28 C.F.R. § 25.9

Retention and destruction of records in the system

Read at: eCFRecfr.gov CornellLII GovInfogovinfo.gov CasesGoogle Scholar

(a) The NICS will retain NICS Index records that indicate that receipt of a firearm by the individuals to whom the records pertain would violate Federal or state law. The NICS will retain such records indefinitely, unless they are canceled by the originating agency. In cases where a firearms disability is not permanent, e.g., a disqualifying restraining order, the NICS will automatically purge the pertinent record when it is no longer disqualifying. Unless otherwise removed, records contained in the NCIC and III files that are accessed during a background check will remain in those files in accordance with established policy.

(b) The FBI will maintain an automated NICS Audit Log of all incoming and outgoing transactions that pass through the system.

(1) Contents. The NICS Audit Log will record the following information: Type of transaction (inquiry or response), line number, time, date of inquiry, header, message key, ORI or FFL identifier, and inquiry/response data (including the name and other identifying information about the prospective transferee and the NTN).

(i) NICS denied transaction records obtained or created in the course of the operation of the system will be retained in the Audit Log for 10 years, after which time they will be transferred to an appropriate FBI-maintained electronic database.

(ii) NICS Audit Log records relating to transactions in an open status, except the NTN and date, will be destroyed after not more than 90 days from the date of inquiry; and

(iii) In cases of NICS Audit Log records relating to allowed transactions, all identifying information submitted by or on behalf of the transferee will be destroyed within 24 hours after the FFL receives communication of the determination that the transfer may proceed. All other information, except the NTN and date, will be destroyed after not more than 90 days from the date of inquiry.

(2) Use of information in the NICS Audit Log. The NICS Audit Log will be used to analyze system performance, assist users in resolving operational problems, support the appeals process, or support audits of the use and performance of the system. Searches may be conducted on the Audit Log by time frame, i.e., by day or month, or by a particular state or agency. Information in the NICS Audit Log pertaining to allowed transactions may be accessed directly only by the FBI and only for the purpose of conducting audits of the use and performance of the NICS, except that:

(i) Information in the NICS Audit Log, including information not yet destroyed under § 5.9(b)(1)(iii), that indicates, either on its face or in conjunction with other information, a violation or potential violation of law or regulation, may be shared with appropriate authorities responsible for investigating, prosecuting, and/or enforcing such law or regulation; and

(ii) The NTNs and dates for allowed transactions may be shared with ATF in Individual FFL Audit Logs as specified in § 25.9(b)(4).

(3) Limitation on use. The NICS, including the NICS Audit Log, may not be used by any Department, agency, officer, or employee of the United States to establish any system for the registration of firearms, firearm owners, or firearm transactions or dispositions, except with respect to persons prohibited from receiving a firearm by 18 U.S.C. 922(g) or (n) or by state law. The NICS Audit Log will be monitored and reviewed on a regular basis to detect any possible misuse of NICS data.

(4) Creation and Use of Individual FFL Audit Logs. Upon written request from ATF containing the name and license number of the FFL and the proposed date of inspection of the named FFL by ATF, the FBI may extract information from the NICS Audit Log and create an Individual FFL Audit Log for transactions originating at the named FFL for a limited period of time. An Individual FFL Audit Log shall contain all information on denied transactions, and, with respect to all other transactions, only non-identifying information from the transaction. In no instance shall an Individual FFL Audit Log contain more than 60 days worth of allowed or open transaction records originating at the FFL. The FBI will provide POC states the means to provide to the FBI information that will allow the FBI to generate Individual FFL Audit Logs in connection with ATF inspections of FFLs in POC states. POC states that elect not to have the FBI generate Individual FFL Audit Logs for FFLs in their states must develop a means by which the POC will provide such Logs to ATF.

(c) The following records in the FBI-operated terminals of the NICS will be subject to the Brady Act's requirements for destruction:

(1) All inquiry and response messages (regardless of media) relating to a background check that results in an allowed transfer; and

(2) All information (regardless of media) contained in the NICS Audit Log relating to a background check that results in an allowed transfer.

(d) The following records of state and local law enforcement units serving as POCs will be subject to the Brady Act's requirements for destruction:

(1) All inquiry and response messages (regardless of media) relating to the initiation and result of a check of the NICS that allows a transfer that are not part of a record system created and maintained pursuant to independent state law regarding firearms transactions; and

(2) All other records relating to the person or the transfer created as a result of a NICS check that are not part of a record system created and maintained pursuant to independent state law regarding firearms transactions.

[Order No. 2186-98, 63 FR 58307, Oct. 30, 1998, as amended by Order No. 2354-2001, 66 FR 6474, Jan. 22, 2001; Order No. 2727-2004, 69 FR 43900, July 23, 2004; Order No. 3477-2014, 79 FR 69051, Nov. 20, 2014]
Notes of Decisions
Cited in 13 cases (5 in the last 5 years), 2000–2026 · leading case: Nat'l Rifle Ass'n of Am., Inc. v. Reno, 216 F.3d 122 (D.C. Cir. 2000).
Nat'l Rifle Ass'n of Am., Inc. v. Reno, 216 F.3d 122 (D.C. Cir. 2000). · cites it 10× “” 28 C.F.R. § 25.9 (b). According to the regulation, the Audit Log is “a chronological record of system (computer) activities that enables the reconstruction and examination of the sequence of events and/or changes in an event.”
Gazzola v. Hochul, 88 F.4th 186 (2d Cir. 2023). “12, and of authorizing State Police to retain NICS-related information in violation of 28 C.F.R. § 25.9 , which governs the destruction and retention of such information, id.”
Turaani v. Sessions, 316 F. Supp. 3d 998 (E.D. Mich. 2018). “Under 28 C.F.R. § 25.9 (b)(ii), "NICS Audit Log records relating to transactions in an open status, except the NTN and date, will be destroyed after not more than 90 days from the date of inquiry.”
Ross v. Fed. Bureau of Alcohol, Tobacco, Firearms, & Explosives, 903 F. Supp. 2d 333 (D. Maryland 2012). “All of the FBI’s information regarding this transaction had been purged pursuant to 28 C.F.R. § 25.9 (b)(ii). . See 28 C.F.R.”
Robinson v. Sessions, 260 F. Supp. 3d 264 (W.D.N.Y. 2017). “28 C.F.R. § 25.9 (a)-(b). The index documents transactions that the background check finds would violate state or federal law.”
Sedita v. United States of Am. (D.D.C. 2025). · cites it 8× “28 C.F.R. § 25.9 . But the Log is more ephemeral.”
Application of Record Destruction Requirements to Info. Received From the Nat'l Instant Crim. Background Check Sys. (OLC 2005). · cites it 7× “at 43,900– 01 (to be codified at 28 C.F.R. § 25.9 (b)(1)(ii)). But if the NICS has not issued a denial within three business days, the restriction on transfer by the licensee expires.”
Checking Names of Prohibited Persons Against Records in the NICS Audit Log Concerning Allowed Transfers (OLC 2001). · cites it 4× “pdf 226 10/22/12 11:10 AM Checking Names of Prohibited Persons Against Records in the NICS Audit Log 28 C.F.R. § 25.9 (b)(2) (2001) (emphasis added); see 66 Fed.”
Susman v. Sullivan, M.D. (W.D.N.Y. 2025). · cites it 2× “” 28 C.F.R. § 25.9 (b); see Sedita, 2025 WL 387962 , at *2.”
Robinson v. Sessions (2d Cir. 2018). “§ 922 (t)(2)(C); 28 CFR § 25.9 (b)(1). The district court therefore concluded that “Plaintiffs fail to demonstrate that they have been, or will be, personally injured by the challenged conduct” and 1The Brady Act provides that “the Attorney General may secure directly from any…”
Edmund J. Susman Jr. & all similarly situated individuals v. Ann Marie T. Sullivan, M.D. et al (W.D.N.Y. 2026). “” 28 C.F.R. § 25.9 (b); see Sedita, 763 F. Supp.”
Goode v. Yenchko (Ill. App. Ct. 2026). “” Plaintiff asserted that defendant’s retention of his identifying information violated section 922(t)(2)(C) of the Brady Act, 28 C.F.R. § 25.9 (b)(1)(iii), and his second amendment rights.”
— 28 C.F.R. § 25.9(b)(1) — 1 case
Nat'l Rifle Ass'n of Am., Inc. v. Reno, 216 F.3d 122 (D.C. Cir. 2000). “” 28 C.F.R. § 25.9 (b). According to the regulation, the Audit Log is “a chronological record of system (computer) activities that enables the reconstruction and examination of the sequence of events and/or changes in an event.”
— 28 C.F.R. § 25.9(b)(2) — 1 case
Nat'l Rifle Ass'n of Am., Inc. v. Reno, 216 F.3d 122 (D.C. Cir. 2000). “” 28 C.F.R. § 25.9 (b). According to the regulation, the Audit Log is “a chronological record of system (computer) activities that enables the reconstruction and examination of the sequence of events and/or changes in an event.”
Annotations are extracted automatically from the opinions in the Syfert caselaw corpus and ranked by authority, recency, and treatment. Dots show Syfertize treatment of the citing case itself.