure that the applicant is the person that he or she has claimed to be. At a minimum, licensees, applicants, and contractors or vendors shall validate that the social security number that the individual has provided is his or hers, and, in the case of foreign nationals, validate the claimed non-immigration status that the individual has provided is correct. In addition, licensees and applicants shall also determine whether the results of the fingerprinting required under 10 CFR 73.57 confirm the individual's claimed identity, if such results are available.

CONTACT: David Furst, OE/EB (301) 287-9087 David.Furst@nrc.gov Signed by Pham, Bo on 02/05/26

Those on the Attached list The general performance objective of 10 CFR 73.56 is to provide high assurance that the individuals subject to 10 CFR 73.56 are trustworthy and reliable. The requirements in 10 CFR 73.56(d)(3) impose an obligation on licensees to verify the true identity of individuals applying for UA or UAA. As part of this obligation, licensees must take steps to either validate that the social security number provided by an individual is, in fact, his or her social security number; or, in the case of foreign nationals, validate the accuracy of the non-immigration status claimed by the individual when they applied for UA.

The term validate is not defined in the regulations. However, the Commission addressed its understanding of this term in the Power Reactor Security Requirements Proposed Rule issued for public comment on October 26, 2006. In discussing the proposed requirements in 10 CFR 73.56(d)(3), the Commission stated that the term validation would be used to indicate that licensees, applicants, and contractors or vendors would be required to take steps to access information, in addition to that provided by the individual, from other reliable sources to ensure that the personal identifying information the individual has provided to the licensee is authentic (71 FR 62664, 62747 (Oct. 26, 2006)). The Commission went on to say that this validation could be accomplished through a variety of means, including accessing information from Federal Government databases or evaluating an accumulation of information, such as comparing the social security number provided by the individual to the social security number included in a credit history report and information obtained from other reliable sources. Comparing information obtained from reliable sources to the information provided by the individual (e.g., via the Personal History Questionnaire) provides important, relevant information to the licensee in determining trustworthiness and reliability.

One way that licensees can accomplish validation is by accessing Federal Government databases, such as the Department of Homeland Security United States Citizenship and Immigration Services (USCIS) Systematic Alien Verification for Entitlements (SAVE). Since 2007, the NRC (via a memorandum of agreement with USCIS) has made the SAVE database available to licensees free of charge. Consistent with the requirements in 10 CFR 73.56(a)(4), a licensee may also accept, in part or whole, an access authorization program implemented by a contractor or vendor to satisfy appropriate elements of the licensees program. Although contractors and vendors do not have access to the USCIS SAVE database, they can perform the same validation using E-Verify, which is a web-based program administered by USCIS and the U.S. Social Security Administration. When relying on a contractor or vendor to perform identity verification activities, licensees need to ensure that the contractor or vendor is performing necessary validation steps prior to granting UA or certifying UAA.

10 CFR 73.56(d)(3) does not necessarily require licensees to rely on information from a Federal database to perform validation steps. As discussed in the 2006 Proposed Rule, licensees may also rely on the evaluation of an accumulation of information from other reliable sources to accomplish validation.

DISCUSSION:

Based on a review of the regulatory requirements and corresponding regulatory guidance, the NRC identified a potential generic issue regarding the means by which licensees validate true identity in accordance with 10 CFR 73.56(d)(3) and the effectiveness of NRCs oversight of this requirement. The Office of Enforcement also became aware that NRC Inspection Procedure (IP) 71130.01, Access Authorization, lacks the requisite clarity with which inspectors are required to verify that licensees take the necessary steps to obtain sufficient information to determine the true identity of applicants for UA and UAA.

Those on the Attached list Furthermore, the NRC staff is also preparing to provide recommendations to the Commission for regulatory and guidance revisions as needed pursuant to the direction of Executive Order 14300, Ordering the Reform of the Nuclear Regulatory Commission, issued on May 23, 2025 (90 FR 22587).

ACTIONS:

Basis for Granting Enforcement Discretion Based on the lack of clear and objective NRC inspection criteria associated with inspecting licensees access authorization programs as they relate to these requirements, coupled with planned guidance enhancements to address compliance questions, the NRC determined that exercising enforcement discretion not to cite violations is a prudent, interim course of action.

Immediate Actions In accordance with Section 3.5, Violations Involving Special Circumstances, of the NRC Enforcement Policy, the agency will exercise enforcement discretion and will not cite NRC licensees for past or future violations of 10 CFR 73.56(d)(3), as specifically described in this memorandum until its expiration date.

Use of this EGM must be brought to an enforcement panel (modified panel is allowed if all offices agree) and dispositioned in accordance with enforcement panel processes. Violations for which such enforcement discretion is exercised do require the assignment of an enforcement action case number to document enforcement discretion. Letters documenting the use of enforcement discretion under this EGM will follow the normal process and include AND EXERCISE OF DISCRETION in the subject line, with OE on distribution.

Associated individual actions for each case will be dispositioned in accordance with section 4.0 Enforcement Actions Involving Individuals of the Enforcement Policy. It should be noted that any individual action associated with a foreign national will be coordinated with the Office of International Programs prior to issuance of final action.

Near-Term Actions The NRC staff plans to issue an NRC generic communication regarding the 10 CFR 73.56(d)(3) personnel access authorization requirements for non-immigrant foreign nationals working at nuclear power plants. Additionally, the staff plans to recommend revisions to 10 CFR 73.56(d)(3), as well as the associated regulatory guidance. The staff also plans to update associated inspection guidance currently contained in IP 71130.01 and IP 71130.02 to provide clear and objective inspection criteria.

EXPIRATION:

This EGM will remain in effect until June 30, 2027.

Those on the Attached list Memorandum from Bo M. Pham, Acting Director, Dated: February 5, 2026

Subject:

ENFORCEMENT GUIDANCE MEMORANDUM (EGM) 2020-001 REV. 5, ENFORCEMENT DISCRETION NOT TO CITE CERTAIN VIOLATIONS OF 10 CFR 73.56 REQUIREMENTS E-Mail Mail Stops Ray McKinley, (Acting) Regional Administrator, Region I RidsRgn1MailCenter Resource Julio Lara, (Acting) Regional Administrator, Region II RidsRgn2MailCenter Resource Mohammed A. Shuaibi, (Acting) Regional Administrator, Region III RidsRgn3MailCenter Resource John D. Monninger, Regional Administrator, Region IV RidsRgn4MailCenter Resource Jeremy Groom (Acting), Director, Office of Nuclear Reactor Regulation RidsNrrMailCenter Resource Andrea Kock, Director, Office of Nuclear Material Safety and Safeguards RidsNmssOd Resource Kevin Williams, (Acting) Director, Office of Nuclear Security and Incident Response RidsNsirMailCenter Resource

ML25176A041 MEMO *via eConcurrence OFFICE OE/EB NSIR/DPCP/AAFPB NSIR/DPCP/AAFPB OE/EB NAME

• DFurst

• BBaxter

• JVazquez

• JPeralta DATE 6/26/25 7/10/25 7/18/25 7/22/25 OFFICE NSIR/DPCP/DD OGC OE NAME

• SWalker JMaltese

• BPham DATE 9/10/25 11/17/25 2/5/26