Declassification & Classified Records
Handling national security information, mandatory and automatic declassification, and review of classified records for release.
National-security classification and declassification sit at the intersection of two competing public interests: protecting information whose disclosure could harm the nation, and ensuring that a self-governing people can ultimately see what their government has done in their name. Classified records are created when officials judge that information meets specific criteria for protection, but classification is meant to be temporary. The system that governs when, how, and by whom that protection is lifted — declassification — is one of the most consequential, and most backlogged, processes in federal records management. For records professionals, archivists, historians, and FOIA practitioners, understanding this lifecycle is essential to handling some of the most sensitive and historically valuable material the government holds.
This hub introduces the framework that controls classified national-security information from the moment it is marked through its eventual release or destruction. It previews a cluster of in-depth articles covering how declassification actually works, the levels and markings used to designate classified material, the executive order that anchors the current system, automatic declassification at the 25-year mark, the petition-driven path known as Mandatory Declassification Review, and the separate-but-related world of Controlled Unclassified Information.
What Classification Is and Why It Matters
Classification is the formal designation that information requires protection against unauthorized disclosure in the interest of national security. It is not a judgment about embarrassment, administrative convenience, or political risk — those are explicitly prohibited bases for classifying. Information is classified only when an original classification authority determines it concerns categories such as military plans, intelligence sources and methods, foreign relations, or similar national-security interests, and that its disclosure could reasonably be expected to cause identifiable damage.
The stakes are high in both directions. Over-classification buries legitimate public business, slows interagency work, and erodes trust. Under-protection can endanger operations and lives. Because classification restricts access, imposes handling burdens, and delays the historical record, the governing principle is that information should be protected no longer than necessary and declassified as soon as it no longer warrants protection. Declassification, then, is not an exception to the system — it is the system working as designed.
Classification Levels and Markings
Classified information is assigned one of three levels keyed to the severity of expected damage: Confidential, Secret, and Top Secret, in ascending order. Markings communicate not only the level but the reasons for classification, the classifying authority, and — critically — instructions for when protection should end. A properly marked document carries a classification banner, portion markings that flag the sensitivity of individual paragraphs, and a classification block identifying who classified it, the source of the decision, and a declassification instruction such as a specific date, event, or duration.
These markings are the operational backbone of the whole lifecycle. They tell custodians how to store, transmit, and handle the record, and they tell future reviewers when and how the material becomes eligible for release. Inconsistent, missing, or erroneous markings are among the most common practical problems agencies face, because a record that cannot be reliably interpreted cannot be reliably declassified.
The Governing Authorities
For most national-security information, the controlling authority is the executive order on classified national security information — the current framework being the order commonly cited as 13526 — issued under the President’s constitutional and statutory authority. Executive orders in this area set the criteria for original classification, the levels, the duration of protection, and the mechanisms for declassification, and they are implemented through an information security directive and agency-specific regulations. Oversight functions are coordinated through specialized bodies, including an office that issues implementing rules and an interagency panel that adjudicates declassification disputes.
It is worth distinguishing this regime from the statutory disclosure laws that often touch the same records. The Freedom of Information Act, for example, allows agencies to withhold properly classified material under a specific exemption, but FOIA is a disclosure statute, not the source of classification authority itself. Atomic energy information governed by separate statute follows its own, distinct rules. Records professionals must know which authority applies to a given body of material before any release decision can be made.
How It Fits the Records Lifecycle
Classification is a property that attaches to a record and travels with it through creation, active use, storage, and ultimate disposition. Because so many classified records are also permanent — destined for transfer to the national archives — declassification and archival appraisal are deeply intertwined. A record’s declassification instruction is, in effect, a scheduled event in its lifecycle, and managing classified material well means tracking that instruction alongside the standard retention and disposition metadata.
This is where modern electronic recordkeeping standards become relevant. Agencies once looked to a single design specification for records systems, but the National Archives retired its endorsement of that older standard in 2022 in favor of the Universal Electronic Records Management Requirements and the Federal Electronic Records Modernization Initiative. These functional requirements describe what a compliant system must do — capture, classify, retain, and dispose of records reliably — without prescribing a single product. For classified holdings, the implication is that systems must be able to carry and act on classification and declassification metadata as a first-class part of records management, not as an afterthought.
Two Roads to Declassification, Plus CUI
There are two principal ways classified information becomes public. The first is automatic declassification, under which permanently valuable records of sufficient age — commonly the 25-year threshold — are declassified by operation of the rules unless an agency has invoked a recognized exemption to keep specific information protected. This pathway is what drives the periodic release of large bodies of historical records. The second is Mandatory Declassification Review, a request-driven process in which any person can ask an agency to review specified records for declassification, with administrative appeal rights and, ultimately, recourse to an interagency review panel.
Running alongside classified information is a distinct category: Controlled Unclassified Information. CUI is unclassified information that nonetheless requires safeguarding or dissemination controls under law, regulation, or government-wide policy. It replaced a chaotic patchwork of agency-specific labels with a standardized registry of categories and handling rules. CUI is not classified and does not go through declassification, but professionals routinely encounter it side by side with classified material, and confusing the two is a frequent and consequential error.
Common Challenges and Good Practice
The persistent challenge across this domain is volume colliding with capacity. The pace at which classified records are created vastly outstrips the resources available to review them for release, producing large declassification backlogs and well-documented over-classification. Inconsistent markings, the difficulty of reviewing records that contain multiple agencies’ equities, and the sheer scale of born-digital classified material all compound the problem.
Good practice therefore emphasizes discipline at the point of creation:
- Mark accurately and completely, including portion markings and a clear declassification instruction.
- Capture classification and declassification metadata in the recordkeeping system so it can be acted on automatically.
- Identify other agencies’ equities early to avoid stalled reviews later.
- Keep classified and CUI handling rules clearly separated in policy and training.
Where the Topic Is Heading
The trajectory of this field is toward technology-assisted review and standardized, machine-actionable metadata. As the digital backlog grows, agencies and the archival community are exploring automation and analytics to triage records for declassification, while reform conversations continue to press for reducing over-classification at the source. The throughline is that declassification works best when it is designed into the record’s lifecycle from the start — when markings are reliable, metadata is structured, and the eventual release of information is treated not as an afterthought but as the planned final chapter of a record’s life.
Articles in Declassification
Classification Challenges by Authorized Holders
An educational overview of how authorized holders formally challenge the classification status of national security information and the protections involved.
Equities and Referrals in Declassification
How agencies identify other parties' classified interests (equities) and route documents through referrals during declassification review.
How Declassification and FOIA Interact
How classified records and FOIA requests intersect, including exemptions, mandatory and automatic declassification, and the agencies that govern both.
The Interagency Security Classification Appeals Panel (ISCAP)
A plain-language guide to the Interagency Security Classification Appeals Panel, the body that decides classification challenges, declassification reviews, and exemption appeals.
Marking Classified and Declassified Documents
A principle-based guide to how classified and declassified documents are marked, including portion marking, declassification instructions, and downgrading.
The National Declassification Center (NDC)
An overview of the National Declassification Center, NARA's hub for coordinating and streamlining declassification review of historically valuable federal records.
Original vs. Derivative Classification
How original and derivative classification differ, who may perform each, and why derivative decisions must faithfully carry forward existing markings.
Systematic Declassification Review Explained
An educational guide to systematic declassification review, the time-triggered process agencies use to evaluate permanently valuable classified records for public release.
Automatic Declassification at 25 Years
Most classified records of permanent historical value are automatically declassified at 25 years unless a specific exemption applies. Here's how the 25-year rule works.
Controlled Unclassified Information (CUI) Explained
CUI is sensitive but unclassified federal information that requires safeguarding and consistent handling. Here's what the CUI program is and how it relates to records management.
Executive Order 13526 Explained
Executive Order 13526 is the framework governing how the U.S. government classifies, safeguards, and declassifies national security information. Here's what it sets out.
Mandatory Declassification Review (MDR) Explained
MDR lets any member of the public ask an agency to review a specific classified record for release. Here's how it works, how to use it, and how it differs from FOIA.
Classification Levels and Markings Explained
National security information is classified Confidential, Secret, or Top Secret, with specific marking rules. Here's what the levels mean and how markings drive declassification.
How Declassification Works: Automatic, Mandatory, and Systematic Review
Classified records are released through three pathways — automatic declassification, mandatory declassification review, and systematic review. Here's how each works.
Common questions
- Can a hospital or research university hold classified records, and how do FCL and HIPAA rules interact?
- Can a law firm representing a government client retain classified discovery, and who declassifies it after the case?
- Can a multinational company use ISO 15489 as a single recordkeeping standard across all of its countries?
- Can a private citizen request that a specific classified record be declassified?
- Can AI and machine learning reliably assist with declassification review of classified records?
- Can an agency be penalized for over-classifying records to avoid disclosure?
- Can declassified documents be reclassified later?
- Can I destroy a declassified record to save storage space once it's no longer secret?
- Can I just email or store a declassified-but-not-yet-released record on my regular network like any other file?
- Do I really need declassification markings if the document is already old and obviously outdated?
- Does a declassified record still have to be retained, and for how long, under records law?
- Does a state or local government emergency management office have to follow federal declassification rules for classified records it receives?
- Does an eIDAS-compliant electronic signature or seal count as a valid record signature outside the EU?
- Does blockchain or immutable storage actually help with managing classified records and audit trails?
- Does declassification mean a record is automatically released to the public?
Key terms
- Classification (National Security)
- Controlled Unclassified Information
- Derivative Classification
- Downgrading
- Equities (Declassification)
- Executive Order 13526
- Interagency Security Classification Appeals Panel
- Mandatory Declassification Review
- National Declassification Center
- Original Classification Authority
- Portion Marking
- Referral
- Security Classification Guide
- Systematic Declassification Review