Craig Cunningham v. General Dynamics Information, 888 F.3d 640

Plaintiff Cunningham alleged GDIT (successor to Vangent) placed an autodialed, prerecorded call to his cell phone about HealthCare.gov enrollment on Dec. 2, 2015, in violation of the TCPA.
CMS contracted with GDIT to perform HealthCare.gov contact-center outreach under the ACA; CMS provided call lists, scripts, and authorized use of an autodialer.
CMS delivered a list including Cunningham’s number and instructed GDIT to call and leave the provided prerecorded message; GDIT did so.
GDIT moved to dismiss under Rule 12(b)(1), claiming derivative sovereign (Yearsley) immunity because it acted at the government’s direction and the government validly authorized the conduct.
The district court granted dismissal for lack of subject-matter jurisdiction; Cunningham appealed arguing Yearsley (1) does not apply to federal claims, (2) does not apply here because CMS didn’t authorize or validly confer authority, and (3) is a merits (not jurisdictional) defense.

Issue	Plaintiff's Argument	Defendant's Argument	Held
Does Yearsley apply to federal-law claims?	Yearsley applies only to state-law displacement contexts, not federal claims.	Yearsley applies broadly to derivative sovereign immunity, including federal claims.	Yearsley applies to federal claims.
Did the government authorize the contractor’s conduct?	GDIT violated contract duties (e.g., compliance obligations) by not obtaining TCPA consent, so CMS did not authorize the calls.	CMS provided lists, scripts, and explicit directions to call; GDIT followed instructions.	CMS authorized GDIT; GDIT acted as directed.
Did the government validly confer authority (i.e., within congressional power)?	CMS could not validly confer authority to engage in conduct that violates federal law (TCPA).	Valid conferral asks whether Congress empowered the agency to assign the task, not whether the resulting conduct might violate another law.	Authorization was validly conferred under Yearsley.
Is Yearsley a jurisdictional immunity or a merits defense?	Yearsley is not necessarily jurisdictional; may be a merits defense.	Yearsley is derivative sovereign immunity and thus deprives courts of jurisdiction when applicable.	Yearsley operates as a jurisdictional bar; dismissal under Rule 12(b)(1) was proper.

Yearsley v. W. A. Ross Constr. Co., 309 U.S. 18 (Sup. Ct.) (establishes derivative sovereign-immunity test: government authorization and valid conferral)
Campbell‑Ewald Co. v. Gomez, 136 S. Ct. 663 (Sup. Ct.) (acknowledges Yearsley may immunize TCPA claims and clarifies contractor adherence to government instructions)
In re KBR, Inc., 744 F.3d 326 (4th Cir.) (treats Yearsley as derivative sovereign immunity and discusses scope of conferral)
Butters v. Vance Int’l, Inc., 225 F.3d 462 (4th Cir.) (recognizes need to protect government delegation through derivative immunity)
Kerns v. United States, 585 F.3d 187 (4th Cir.) (discusses sovereign-immunity jurisprudence and jurisdictional dismissal procedure)
Lewis v. Clarke, 137 S. Ct. 1285 (Sup. Ct.) (distinguishes suits against individuals from suits against government instrumentalities when assessing sovereign immunity)