Revising Non-Over-the-Counter Firearms Transaction Requirements
Proposed rule changes to NOTC firearms transactions may require FFLs to collect additional personal data from buyers, potentially conflicting with state data-privacy laws like CCPA/CPRA. Businesses handling such transactions must assess new data collection and retention obligations.
Aforeworn detected this change in the US State Data-Privacy Laws space on July 5, 2026 and published this briefing so affected operators are forewarned rather than caught off guard. It is rated Medium urgency. FFLs, multistate retailers, and any business involved in non-over-the-counter firearm sales should confirm how it applies to their specific situation before acting. There is a time constraint attached: Comment period ends 60 days after publication (approx. July 7, 2026). Final rule effective 30 days after publication.. Acting after that point can mean penalties, a lapsed licence, or lost eligibility — exactly the kind of surprise Aforeworn exists to prevent. Aforeworn monitors US State Data-Privacy Laws continuously and turns every detected change into a plain-English briefing like this one, so you always know first. Forewarned is forearmed.
What changed
Federal rule proposes stricter identification and recordkeeping for NOTC transactions, likely requiring collection of more personal data (e.g., government ID, background check info) and longer retention periods.
Who it affects
FFLs, multistate retailers, and any business involved in non-over-the-counter firearm sales
What you must do
Review current NOTC transaction processes and data handling practices to ensure compliance with both new federal requirements and existing state privacy laws (e.g., data minimization, retention limits).
Deadline
Comment period ends 60 days after publication (approx. July 7, 2026). Final rule effective 30 days after publication.
Never miss a change like this again
Aforeworn watches US State Data-Privacy Laws around the clock and alerts you the moment a rule moves — with a plain-English brief on what to do.
Start your free trialRelated changes in US State Data-Privacy Laws
- California Consumer Privacy Act (CCPA) | State of California - Department of Justice - Office of the Attorney General
- Law & Regulations - California Privacy Protection Agency (CPPA)
- Privacy Act of 1974; System of Records
- Intent To Request Extension From OMB of One Current Public Collection of Information: Security Threat Assessment for Individuals Applying for a Hazardous Materials Endorsement for a Commercial Driver's License
- Fee Adjustment for U.S. Immigration and Customs Enforcement Form I-246, Application for a Stay of Deportation or Removal