The SAFETY Act is a tort liability management statute that was passed as part of the Homeland Security Act of 2002. Under the SAFETY Act, entities that sell or otherwise deploy products that can be used to deter, defend against, respond to, mitigate, or otherwise combat “acts of terrorism” are eligible to receive liability protections. These liability protections can take the form of jurisdictional defenses, a cap on liability, or a presumption of immediate dismissal of third-party liability claims.

This article reviews several scenarios to examine whether liability could be found against companies that make cyber security tools or against entities that purchase such tools. The article then examines how the SAFETY Act could be utilized to mitigate or eliminate such liability.