When the Federal Communications Commission (FCC) added DJI and Autel equipment to its Covered List, many drone operators feared the move could eventually turn thousands of perfectly functional aircraft into outdated, unsupported hardware. But in a decision released earlier this month, the agency quietly hit pause on what could have become a major operational and cybersecurity headache for the US drone industry.
In a public notice known as DA 26-454, the FCC’s Office of Engineering and Technology extended a waiver allowing already-authorized DJI, Autel, and certain other covered devices to continue receiving firmware and software updates through at least January 1, 2029. That includes security patches, bug fixes, compatibility improvements, and other updates considered necessary to “mitigate harm to US consumers.”
For America’s commercial drone operators, public safety teams, content creators, infrastructure inspectors, and enterprise IT departments, the decision is a significant one. It means drones already flying legally in the United States are not suddenly headed toward a software dead end.
The FCC’s waiver does not remove DJI or Autel from the Covered List. It does not reopen the door for new equipment authorizations. And it does not change procurement rules tied to programs like Blue UAS or federal government contracts. What it does do is prevent existing aircraft from becoming frozen on old firmware versions while they are still actively being used across industries. That distinction matters enormously.
Under FCC rule revisions adopted in late 2025, equipment placed on the Covered List became ineligible for certain “permissive changes” under the agency’s equipment authorization system. In simple terms, manufacturers could no longer easily push software or firmware updates to covered devices once those products landed on the list.
At first glance, that may have sounded like a reasonable national security measure. But in practice, it created a potentially dangerous situation.
Modern drones are deeply software-dependent machines. Firmware updates do far more than add new features. They fix security vulnerabilities, improve GPS handling, refine battery management systems, address radio interference issues, patch bugs affecting flight stability, and maintain compatibility with mobile operating systems and remote controllers.
Without updates, operators would eventually be flying aging aircraft with outdated software in increasingly complex airspace environments.
Related: FCC’s DJI, Autel ban ignores how drones actually work
The FCC itself effectively acknowledged that risk in the waiver notice. The agency stated the extension covers updates “to ensure the continued functionality of the devices,” including patches that “mitigate harm to US consumers” and maintain compatibility with operating systems.
For DJI users especially, the stakes are massive. Despite years of political scrutiny and ongoing federal restrictions, DJI drones still dominate large parts of the American drone market. Commercial operators rely heavily on platforms like the DJI Mavic 4 Pro, Matrice 400, and DJI Air 3S for everything from mapping and inspections to cinematography and emergency response.
Autel also maintains a meaningful footprint in public safety and enterprise workflows with aircraft such as the EVO Max 4T and Autel EVO II Pro.
If firmware support had abruptly stopped, the consequences would have rippled far beyond hobby flying.
Commercial drone fleets often represent hundreds of thousands of dollars in investments tied to training, payload integrations, operational procedures, maintenance systems, and software ecosystems. Replacing all of that overnight with Blue UAS-approved alternatives simply is not realistic for many operators.
And even among domestic drone manufacturers, the ecosystem is still maturing.
Companies like Skydio, Shield AI, and Inspired Flight Technologies continue expanding their enterprise offerings and federal compliance credentials, but the US market still lacks one-to-one replacements for the sheer breadth of DJI’s product lineup, price points, accessories, and software maturity.
That is part of why many industry professionals viewed the original rules as potentially counterproductive. Instead of improving security, critics argued the firmware restrictions could have created a massive pool of permanently unpatched hardware still operating in the field. From a cybersecurity perspective, that scenario worried both drone operators and IT professionals.
The waiver actually extends beyond drones. It also covers certain foreign-manufactured routers added to the FCC’s Covered List earlier this year. And that may explain why the FCC moved relatively quickly.
In cybersecurity circles, unpatched routers are considered one of the most attractive attack surfaces for hackers and state-sponsored threat actors. Blocking security updates on widely deployed networking equipment would have introduced obvious risks for businesses and consumers alike. The same logic applies to connected drone systems.
Enterprise drones are increasingly integrated into cloud platforms, fleet management software, remote operations infrastructure, LTE and 5G networks, and automated data workflows. Leaving those systems frozen on aging firmware would have created operational instability while potentially exposing vulnerabilities over time.
The FCC’s new notice essentially acknowledges that reality without backing away from broader national security concerns surrounding Chinese-made technology. Importantly, the waiver remains narrow in scope.
The FCC is not giving DJI or Autel special treatment, nor is it reversing Covered List restrictions. New authorizations for covered equipment remain blocked, and federal procurement rules tied to the Department of Defense or Blue UAS remain unchanged.
The agency also clarified that manufacturers still must comply with all other FCC requirements for permissive changes, including testing obligations and certification rules. What operators are getting is breathing room. And the timeline matters.
The original UAS waiver issued in January 2026 only extended relief until January 2027. The new extension pushes that runway out to at least January 1, 2029, while also expanding coverage to include certain Class II permissive changes, which are more substantial firmware modifications that normally require additional FCC filings. That extra time could prove critical for the industry’s transition toward more diversified supply chains and domestic alternatives.
Perhaps the most important line in the FCC notice is one many drone pilots will probably never read. The agency said it intends to recommend codifying this waiver through future rulemaking “as soon as practicable.” That is a strong signal the FCC recognizes the difference between blocking future authorizations for national security reasons and denying security updates to devices already operating legally in the field. Those are two very different policy goals.
For now, though, the practical takeaway for most drone users is straightforward: if you already legally own and operate a DJI or Autel drone in the United States, firmware updates are not suddenly disappearing tomorrow. Your aircraft is not becoming stranded on unsupported software next year. Instead, the FCC has effectively bought the drone industry several more years to transition carefully, maintain cybersecurity protections, and avoid turning millions of dollars’ worth of deployed hardware into increasingly vulnerable flying computers.
For operators navigating an already uncertain regulatory environment, that is a very significant development.
More: FCC commissioner defends blacklisting foreign drones over security fears
FTC: We use income earning auto affiliate links. More.
Comments