A Breaking Analysis of the May 14, 2026, Supreme Court Decision and Its Immediate Implications for the Transportation Industry
The preemption shield that freight brokers have relied on for years to defend against personal injury claims is gone. The United States Supreme Court said so unanimously on May 14, 2026.
In Montgomery v. Caribe Transport II, LLC, 608 U.S. ___ (2026), a nine-justice Court held that negligent hiring claims against freight brokers are not preempted by the Federal Aviation Administration Authorization Act. The decision, written by Justice Barrett, reverses the Seventh Circuit and abrogates two circuit precedents that had insulated brokers from state tort liability. It resolves a circuit split that had divided courts for years.
The implications reach every segment of the trucking industry. Brokers face new and immediate litigation exposure. Carriers find their FMCSA safety records newly elevated as commercial gatekeeping criteria. Insurers must reassess coverage structures built on preemption assumptions that no longer hold. And the broker-carrier contractual relationship — particularly indemnification provisions — is due for immediate scrutiny.
The Facts That Got to the Supreme Court
Shawn Montgomery was working as a truck driver on an Illinois highway when his tractor-trailer, stopped on the shoulder, was struck by a Mack Truck driven by Yosniel Varela-Mojena. Montgomery’s leg was amputated. He sustained other severe and permanent injuries.
Varela-Mojena was driving for Caribe Transport II, LLC, hauling a load of plastic pots. C.H. Robinson Worldwide, Inc. — one of the largest freight brokers in the country, arranging transportation for enormous volumes of freight annually — had brokered the shipment.
Montgomery’s central claim against C.H. Robinson was straightforward: the broker negligently hired Caribe Transport, a carrier that had a conditional safety rating from FMCSA at the time of the hiring. That rating reflected documented deficiencies across multiple BASIC categories — driver qualification, hours of service compliance, inspection and maintenance records, and recordable crash rate. Montgomery argued that C.H. Robinson knew or should have known from that record that choosing Caribe Transport was reasonably likely to result in crashes injuring others.
The district court held the claim preempted. The Seventh Circuit affirmed. The Supreme Court granted certiorari to resolve the circuit split — and reversed, unanimously.
What the Court Held and Why
The legal analysis turned on a single statutory provision: the FAAAA’s safety exception, which provides that the preemption clause shall not restrict the safety regulatory authority of a State with respect to motor vehicles. 49 U.S.C. § 14501(c)(2)(A).
The Court’s reasoning was direct. Negligent hiring claims impose a duty of reasonable care in selecting a contractor for work carrying a risk of physical harm. The preemption question was whether such claims are with respect to motor vehicles. The Court held they are — because requiring a broker to exercise ordinary care in selecting a carrier concerns the trucks that will transport the goods. That connection brings the claim within the safety exception and saves it from preemption.
Justice Kavanaugh’s concurrence, joined by Justice Alito, acknowledged competing contextual arguments that cut in favor of the brokers: the FAAAA does not mandate insurance for brokers as it does for carriers, suggesting Congress did not anticipate routine broker liability; and the anomaly that state tort suits would be permitted against brokers for arranging interstate transportation but preempted for intrastate. He treated these as serious points — but concluded that Congress, in an economic-deregulation statute, did not intend to immunize brokers from safety-based tort liability while leaving trucking companies fully exposed to it. The bottom line: federal law does not preempt state tort liability against brokers for negligent selection of trucking companies.
The Court was also careful to cabin the ruling. This is not strict liability. Brokers who exercise reasonable care in vetting carriers — who verify safety ratings, check BASIC scores, and ask the hard questions before tendering a load — should be able to defend successfully against negligent hiring claims. As plaintiff’s counsel acknowledged at oral argument, brokers who hire carriers with reasonable safety records and ask substantive questions about carrier safety practices will not have a problem. The exposure is for negligent vetting, not for every accident involving a brokered load.
Impact on Brokers: The Vetting Obligation Is Now a Legal Duty
The most immediate impact falls on freight brokers. The preemption defense that brokers have used to dismiss personal injury claims at the pleading stage is gone. Cases that were previously dismissed on preemption grounds will now proceed to discovery and potentially trial.
The standard that will govern broker liability in these cases is negligent hiring — whether the broker exercised reasonable care in selecting the carrier before the load moved. That standard has several practical components:
- CSA score and BASIC review. Caribe Transport’s conditional safety rating and BASIC alert status were the foundation of the negligent hiring claim in this case. Brokers must review carrier CSA scores and BASIC ratings as a standard part of the vetting process. A carrier with a conditional rating or alert status in safety-related BASICs presents heightened risk that a broker who proceeds without additional scrutiny may have difficulty defending.
- Safety rating verification. Brokers should verify a carrier’s current FMCSA safety rating — satisfactory, conditional, or unsatisfactory — before tendering freight. An unsatisfactory rating should, in most circumstances, preclude the hiring. A conditional rating at least warrants additional inquiry if not preclusion.
- Documentation. The vetting process that was previously a business practice is now a legal obligation. Every element of the review — what was checked, what was found, what decision was made and why — needs to be documented before the load moves. That documentation is the broker’s defense at trial.
- Carrier selection standards. Brokers should consider developing and following written carrier selection criteria. A documented internal standard, consistently applied, is significantly more defensible than ad hoc selection. The standard does not need to be perfect — it needs to be reasonable and followed.
Impact on Carriers: Your Safety Record Is Now a Commercial Gatekeeping Criterion
For motor carriers, the implications of this decision are less about direct liability and more about commercial consequences that flow from brokers’ new legal exposure.
Your CSA scores are now gatekeeping criteria. Brokers who face personal injury liability for negligently hiring unsafe carriers will scrutinize carrier safety records more carefully than ever before. A conditional safety rating, alert status in safety-related BASICs, or a pattern of unresolved violations is not just a regulatory compliance issue — it is a commercial liability that may result in brokers refusing to tender freight.
This makes the DataQs reform published April 16, 2026 — which we covered in this series two weeks ago — immediately more important. Every inaccurate inspection record, every incorrectly attributed crash, every data entry error that sits unchallenged in the FMCSA system now has direct commercial consequences in addition to its litigation implications. The three-stage appellate process established by the new DataQs requirements gives carriers a real mechanism to challenge inaccurate records. Use it aggressively.
Broker-carrier contract indemnification provisions. Brokers facing increased liability exposure will respond by strengthening indemnification clauses in their broker-carrier agreements. Carriers should expect to see contract language requiring them to indemnify and hold harmless brokers for claims arising from carrier negligence — including personal injury claims like the one in Montgomery. These provisions need to be reviewed by counsel before execution. The insurance implications need to be assessed against the carrier’s current coverage.
Carriers who also broker: Many motor carriers also broker freight as part of their operations. Those companies now carry broker liability exposure on top of their carrier exposure. If your company arranges transportation for others, the broker analysis applies fully to your brokering activities.
Impact on Insurers: The Coverage Landscape Has Changed
For insurers covering brokers for personal injury liability, the foundational assumption that preemption would defeat most claims before trial is no longer operative. Cases that would have been dismissed at the pleading stage will now reach discovery and potentially jury trial. The cost of defending those cases, and the risk of adverse verdicts, has increased materially.
Broker liability policies need to be examined in light of the decision. Policy language addressing negligent hiring claims, coverage limits, and premium structures may all require reassessment. The underwriting models built on the preemption defense need to account for a post-Montgomery environment where that defense is unavailable.
For insurers covering motor carriers, the indemnification dynamic matters. Brokers whose contracts include carrier indemnification provisions will make indemnification claims against carriers following accidents. Those claims will implicate carrier liability policies. The scope of coverage for indemnification obligations, the adequacy of coverage limits, and the interaction between carrier and broker policies all deserve review.
The DENUCLEARIZATION Connection
Montgomery v. Caribe Transport is a direct illustration of why the DENUCLEARIZATION series exists. The decision does not create new litigation risks out of thin air. It validates and expands the framework that plaintiff attorneys have been building for years — the use of FMCSA safety data to establish that a commercial entity knew or should have known it was engaging with an unsafe operator.
The CSA data that plaintiff attorneys have long used to establish systemic failure narratives against carriers is now the same data that establishes broker negligent hiring claims. The carrier whose FMCSA record shows conditional ratings and BASIC alert status is not just a litigation defendant — it is now a commercial pariah that brokers cannot afford to hire.
The DataQs reform, the data management framework, the Motus transition, the Reptile Theory defense — all of it now applies with equal force to broker vetting decisions and the carrier records that drive them. A clean, accurately documented FMCSA safety record is not just a defense asset in the courtroom. It is a commercial prerequisite for participation in the brokered freight market.
The industry that moves to the front of this decision — that builds the vetting processes, cleans the safety records, reviews the contracts, and reassesses the coverage — will be in a fundamentally different position than the industry that waits to respond case by case.
On May 26, FMCSA announced its decision to waive the hours-of-service (HOS) limitations in Title 49 Code of Federal Regulations (CFR) § 395.3 and the requirement for drivers to use an electronic logging device (ELD) to record the driver’s duty status in § 395.8(a)(1)(i) for motor carriers and drivers transporting straight or blended fertilizer products for commercial farming and agricultural purposes in select states. This waiver does not apply to the transportation of hazardous materials. The exemption is effective May 26 through Aug. 26.
Alert Cites Spoofed Emails, Fake URLs, Fraudulent Load Board Posts
Noel Fletcher
The FBI has issued a public alert about “surging” cargo theft cases involving cybercriminals impersonating a broad range of legitimate freight companies.
The April 30 announcement highlighted the tactics and range of firms being targeted in the U.S. transportation and logistics sectors — from insuring cargo to shipping, receiving and delivering freight.
Cybercriminals, the FBI warned, are deploying more sophisticated tactics to impersonate real businesses to hijack freight, reroute shipments and steal high-value cargo. The result has been a surge in the crime over the past two years.
Cargo thieves are gaining unauthorized access to computer systems of freight brokers and carriers — mainly with spoofed emails and fake URLs — to compromise carrier accounts.
The criminals are accessing victim-company accounts to reach servers that can release malware. They also are acquiring website domain names that are spoofed versions of legitimate company URLs.
“The cyber actors pose as victim companies and post fraudulent listings on load boards to deceive shippers, brokers and carriers into handing over goods, which are redirected from their intended destination and stolen for resale,” the FBI explained.
Cyber Schemes
The FBI provided a multistep process that cyber thieves use to steal freight.
Criminals impersonate and spoof brokers via email, sending links to a carrier broker agreement or to review and address poor service ratings. The links are frequently shortened, spoofed URLs. Once clicked, victim companies are redirected to a phishing website imitating the legitimate one.
More on Cargo Theft in TT
CRIMINAL STRATEGY: Tactics keep evolving
FINANCIAL EFFECT: Thefts estimated to cost $18 million a day
ON CAPITOL HILL: Legislation takes a step forward
“The phishing website hosts a malicious executable file, which downloads other legitimate remote monitoring and management software, giving the cyberthreat actors total, undetected access to the brokers’ or carriers’ systems,” the FBI stated.
When the criminals access load boards, they impersonate legitimate brokers using compromised carrier accounts to post additional fake loads.
“Legitimate carriers bid on the fake loads and contact the threat actors, who provide the malicious carrier broker agreement and compromise the carrier’s computer systems,” the agency added.
Pretending to be the compromised victim-carrier company, the thieves accept shipments and double-broker a load to partially unwitting drivers — giving manipulated bills of lading and changing a load’s destination.
To ensure their access, criminals change a legitimate carrier’s contact information with the Federal Motor Carrier Safety Administration and update insurance information “to permit loads the legitimate carrier previously did not accept,” the FBI noted. “The compromised carrier may not realize they are compromised until brokers contact them about missing loads booked under their authority but without their knowledge.”
Loads can be cross-docked for less than 24 hours at a warehouse before being picked up by another carrier or transloaded to colluding drivers, who redirect the cargo.
In cargo theft schemes, transloading “appears as unloading freight from one carrier directly to another, sometimes on the side of a road,” the FBI said.
Some drivers are caught up in cargo theft by not being fully aware of the scheme but “should recognize that certain aspects of their involvement in the carrier process is suspicious and atypical in the industry,” the FBI stated.
Sometimes thieves impersonating a carrier reconnect with the broker and demand a ransom in return for providing the missing cargo’s location or information about the stolen load.
How to Spot Cyber Cargo Theft
The FBI encourages companies working within the transportation and logistics sector to be aware of these tactics. Other ways to identify cyber cargo thieves include:
- Being contacted by brokers, carriers or dispatchers about unauthorized shipments being done in a company’s name without that company’s knowledge.
- Receiving emails spoofing legitimate company domains using free email providers — such as dispatch.FBITrucking@[provider].com instead of dispatch@FBITrucking.com.
- Requesting a legitimate company to download documents or forms from shortened or spoofed web links.
- Emails claiming to be negative service reviews with links to “review” or “resolve” complaints — with links leading to malicious downloads.
- New or unauthorized mailbox rules — forwarding to external addresses, autodeletion or hidden folders.
- Other tactics involve sending companies emails from domains or free service providers that mimic legitimate ones but have small differences. Examples are extra punctuation (fb-i.gov), different top-level domains (fbi.com, fbi.us), extra prefixes or suffixes (thefbi.gov, fbiemail.gov) and misspellings (fbii.gov, fdi.gov).
- Fake email addresses are spoofed or changed from real ones by adding the name of a job-related title in front of an authentic email address.
- Criminals avoiding the use of telephone landlines and cellphones and communicating with target companies through voice over internet protocol (VoIP) and online applications that are used for short periods and found to be in contact with overseas phone numbers.
Ben Wilkens
In a recent article I wrote for TheTrucker.com, I talked about the importance of including drivers in cybersecurity awareness training. In that article, I also pointed out that the vehicles our drivers operate are essentially rolling networks.
The cab of a modern Class 8 truck contains, arguably, more tech than most small offices did 10 years ago. However, many fleets cannot produce an accurate list of what connected devices exist inside their trucks and trailers.
The modern truck often has an electronic logging device (ELD), an associated telematics gateway, original equipment manufacturer (OEM) telematics connections and infotainment systems.
Many — if not all of these — receive over-the-air updates.
This list doesn’t include any of the aftermarket add-on devices yet, such as dashcams, Wi-Fi hotspots and all the devices (both personal and company-owned) that connect through them.
Trailers have their own connected devices and communication channels as well. Consider tracking devices, connected reefer units and their associated environmental sensors, and Bluetooth or wireless tire pressure monitoring systems.
All too often, fleets cannot produce a detailed inventory of these devices per vehicle configuration.
Why is this important? We cannot protect what we don’t know about.
In the 2026 NMFTA Cybersecurity Transportation Industry Cybersecurity Trends Report, telematics manipulation, GPS spoofing and insecure aftermarket devices were all identified as factors that contribute to cyber-enabled cargo crime.
How is the vehicle itself a potential target?
The diagnostic port doesn’t natively distinguish between a manufacturer’s scan tool and an aftermarket device with sub-par security controls.
These aftermarket devices vary significantly in their security maturity.
Some of them are excellent and have been rigorously tested for vulnerabilities before being released to the market. Others, not so much. Some devices are built to meet a price-point that makes them likely not to include the cybersecurity protections required to safely deploy them in our fleets. Many devices and components are also manufactured in countries of origin that are not considered safe from a cybersecurity perspective.
It’s important to note that the truck doesn’t need a Hollywood-style hack to occur in order to be a threat vector. Blinding the tracking system on a truck or trailer or passively accessing data being transmitted by an insecure aftermarket device could pose a security risk.
Ultimately, the largest risks come from potential manipulation of the signals on the vehicle bus network itself, though this generally requires a higher level of access and sophistication than most attackers possess.
It is helpful to consider the potential risks as three possible attack paths.
The Data Path
Location, load details, customer information and routing data all flow to and from the truck constantly. Many cargo thefts occur through simple manipulation of the shipping details for a load, which could be possible if one of these communications channels were compromised.
The Control Path
This is anything that could change what the truck or trailer is told to do by onboard systems. A manipulated signal to a brake controller, a spoofed fault code or a simple signal overload of the entire system can derate a vehicle.
The Trust Path
The device on the diagnostics port, the tablet connected to the vehicle, the dashcam monitoring the vehicle’s movements — all of these devices’ connections are accepted by the vehicle. Weak security in any of these devices can create an attack path.
Our trucks are a clear example of why a converged approach to security that includes cybersecurity, operational security and cybersecurity is necessary. The paths above require all three of these security disciplines to be involved in the solution.
What can fleets do about the risk?
The answer here is not a 50-item checklist. A small number of actions can dramatically increase the security of any fleet.
Inventory what is connected.
Have maintenance personnel and security or IT personnel walk a truck together and document the connection points. Repeat this for each different configuration in the fleet. It may be surprising how many devices and systems are identified in this exercise.
Vet all aftermarket devices and vendors from a security perspective.
Anything that plugs into a diagnostic port, or pairs with the vehicle is a part of your attack surface. Ask the vendor about their security practices, their update process and how they handle vulnerabilities. If they don’t have answers, then your answer should be clear.
Bring your drivers into the conversation.
The driver will notice when something is acting strangely long before security or even maintenance. Give them a clear and simple reporting path and treat reports seriously; they may be an early warning sign.
Make sure your incident response plan (IRP) recognizes the truck as a potential attack surface.
An incident does not always begin at an enterprise firewall or with a phishing email. It could start with tampering via a diagnostic port, errors in a telematics system, or odd vehicle fault codes reported by a driver. The IRP needs to account for that.
Security starts with visibility
Historically, our equipment and our information technology were two separate worlds. Different teams were responsible for them; they had completely different vendor management requirements; and the teams had totally different vocabularies. That separation is no longer viable. The trucks and trailers must be part of the security program now.
Modern trucks are connected platforms that produce data, receive instructions and interact with other trusted devices constantly. This means that they are part of the cybersecurity risk taxonomy whether the organization acknowledges it or not.
NMFTA has a growing library of free resources to help fleets continue their security journey, including the Road to Resilience series of guidebooks, the Vendor Risk Assessment Framework and the new Freight Fraud Prevention Hub, as well as numerous white papers and research articles focused specifically on the rolling assets that make up the backbone of our operation.
Mark Schremmer
When it comes to trucking regulations, many create additional hardships for truck drivers.
However, there’s a seldom-discussed regulation on the books specifically designed to protect the driver. It’s called the Coercion Rule.
The Federal Motor Carrier Safety Administration recently issued a list of Frequently Asked Questions “to help truck drivers understand how they might be coerced to violate safety regulations and what they can do if they believe they have been coerced.”
An abbreviated list of FMCSA’s FAQ is included below:
What is the purpose of the Coercion Rule?
The Coercion Rule, 49 CFR 390.6, is designed to protect commercial motor vehicle drivers from being pressured to violate the Federal Motor Carrier Safety Regulations by motor carriers, shippers, receivers, and transportation intermediaries (brokers) and their agents, officers, or representatives.
What types of actions count as coercive or adverse employment actions?
Under the FMCSRs, employers are prohibited from withholding business, employment or work opportunities from a driver, taking or permitting any adverse employment action against a driver, or threatening to do any of these things. These actions could include, but are not limited to termination, withholding business, economic penalties and scheduling retaliation.
If I feel I have been coerced, what can I do?
FMCSA recommends that drivers keep records, file a complaint with FMCSA within 90 calendar days, and to include all the necessary information in the complaint.
Can my employer retaliate against me for filing a complaint?
No, employers are prohibited from retaliating against employees under federal law for filing a coercion complaint (49 U.S.C. 31105). Under 49 CFR 386.12(c)(3), FMCSA makes every practicable effort to protect drivers who allege retaliation by their employers.
If a driver needs more information about filing a written complaint, he or she can call 1-888-DOT-SAFT (1-888-368-7238).
Roadway safety is at the core of FMCSA’s mission. Our job is to focus on ways to reduce crashes and fatalities involving large trucks and buses on our nation’s roadways. That’s a big job – one we know we can’t do alone. That’s why we partner with state organizations, local jurisdictions, academic institutions, training providers, and other entities to promote commercial motor vehicle (CMV) safety-related activities.
FMCSA has announced four Notices of Funding Opportunity (NOFOs) for FY2026 grant opportunities. Now’s the time to gain information on eligibility requirements and the application process. There’s about a 30-day window to complete the application.
Click here for FY2026 Grant Funding Opportunities
