Many state and local governments have issued orders shuttering all businesses except those that are "essential," "life sustaining," or other similar designations. Businesses have since struggled with determining whether they qualify as an essential business, thus permitting them to operate. Updated guidance by the Cybersecurity and Infrastructure Security Agency ("CISA") may help with this decision. On March 28, 2020, CISA updated its "Essential Critical Infrastructure Workforce" advisory list to "help State, local, tribal and territorial officials as they work to protect their communities, while ensuring continuity of functions critical to public health and safety, as well as economic and national security." Importantly, CISA provides that the List "is advisory in nature," and that "[i]t is not, nor should it be considered, a federal directive or standard." CISA also provides that the List "is not intended to be the exclusive list of critical infrastructure sectors, workers, and functions that should continue during the COVID-19 response across all jurisdictions," and that "[i]ndividual jurisdictions should add or subtract essential workforce categories based on their own requirements and discretion." Finally, CISA provides that decisions informed by the List "should also take into consideration additional public health considerations based on the specific COVID-19-related concerns of particular jurisdictions."

The List generally identifies workers who are "critical to conduct a range of operations and services that are typically essential to continued critical infrastructure viability," such as:

  • staffing operations centers;
  • maintaining and repairing critical infrastructure;
  • operating call centers;
  • working construction;
  • performing operational functions;
  • supporting crucial supply chains; and
  • workers who enable functions for critical infrastructure.

CISA further states that the industries such workers support include but are not limited to medical and healthcare, telecommunications, information technology systems, defense, food and agriculture, transportation and logistics, energy, water and wastewater, law enforcement, and public works.

CISA maintains that "State, local, tribal, and territorial governments are still ultimately responsible for implementing and executing COVID-19 response activities in their communities, while the Federal Government remains in a supporting role," thus signaling that political subdivisions can deviate from the CISA list and/or place limitations on businesses qualifying as essential on the List – including but not limited to requiring essential businesses to adhere to relevant public health guidance. CISA also provides that essential businesses "are expected to use their own judgement on issues of the prioritization of business processes and workforce allocation to best ensure continuity of the essential goods and services they support," and that such "decisions should appropriately balance public safety, the health and safety of the workforce, and the continued delivery of essential critical infrastructure services and functions." Interestingly, CISA adds that the List "allows for the reality that some workers engaged in activity determined to be essential may be unable to perform those functions because of health-related concerns" – indicating that inclusion on the List does not preempt a worker's rights under health and safety laws.

TAKEAWAYS FOR BUSINESSES

  • The revised CISA guidance provides businesses with information necessary to better support an essential business designation under State and local laws.
  • The CISA List is not dispositive, and businesses must continue to comply with State and local orders regarding business closures and restrictions.
  • Even where designated as essential, businesses must comply with all applicable health and safety standards and restrictions, such as social distancing standards, sanitation/sterilization, and telecommuting where feasible.
  • The CISA List does not necessarily preempt rights that workers may have under health and safety laws.

The CISA guidance can be found at:

CISA Guidance Link

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.