The latest fight over Chinese-made drones is being framed as a battle over one company, one product line, or even one country. It is not. It is a test of whether the United States can regulate strategically in a sector where national security, commercial dependence, industrial policy, and administrative law are now deeply intertwined.
This dynamic came into sharp focus in a recent working group discussion examining the FCC’s December 22, 2025 decision to add all foreign-manufactured drones and their critical components to the Covered List on a going-forward basis. Under this approach, new Chinese-made drones, including widely used DJI models, can no longer receive FCC equipment authorization and are effectively excluded from the U.S. market. Previously authorized systems, however, remain lawful to own and operate.
The discussion did not converge on a single conclusion. Instead, it surfaced a more valuable outcome: a rigorous debate over whether the policy is principled, performative, underinclusive, overinclusive, or some combination of all four.
One line of analysis emphasized the national security rationale. Drones are not merely consumer devices; they are airborne data collection platforms capable of capturing high-resolution imagery, telemetry, geolocation, and operational patterns. In aggregate, such data can reveal vulnerabilities across critical infrastructure, transportation systems, emergency response operations, and sensitive facilities. From this perspective, the concern is not hypothetical. It is systemic.
That concern is amplified by the legal environment governing certain foreign manufacturers. The risk is not limited to potential cyber intrusion or user error. Rather, it is rooted in the possibility that companies may be legally compelled to provide access to data or disclose vulnerabilities to state authorities. This creates a category of risk that is structural rather than incidental. It cannot be fully mitigated through user behavior, software configuration, or operational safeguards. The issue, in this framing, is not misconfiguration. It is control.
At the same time, the discussion raised significant concerns about the design and implementation of the FCC’s approach. A recurring point of critique focused on the apparent absence of a transparent, publicly articulated evidentiary basis for the ban. The statutory mechanism that triggered the restriction appeared to operate without a clearly identified agency completing the anticipated audit process. As a result, the policy rests, at least in public view, on generalized assertions of risk rather than a detailed, reasoned explanation tied to specific systems or practices.
This raises familiar administrative law concerns. National security determinations are entitled to deference, but they are not exempt from the requirements of reasoned decision-making. Agencies must still articulate a rational basis for their actions, address relevant evidence, and consider reliance interests and economic consequences. Without that, even a substantively justified policy may appear procedurally vulnerable.
Questions of consistency further complicated the analysis. If the underlying concern is foreign-manufactured technology capable of collecting sensitive data, it is not immediately clear why drones are being singled out while other widely used devices with similar or greater data collection capabilities are not subject to comparable restrictions. This selective approach risks undermining the coherence of the broader regulatory framework.
A separate line of critique focused on underinclusiveness. If the identified risk is ongoing and structural, a prospective-only ban leaves a substantial installed base of existing systems untouched. Those systems continue to operate in the same environments and collect the same categories of data. As a result, the policy may significantly affect future market access while doing comparatively little to address present exposure.
This produces a notable tension. The rule is expansive in its forward-looking market impact, yet limited in its immediate operational effect. It restricts new entrants while preserving existing dependencies.
Economic and industrial considerations also featured prominently. The current U.S. drone ecosystem has developed in significant part due to the availability of relatively low-cost, high-capability platforms produced at scale by foreign manufacturers. These systems are widely used across agriculture, infrastructure inspection, media, and public safety. Abruptly constraining access to such platforms, without a clear pathway to viable domestic or allied alternatives, risks increasing costs, slowing adoption, and placing pressure on smaller operators.
This does not negate the national security rationale. It does, however, underscore that any meaningful policy response must engage with industrial capacity and market realities. In practice, this shifts the conversation from whether to regulate to how to transition.
Accordingly, a number of participants converged around a modified approach. Rather than a categorical restriction, a more tailored framework could align regulatory intensity with operational risk. High-consequence uses, such as critical infrastructure, government operations, and sensitive data environments, could be subject to stricter limitations or phased replacement requirements. Lower-risk uses, including recreational or non-sensitive commercial operations, could be governed by enhanced data security and transparency requirements rather than outright exclusion.
Such an approach would also benefit from clearer criteria for assessing risk, including the degree of foreign control over software, data flows, and update infrastructure, as well as the legal obligations imposed on manufacturers by their home jurisdictions. Pairing these measures with domestic manufacturing incentives, procurement reform, and transition support could mitigate disruption while advancing longer-term policy goals.
A further tension emerged around the role of industrial policy. While the stated justification for the ban is national security, the practical effect is to create space for domestic manufacturers in a market long dominated by foreign producers. Whether intentional or incidental, this dual effect raises important questions about how openly such objectives should be acknowledged and how carefully they should be implemented to avoid legal and diplomatic friction.
Taken together, the discussion suggests that the DJI ban is less a final policy solution than an early test case. It highlights the difficulty of regulating technologies that operate simultaneously as commercial tools, data platforms, and potential vectors of strategic vulnerability.
The broader implication extends beyond drones. Similar challenges are likely to arise across a range of networked technologies where supply chains, software control, and data flows intersect with national security concerns. The effectiveness of future policy responses will depend not only on identifying risks, but on designing regulatory frameworks that are transparent, proportionate, and capable of managing transition.
In that sense, the DJI decision is best understood as a stress test. It exposes the limits of current regulatory approaches and underscores the need for more integrated strategies that combine security objectives with legal rigor and industrial planning.
The central challenge is not recognizing the threat. It is building a response that is credible, durable, and aligned with the realities it seeks to govern.
Steve E. Bartz, Jared Blackburn, Brian S. Brewer, Julian Butler, Sunshine H. Eversull, Chase C. Harris, Roxanne Javor, Christian C. Kobres, Mark M. Majors, Kerry A. Mawn
Leave a Reply