When the U.S. government decides that information must be protected from unauthorized disclosure because its release could harm national security, it makes that decision in one of two distinct ways. The first time information is judged to require protection, an authorized official performs what is called original classification. Far more often, employees create new documents that incorporate, paraphrase, or restate information that has already been classified by someone else; capturing and marking that borrowed information correctly is called derivative classification. Understanding the difference between these two acts is foundational to the entire classification system overseen by the Information Security Oversight Office (ISOO), because each carries different authority, different responsibilities, and different consequences for downstream review and release.
The distinction matters for records managers and declassification reviewers because the vast majority of classified material in agency holdings is derivatively classified. A single original classification decision can ripple outward into thousands of derivative documents over many years. If the original decision was sound and the derivative documents faithfully carried its markings forward, eventual declassification is orderly. If markings drifted, were guessed at, or were applied without a clear source, the records become difficult and expensive to review decades later.
What original classification is
Original classification is the initial determination that information requires protection in the interest of national security, together with the assignment of a classification level to it. This decision can be made only by an original classification authority (OCA) — an official who has been delegated that power in writing, typically a senior agency leader. OCAs are limited in number precisely because the act is consequential: it creates a protected category of information where none existed before.
An original classification decision is not arbitrary. The OCA must be able to identify or describe the damage to national security that unauthorized disclosure could reasonably be expected to cause, the information must fall within recognized categories eligible for classification, and the OCA must determine how long protection should last. The OCA also sets the declassification instruction — a specific date or event, or a duration that generally should not exceed ten years, with longer periods permitted only for defined and justified reasons up to the automatic-declassification horizon. Because original classification is the source of every downstream marking, errors here propagate widely.
What derivative classification is
Derivative classification is the act of incorporating, paraphrasing, restating, or generating in new form information that is already classified, and then marking the new material consistent with the classification markings of the source. Most cleared employees who create classified documents are derivative classifiers; they are not making a fresh judgment that information deserves protection. They are recognizing that the information they are using has already been classified and ensuring the new document reflects that.
The derivative classifier’s job is fidelity, not discretion. They are expected to:
- Carry forward the classification level that the source information already bears.
- Apply portion marking so each paragraph or element shows its own level.
- Identify the source of the classification, whether a specific classified document or a published security classification guide.
- Carry forward the declassification instructions from the source, using the most restrictive date or event when multiple sources are combined.
Derivative classifiers do not have authority to raise or lower a classification level on their own judgment. If they believe information is mismarked or no longer needs protection, the proper path is to raise the question through established channels, not to reclassify unilaterally.
Why the difference shapes declassification
The two acts create very different review problems years later. Originally classified information traces back to an OCA’s documented rationale, which gives reviewers a clear anchor for deciding whether the original concern still applies. Derivatively classified information, by contrast, is only as traceable as its source citations. When a derivative document properly names its source and carries forward accurate declassification instructions, a reviewer can follow the chain back to the controlling decision. When those links are broken — a missing source line, a guessed level, a lost classification guide — reviewers must reconstruct the basis for protection, which slows the work of the National Declassification Center and agency review programs.
This is also where equities complicate matters. A derivative document frequently combines information from several originating agencies, each of which retains an interest in its own information. Sound markings tell a later reviewer which agencies must be consulted before release. Poor markings hide those interests and force time-consuming referrals.
The recordkeeping responsibility
Because derivative classification is so widespread, the integrity of an agency’s classified holdings depends heavily on disciplined recordkeeping rather than on individual judgment. Markings must survive format migrations, system changes, and the long gap between creation and review. ISOO oversight, mandatory derivative-classification training, and self-inspection programs all aim at the same goal: ensuring that the marking on a document accurately reflects a real, traceable classification decision.
For records management programs, this argues for capturing classification metadata as structured data, not merely as text stamped on a page, so that level, source, declassification instruction, and originating equities travel with the record through its lifecycle. Capability-based, outcome-focused requirements — reflected in NARA’s shift away from endorsing a single product specification toward the Universal Electronic Records Management Requirements developed through the Federal Electronic Records Modernization Initiative (FERMI) — point in the same direction: systems should reliably preserve and act on these markings regardless of the underlying tool.
Practical takeaways
- Original classification is a rare, authority-bound act performed only by an OCA who can articulate the harm and set the duration of protection.
- Derivative classification is the common act of faithfully carrying existing markings forward; the classifier’s duty is accuracy, not discretion.
- The quality of derivative markings determines how smoothly information can later move through declassification.
- Treating classification markings as preserved, structured metadata — rather than disposable text — is what keeps both safeguarding and eventual release defensible over decades.
Sources & further reading
Authoritative government and non-profit references.
- Information Security Oversight Office (ISOO) — National Archives (NARA)
- Declassification (National Declassification Center) — National Archives (NARA)
How to cite this page
APA
RM University Editorial Team. (2026). Original vs. Derivative Classification. Records Management University. https://www.recordsmgmt.org/articles/original-vs-derivative-classification/
MLA
RM University Editorial Team. "Original vs. Derivative Classification." Records Management University, 16 June 2026, www.recordsmgmt.org/articles/original-vs-derivative-classification/.