Requesting Guidance on ATS Exception for Local USB Communication with Embedded Device (Self-Signed Cert)

Hello Apple Developer Team,

We’re preparing a future version of our enterprise app, Lenovo XClarity Mobile, and would like to request guidance regarding a potential ATS exception scenario.

Context:

• The app is used exclusively in enterprise environments.
• It connects via USB to a local Lenovo Think Server (embedded device).
• The connection is entirely offline (no internet use).
• The app uses SSDP to discover the device over the USB-attached local network.
• Communication occurs via HTTPS over 192.168.x.x, tunneled through the USB interface.
• The server uses a factory-generated self-signed certificate.

Planned Behavior:

In a future release, we plan to prompt the user with a certificate trust confirmation if a self-signed cert is detected locally. Only if the user explicitly agrees, the connection proceeds.

Here’s a simplified code example:

if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust,
   let serverTrust = challenge.protectionSpace.serverTrust {

    let accepted = UserDefaults.standard.bool(forKey: "AcceptInvalidCertificate")
    if accepted {
        let credential = URLCredential(trust: serverTrust)
        completionHandler(.useCredential, credential)
        return
    }

    // Show user confirmation alert before accepting
}

**Key Notes:**
This logic is not in the current App Store version.
ATS is fully enforced in production today.
The exception would only apply to USB-based local sessions, not to internet endpoints.

Question:
Would such an implementation be acceptable under App Store and platform guidelines, given the restricted use case (offline, USB-only, user-confirmed self-signed certs)?
We're looking for pre-approval or confirmation before investing further in development.

Thank you in advance!