DJI Challenges US Security Agencies in NDAA Deadline Push

Estimated read time 9 min read


Chinese drone maker DJI has formally requested five US national security agencies to evaluate its products ahead of a critical December 31, 2025 deadline established by National Defense Authorization Act provisions. In a letter sent to the Department of Homeland Security, Department of Defense, FBI, NSA, and Office of the Director of National Intelligence in March, DJI’s Head of Global Policy Adam Welsh urged the agencies to begin their required security evaluations immediately.

The letter, dated March 3, 2025, was addressed to DHS Secretary Kristi Noem, Defense Secretary Pete Hegseth, FBI Director Kash Patel, NSA’s General Timothy D. Haugh, and ODNI Director Tulsi Gabbard, as shown in the source document.

Regulatory Pressure and Potential Market Restrictions

The letter comes as DJI faces potential restrictions in the US market if any of these agencies determines their products pose “an unacceptable risk” to national security. More concerning for the company, if no evaluation occurs by the deadline, the FCC would automatically add DJI’s equipment to its “covered list,” effectively restricting their use across the United States, according to the company’s interpretation of Section 1709 of the 2025 National Defense Authorization Act.

“We welcome this scrutiny,” Welsh stated in the letter, adding that “DJI is confident that its products can withstand your strictest scrutiny.” The company emphasized that the evaluation’s outcome affects “thousands of businesses, consumers, and public safety agencies” that rely on their technology.

Previous Security Assessments and Certifications

DJI cited Data Security audits previously conducted by third-party firms including Booz Allen Hamilton, FTI Consulting, and Kivu Consulting, as well as assessments by the US Department of Interior and Idaho National Laboratory. The letter references specific reports from these organizations, including two separate evaluations conducted by FTI Consulting in 2022 and 2024.

Data Security Features and Privacy Protections

In addressing data security concerns, DJI emphasized several key privacy features in their products. According to the letter, no flight logs, images, or videos are synchronized with DJI servers unless users actively choose to do so, and US users cannot sync flight records to DJI servers at all. The company also offers a “Local Data Mode” that prevents any data sharing by cutting the connection between the flight app and the internet.

Economic Impact and Industry Stakes

The stakes are high for both DJI and the US drone ecosystem. According to an economic impact analysis cited in the letter, DJI enables more than $116 billion in economic activity across the US and supports over 450,000 American jobs.

Strategic Approach and Future Outlook

The formal request represents a proactive approach from the world’s leading drone manufacturer as it attempts to address security concerns that have shadowed the company in recent years. DJI has requested meetings with officials from each agency to demonstrate their drones’ security features and address any questions about their technology.

This development comes amid increasing scrutiny of Chinese technology companies in the United States, with DJI seeking to distinguish itself through transparency and cooperation with American authorities before the NDAA deadline potentially forces restrictions on its products.

The DJI Letter

Here’s the text of the original letter from DJI:

                                                                       March 3, 2025

The Honorable Kristi Noem                       The Honorable Pete Hegseth
Secretary                                       Secretary
Department of Homeland Security                 Department of Defense
MS 0525 Department of Homeland Security         1000 Defense Pentagon
2707 Martin Luther King Jr. Ave SE              Washington, DC 20301-1000
Washington, DC 20528-0525

The Honorable Kash Patel                        The Honorable Gen. Timothy D. Haugh
Director                                        Director
Federal Bureau of Investigation                 National Security Agency
935 Pennsylvania Ave., NW                       9800 Savage Rd., Suite 6272
Washington, DC 20535-0001                       Fort George G. Meade, MD 20755-6000

The Honorable Tulsi Gabbard
Director
Office of the Director of National Intelligence
Office of Strategic Communications
Washington, DC 20511

Dear Secretary Noem, Secretary Hegseth, Director Patel, General Haugh, and Director Gabbard:

DJI was founded to develop drones that would make the world a better place and benefit society. From our beginnings in a single dorm room at the Hong Kong University of Science and Technology in 2006, DJI has grown to a global company with a global workforce. Today, DJI products are redefining industries. Professionals in law enforcement, agriculture, conservation, search and rescue, energy infrastructure, filmmaking and more trust DJI. Our products bring new perspectives to these professionals' work and help them accomplish feats more safely, faster, and with greater efficiency than ever before. They are also flown and enjoyed by hobbyists across America.

DJI has been credited with creating the small off-the-shelf drone category and holds (or has pending) more than 5,000 global patents. Thanks to this first-mover advantage and continued innovation, research, and development, global consumers choose DJI products overwhelmingly for commercial, scientific, public safety and recreational purposes.

Despite this success – or perhaps because of it – some policymakers have raised concerns that DJI's products may pose security or safety risks to the United States. And as you may know, Congress has tasked any one of your agencies with evaluating whether this is true.

We welcome this scrutiny.

Specifically, Section 1709 of the 2025 National Defense Authorization Act "mandates that within one year of enactment, a designated national security agency must evaluate whether communications and video surveillance equipment from these manufacturers pose 'an unacceptable risk' to U.S. national security or the safety of American citizens." If you determine that DJI's drones pose an unacceptable risk, the Federal Communications Commission (FCC) must add them to its "covered list," effectively restricting their use in the United States. If you do not evaluate DJI's products in 2025, the FCC would also have to add the company's equipment to its covered list, depriving DJI of its due process and depriving thousands of businesses, consumers, and public safety agencies of products that they want and need for no reason at all.

Accordingly, I write to request that any or all of your agencies begin this required evaluation of DJI's products right away.

DJI is confident that its products can withstand your strictest scrutiny. We are confident not only because we have nothing to hide, but because independent firms and other U.S. government agencies have repeatedly validated and confirmed that DJI's products are secure. Through the years, companies including Booz Allen Hamilton, FTI Consulting, Kivu Consulting and TÜV SÜD, as well as the U.S. Department of Interior and the Idaho National Laboratory, have purchased DJI products off-the-shelf, assessed DJI's data security practices, and conducted thorough technical investigations. We have responded to their constructive feedback and shown a willingness to work with any agency as is requested; if necessary, we are also prepared to respond to and mitigate any specific vulnerabilities that anyone else may identify, as we regularly do through our "Bug Bounty" program as well.

DJI data practices and products have previously received security certifications from international and U.S. government standard-setting bodies, including ISO 27001, ISO 27701, NIST FIPS 140-2 CMVP Level 1, and the American Institute of Certified Public Accountants SOC2 certification. Further, a 2022 audit confirmed that DJI products met NIST IR 8259 and ETSI EN 303645 standards in terms of network security and privacy protection. They are also GDPR-compliant and allow enterprise users to prevent unauthorized access to drone data by utilizing AES-256-XTS encryption – the longest encryption key length established by NIST when it developed its advanced encryption standard (AES).

Commercial, scientific, public safety and recreational users of DJI drones have a vested interest in the security of their data. As the world's leading drone manufacturer, we stake our reputation on making sure our products and user data remain secure. We have implemented a number of features and protocols to ensure that our drones protect user data – while providing users with a way to fly their drones without any data transmission at all. For example:

• No flight logs, images, or videos are synced with DJI servers unless a user affirmatively chooses to sync with a DJI server.

• U.S. users cannot sync their flight records to DJI's servers at all.

• Users can fly offline or in "Local Data Mode," which severs the connection between the flight app and the internet to prevent data sharing, even inadvertently.

• Users can amend their data preferences at any time through the app's settings, easily delete information on the drone, or download third-party software solutions. They can even disable the DJI flight app altogether, if they prefer.

DJI's drones are the most capable, best priced, and most reliable commercial drones currently in use today. Restricting DJI drone imports or use would have a ripple effect throughout the entire U.S. drone ecosystem. A recent economic impact analysis found that DJI enables more than $116 billion in economic activity across the U.S. and supports more than 450,000 American jobs.

The people who have built livelihoods using DJI products deserve a fair and timely evaluation by your agencies to lift the cloud on our company and reassure DJI's customers and the American public that DJI's drones are safe and secure.

Our commitment to safety and security is steadfast, and we pledge our full cooperation during this process, including by providing you with any information or assistance that will help. We also believe it will be useful for you to meet with DJI as part of a fair evaluation process. Accordingly, we respectfully request a meeting with you or your staff at your earliest convenience to demonstrate the data security features on our drones, address any questions or concerns, and ensure your evaluation is carried out in a timely manner.

Sincerely,


Adam Welsh
Head of Global Policy
DJI

CC:    Sen. Roger Wicker, Chair, Senate Armed Services Committee
       Sen. Jack Reed, Ranking Member, Senate Armed Services Committee
       Members of the Senate Armed Services Committee
       
       Sen. Rand Paul, Chair, Senate Committee on Homeland Security & Governmental Affairs
       Sen. Gary Peters, Ranking Member, Senate Committee on Homeland Security & Governmental Affairs
       Members of the Senate Committee on Homeland Security & Governmental Affairs
       
       Rep. Mike Rogers, Chair, House Armed Services Committee
       Rep. Adam Smith, Ranking Member, House Armed Services Committee
       Members of the House Armed Services Committee
       
       Rep. Mark Green, Chair, House Homeland Security Committee
       Rep. Bennie Thompson, Ranking Member, House Homeland Security Committee
       Members of the House Homeland Security Committee

Discover more from DroneXL.co

Subscribe to get the latest posts sent to your email.

You May Also Like

More From Author

+ There are no comments

Add yours