With only weeks remaining, DJI asks national security agencies to begin Section 1709 audit to avoid automatic FCC “Covered List” designation
With less than a month before the deadline established by Section 1709 of the Fiscal Year 2025 National Defense Authorization Act (NDAA), drone manufacturer DJI has issued a new round of formal letters to five U.S. national security agencies, urging them to begin the Congressionally mandated security review of DJI products.
Letters dated December 1, 2025, from Adam Welsh, DJI’s Head of Global Policy, were sent to senior leadership at the Department of Homeland Security (DHS), Department of War/DoD, Federal Bureau of Investigation (FBI), National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI). In the correspondence, DJI asks the agencies to “take up this audit immediately” to ensure the review is completed before the December 23 statutory deadline.
Background: Section 1709 and What It Requires
Section 1709 of the FY25 NDAA requires that a designated national security agency conduct a formal evaluation to determine whether certain foreign-manufactured drones or related communications and imaging equipment pose an “unacceptable risk” to U.S. national security or the safety of American citizens. If the mandated review is not completed within one year of enactment, the equipment must be automatically placed on the FCC’s “Covered List.”
The wording has led to significant uncertainty surrounding this provision and its potential to reshape the commercial drone landscape. Related legislative proposals, including earlier versions of the Countering CCP Drones Act, raised industry concerns about broad restrictions on Chinese-made systems.
What It Means to Be Added to the FCC “Covered List”
Being placed on the FCC Covered List has significant operational consequences. The designation identifies communications and camera equipment deemed to pose national security risks. Importantly for drone systems, Covered List status affects access to FCC-authorized radio frequencies used for command-and-control links and video transmission.
If DJI products are added to the Covered List automatically due to an incomplete audit, they could lose the ability to operate legally on certain federally regulated radio bands in the United States. This could restrict or prevent operation of many future or current DJI models, particularly in professional and enterprise contexts where FCC-authorized spectrum is required for reliable links. The result may be a practical ban on the use of many DJI aircraft in government-funded programs, public safety agencies, and industry sectors reliant on FCC-compliant operations.
DJI: Review Has Not Yet Begun
In the letters sent to multiple agencies, DJI states that it has contacted federal leadership on several previous occasions, first in March 2025, then again in June 2025, offering to support the review, provide data, and make internal technical information available. DJI asserts that these offers “have gone unanswered” and that “public reports suggest that this audit has not yet commenced.”
The company argues that failure to conduct the review runs counter to Congressional intent and could result in “widespread consumer confusion” if DJI products are added to the Covered List by default rather than through a completed assessment.
Emphasis on Cooperation and Prior Evaluations
Across the letters, DJI reiterates its willingness to cooperate with any of the designated agencies and highlights past third-party and government security evaluations. The company cites previous technical assessments conducted by Booz Allen Hamilton, FTI Consulting, Kivu Consulting, TÜV SÜD, the U.S. Department of the Interior, and the Idaho National Laboratory.
DJI states that these assessments were based on off-the-shelf purchases of its systems and included detailed analysis of data security practices and firmware behavior. The company notes that it addressed findings as needed and would do the same during any official federal review.
Security Certifications and Data-Control Features
DJI’s letters cite a range of cybersecurity certifications held by its products, including ISO 27001, ISO 27701, NIST FIPS 140-2 CMVP Level 1, SOC 2, and compliance with NIST IR 8259 and ETSI EN 303645 standards.
The company also describes features that allow users to control data flow, including Local Data Mode, offline operation, and the option to use third-party flight applications. DJI emphasizes that U.S. users cannot sync flight logs to DJI servers without opting into the feature.
Public Safety Concerns and Industry Reaction
DJI’s letter to DHS notes that more than 80% of public safety and emergency response agencies that operate drone programs rely on DJI aircraft. The company warns that automatic placement on the Covered List could disrupt these programs and hinder access to cost-efficient tools used in emergency response.
Beyond public safety agencies, many drone services providers have publicly opposed broad bans on DJI systems. Industry groups have repeatedly stated that available U.S.-manufactured alternatives do not yet match DJI’s performance, price range, or model diversity. Service providers argue that sudden restrictions could increase operating costs, limit capabilities, and slow the growth of commercial drone operations across multiple sectors.
While an official ban has not yet been enacted, the practical effects of the NDAA language are already evident. DJI did not release two of the most recently released professional drone models in the US, and consumers report products are harder to obtain.
DJI: Confident Products Will Withstand Scrutiny
The letters state that DJI believes the mandated review will confirm the security of its technology. DJI notes that it “stands ready to work” with federal officials and that the American public, including those who rely on DJI drones for professional or community safety purposes, “deserve answers about the safety and security of the DJI products they use every day.”
In the letter to DHS, Adam Welsh writes:
We stand behind the security of our technology, and are keen to meet with you and ensure that this Congressionally-mandated security review takes place as soon as possible so you can fulfill your commitment to carry out a fair and timely review. My team and I are available at any time to provide information that may be helpful.
The American people, including those who use DJI drones for their jobs,8 for their livelihoods, or for ensuring the safety and security of our communities, deserve no less.
What Happens Next
As of this writing, no U.S. agency has publicly confirmed whether the Section 1709 review has begun. If the audit is not completed by December 23, 2025, DJI products would be automatically added to the FCC Covered List, initiating procurement restrictions and potentially limiting access to FCC-regulated spectrum needed for drone operations.
Read more:
Miriam McNabb is the Editor-in-Chief of DRONELIFE and CEO of JobForDrones, a professional drone services marketplace, and a fascinated observer of the emerging drone industry and the regulatory environment for drones. Miriam has penned over 3,000 articles focused on the commercial drone space and is an international speaker and recognized figure in the industry. Miriam has a degree from the University of Chicago and over 20 years of experience in high tech sales and marketing for new technologies.
For drone industry consulting or writing, Email Miriam.
TWITTER:@spaldingbarker
Subscribe to DroneLife here.
