With less than three weeks to go before a sweeping US sales ban on new DJI gear could take effect, the world’s largest drone maker is making its most urgent appeal yet. DJI has sent letters to five major US national security agencies, pleading for something it says it has been requesting for months: a government-mandated security review.
At stake is nothing less than the company’s ability to bring any new drones or other imaging gear into the US market starting December 23, a deadline set by Congress under the 2025 National Defense Authorization Act (NDAA).
If the review isn’t completed, or if DJI fails it, the company will be added to the Federal Communications Commission’s “Covered List,” the same blacklist used to restrict the sale of Chinese-made telecom gear from companies like Huawei and ZTE. In practice, this would mean DJI’s new drones can’t get FCC equipment authorization, effectively blocking their sale in the US. Existing consumer and commercial drones that already hold FCC approvals would remain legal to fly. But new products would be locked out.
Related: DJI’s first 360-degree drone gets FCC nod with US ban looming
DJI says it has been trying since March to get the audit scheduled. And according to the letters sent December 1 to the Department of Homeland Security (DHS), Department of Defense (DoD), FBI, National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI), those attempts have been met with silence.
“Doing so would lead to widespread consumer confusion and deprive American drone users of due process — and of answers about the safety and security of the DJI products they use every day,” the company writes in its letter to national security officials. DJI adds bluntly that “failing to undertake the review” would contradict Congress’s intention behind the law.
A countdown DJI can’t control
The NDAA’s Section 1709 requires that the federal government conduct a security review of communications and video-surveillance technology made by DJI and Autel Robotics. If no US agency steps forward to conduct the audit by December 23, both companies are automatically placed on the FCC Covered List. That “automatic” language is what has DJI scrambling.
In the letter to DHS Secretary Kristi Noem, DJI reminds the department that DHS “indicated through written communication” in September that it was willing to undertake the review. But nothing has happened since, and the clock is ticking. “With less than one month left… we urge the Department of Homeland Security to take up this audit immediately,” the letter reads.
And the stakes aren’t small. More than 80% of US state and local public safety agencies, including fire departments, sheriff’s offices, search-and-rescue teams, and local police, rely on DJI drones for everything from wildfire response to collision mapping to missing-person searches. Their programs would be at immediate risk if they could no longer buy the drones they depend on.
A recent economic impact analysis has also found that DJI enables more than $116 billion in economic activity across the US and supports more than 450,000 American jobs.
DJI says: We’ve already been audited, many times
The letters make a clear and consistent case: DJI believes it has already been through more security scrutiny than almost any other drone maker in the world, and it is asking US agencies to look at that record before making any blacklist decision.
To DHS and the other agencies, DJI cites at least six independent or government-led audits, including:
- Booz Allen Hamilton (2020)
- Two separate cybersecurity evaluations by FTI Consulting (2022 and 2024)
- Kivu Consulting’s data-security validation
- TÜV SÜD’s technical security assessment
- A data-security review by the US Department of the Interior (2019)
- An evaluation by the Idaho National Laboratory at DHS’s direction (2019)
The company says each review purchased DJI drones “off-the-shelf,” then conducted deep technical analysis. In the DHS-focused letter, DJI said it “coordinated with these agencies as needed” and “responded to any identified vulnerabilities,” arguing that its willingness to cooperate should erase any doubts about whether it would comply with a congressional review.
DJI also highlighted an extensive set of cybersecurity certifications and compliance benchmarks, including ISO 27001, ISO 27701, NIST FIPS 140-2 CMVP Level 1, SOC 2, compliance with NIST IR 8259 and ETSI EN 303645, GDPR compliance, and enterprise-grade AES-256-XTS encryption.
In both letters, DJI leans heavily into the idea that users have full control over their data — a key concern that US lawmakers cite when arguing that DJI products may expose risks to national security. DJI emphasizes that:
- US users cannot sync flight logs to DJI servers at all.
- Photos and videos are never uploaded automatically.
- Pilots can fly entirely offline using Local Data Mode, which “severs the connection between the flight app and the internet.”
- Users can disable the DJI flight app entirely and use third-party US software.
The company sums up its posture this way: “We stand behind the security of our technology… and are ready to respond to and mitigate any specific vulnerabilities that may be identified, if given a fair right of reply.”
Silence from Washington
To this point, none of the agencies has publicly responded. DJI writes that “to date, these offers have gone unanswered,” even though the company has reached out repeatedly since early March.
The most notable acknowledgment came from DHS in September, when DJI says the department expressed a “willingness” to ensure the audit is completed “consistent with Congressional intent.” But there has been no movement since.
It remains unclear which agency — DHS, DoD, FBI, NSA, or ODNI — would actually (if at all) conduct the review. The law simply states that “a designated national security agency” must perform the evaluation; it does not specify which one. That ambiguity adds an unusual twist: any of the five agencies could theoretically step forward, but none have done so, even as DJI continues to request meetings and reiterate its readiness.
It’s also important to note that the security-review controversy isn’t happening in a vacuum. DJI is already fighting a separate legal battle with the Pentagon over its designation as a “Chinese military company.” A federal judge ruled earlier that DJI “failed to refute” the Defense Department’s evidence suggesting military-aligned Chinese agencies could use its products. DJI has appealed the ruling.
Meanwhile, the US government has opened a Section 232 national security investigation into drone imports — an action that could pave the way for tariffs on foreign-made drones, including DJI models.
Layered onto this is the wider bipartisan political push to reduce dependence on Chinese technology suppliers. In Washington, drones are increasingly lumped into the same national-security conversation as telecom equipment, semiconductors, and critical infrastructure software.
The December 23 FCC deadline is just the next domino in a policy landscape that has been shifting for years. For now, the world’s dominant drone maker can only wait for Washington’s next move, and keep sending letters.
More: Holiday drone shows are taking over America’s skies: Here’s where to watch
FTC: We use income earning auto affiliate links. More.
Comments