A December 2025 “Los Angeles Times” report highlighted a decision point many public-safety leaders have followed for years: potential federal restrictions on Chinese-made drones that could disrupt thousands of police and fire UAS programs nationwide. [1] Estimates suggest roughly 25,000 DJI drones are currently used by U.S. public safety agencies, largely because they are affordable, reliable and relatively easy to train and maintain. [1]
Recent federal action has intensified the debate. Reporting ahead of a late-December deadline described a congressionally required security review that could have led to DJI being added to the FCC’s Covered List — a step that would constrain future equipment authorizations and complicate new product launches in the United States. [2]
In late December 2025, the FCC updated its Covered List posture in a way that went beyond DJI-only assumptions, adding foreign-produced unmanned aircraft systems and foreign-produced critical UAS components on a forward-looking basis. [3,4] Importantly, the action does not apply retroactively to aircraft already authorized and in use. As DRONERESPONDERS summarized shortly after the decision, there is currently no planned retroactive ban affecting previously owned aircraft and therefore no immediate operational impact for agencies already flying these systems. [5]
| REGISTER: How agencies operationalize real-time policing
The policy landscape may continue to evolve. But the leadership challenge for municipal public safety is already clear.
The real question is not whether DJI should be debated in Washington. The question is whether agencies have built drone programs resilient enough to withstand policy shocks, cybersecurity concerns and supply chain disruptions while still delivering life-saving capability.
Why agencies cannot outsource drone governance
Federal policy decisions are often driven by geopolitical concerns, supply chain security and domestic industrial policy. Those priorities are legitimate. But they do not always align neatly with the operational realities of municipal policing and fire response: constrained budgets, training capacity, replacement cycles and the simple requirement that drones must launch today when lives are at risk.
That gap makes local leadership essential.
Public safety agencies must preserve mission capability while implementing practical, auditable safeguards that reduce risk today. Waiting for Washington to resolve every policy debate is not a viable strategy for agencies responsible for immediate life-safety missions.
The governance gap behind the drone debate
For many agencies, drones were initially treated as equipment — another tool alongside radios, patrol vehicles or thermal cameras.
In reality, unmanned aircraft systems are connected information and communication technology ecosystems. They contain radios, software, data pathways, storage and update mechanisms. Each of these elements introduces potential cyber risk surfaces. [6,7]
Federal guidance has made this clear for years. Yet the public conversation around drones often collapses into a false choice: panic or denial. Ground fleets immediately. Or assume nothing needs to change.
Neither response reflects the disciplined risk management public safety leaders apply in other operational areas. Leadership cannot simply adopt new technology. It must govern that technology in a way that withstands policy shifts, cyber risk and public scrutiny.
Operational realities for municipal police and fire agencies
When federal concerns about DJI began gaining momentum several years ago, Dr. Lestrange interviewed several early leaders responsible for launching Drone as First Responder programs. Their perspectives remain instructive.
First, many leaders expressed a practical view of risk. Routine missions such as traffic crashes, structure fires, missing persons searches or perimeter overwatch were not seen as intelligence targets. For everyday life-safety calls, they believed the operational value of drones outweighed what often felt like abstract geopolitical risk.
Second, many municipal agencies are not conducting inspections of critical infrastructure themselves. Utilities, energy firms and transportation operators frequently manage those inspections directly. That raises an important policy question about why municipal public safety has sometimes become the central focus of the drone debate rather than the much larger commercial drone ecosystem.
Third, agency leaders consistently said they would prefer American-made systems if the products met operational needs. DRONERESPONDERS survey data supports that view. A large majority of respondents indicated they would prefer U.S.-manufactured systems if cost and performance were comparable. [8]
These perspectives highlight a key leadership challenge. National security concerns deserve serious evaluation. But agencies must separate political narratives from practical risk controls they can implement now without sacrificing operational capability.
The Lenovo lesson: Managing technology risk
A useful comparison comes from the government’s response to concerns about Lenovo computers.
In 2006, questions were raised about the use of Chinese-manufactured PCs within federal agencies. The response was not a universal ban. Instead, the State Department implemented restrictions on classified and sensitive networks while still allowing use in less sensitive environments. [9]
Two decades later, Lenovo products still appear within federal procurement ecosystems, including GSA technology programs. [10,11]
The lesson is straightforward. Governments routinely manage technology risk through tiered controls, network segmentation and mission-based restrictions rather than blanket prohibitions.
Drones should be treated the same way. They are not simply aircraft — they are flying computers that transmit and receive data.
CISA guidance reflects this reality, describing UAS as ICT devices where every connection point can represent a potential cyber target. [8] At the same time, CISA emphasizes that best practices reduce risk but cannot eliminate it entirely. [7]
What the FCC decision changes — and what it doesn’t
The FCC’s 2025 Covered List action should be understood primarily as a forward-looking policy constraint rather than an immediate operational shutdown. [3,4] Existing drones already in service are not currently subject to retroactive grounding. [5]
However, the decision does affect long-term planning.
Sustainment becomes strategy. Agencies must consider how parts availability, batteries, repairs and replacement cycles could be affected by future supply chain restrictions or policy changes. Prior reporting has already described situations where DJI shipments faced delays due to customs reviews tied to UFLPA enforcement debates. [12]
Procurement planning also becomes more complex. Replacing a drone platform is not simply purchasing new aircraft. It involves rebuilding training pipelines, integrating payloads, updating procedures and managing lifecycle costs.
For this reason, some agencies are beginning to explore mixed fleets, adding blue-listed systems for sensitive missions such as critical infrastructure inspections or major events while continuing to use existing platforms for routine life-safety calls where policy allows.
A practical mitigation playbook for public safety drone programs
Rather than waiting for federal policy to settle, agencies can begin reducing operational and cybersecurity risk today using practices already recommended in federal guidance. [13]
Fly offline-first for sensitive missions
GSA guidance recommends standalone approaches when transferring data from UAS systems, including using computers that are not connected to the internet or enterprise networks. [13]
Treat the controller as a managed endpoint
Drone controllers should be governed like any other mission-critical device. Basic controls include strong authentication, encryption at rest, application allowlisting and regular patching.
Run malware scans during updates and data transfers
GSA guidance also recommends scanning downloaded files with up-to-date antivirus tools during the lifecycle of UAS software and data transfers. [13]
Segment data movement
Flight devices should remain mission-focused and disconnected during sensitive operations. A dedicated transfer station can handle exporting and scanning files before they enter agency networks. [13]
Use restrictive privacy and network modes
DJI enterprise documentation describes Local Data Mode, which disables network requests and prevents synchronization with external servers while enabled. [14] DJI’s Trust Center also summarizes independent review findings that data generated during such sessions was not transmitted externally when the mode was active. [15]
These features do not replace internal governance but can support policies requiring the most restrictive operating mode compatible with mission needs.
Reducing reliance on default platform ecosystems
Some agencies also explore whether operational platforms can reduce reliance on default vendor applications.
DJI enterprise privacy documentation indicates third-party software can be used without interacting with DJI Pilot 2 and that the application can be disabled if desired. [16]
DroneSense, widely used in Drone as First Responder programs, publishes instructions for configuring DJI enterprise controllers so that DJI Pilot 2 does not launch automatically and alternative applications can be used instead. [17] DroneSense also provides networking guidance for restricted environments when streaming or remote functions are required. [18]
Understanding the incentives shaping the debate
Drone policy discussions occur within a broader environment of national security concerns, legislative priorities and domestic manufacturing interests. Congressional proposals have linked drone policy to both security risks and economic competitiveness. [19,20] Public records also show manufacturers participating in lobbying activity related to drone policy. [21, 22]
Recognizing these incentives does not invalidate legitimate security concerns. But it reinforces why public safety leaders must focus on what they can control: building resilient programs capable of managing risk while preserving operational capability.
The leadership challenge
Public safety has not always led this issue with the same disciplined governance approach applied to use-of-force policies or critical incident planning.
When drone programs lack clear risk models, agencies face predictable vulnerabilities.
Programs become vulnerable to policy shocks when fleets are built around a single ecosystem without transition planning. They become vulnerable to cyber exposure when drones are treated as equipment rather than connected endpoint systems. And they risk losing public trust when agencies fail to clearly explain the safeguards already in place.
Risk-based governance allows agencies to maintain life-saving capability today while reducing cybersecurity risk and preparing for future technology transitions without creating operational gaps.
Because when a fire spreads, a child goes missing or a barricaded suspect escalates, the public will not evaluate public safety agencies based on geopolitical debates.
They will judge whether we had the tools, the governance and the leadership to act quickly enough to protect life.
References
- Einhorn B, Versprille A. Security concerns mount as police departments face potential ban on Chinese-made drones. Los Angeles Times. December 18, 2025.
- Shepardson D. Chinese drone maker DJI urges US to complete security review. Reuters. December 4, 2025.
- Federal Communications Commission. FCC updates Covered List to include foreign UAS and UAS critical components. December 2025.
- Associated Press. FCC bans new Chinese-made drones citing security risks. December 23, 2025.
- DRONERESPONDERS. FCC ban on foreign UAS and foreign-made critical UAS components. December 29, 2025.
- Cybersecurity and Infrastructure Security Agency. UAS cybersecurity. Accessed January 19, 2026.
- Cybersecurity and Infrastructure Security Agency. Cybersecurity best practices for operating commercial unmanned aircraft systems. Accessed January 19, 2026.
- AIRT–DRONERESPONDERS. Spring 2020 public safety UAS survey data. July 13, 2020.
- Gross G. US State Department limits use of Lenovo PCs. Computerworld. May 19, 2006.
- US General Services Administration. Government-wide Strategic Solutions for desktops and laptops program guide. Accessed January 19, 2026.
- US General Services Administration. Laptops and desktops BPA. Accessed January 19, 2026.
- Martina M, Shepardson D. US Customs halts some drone imports from Chinese manufacturer DJI. Reuters. October 16, 2024.
- US General Services Administration. IT security procedural guide: drones / unmanned aircraft systems security (CIO-IT-Security-20-104 Rev. 2). March 18, 2025.
- DJI. Network security mode – DJI Pilot 2 data security. September 27, 2023.
- DJI. Security audits and certification. DJI Trust Center. Accessed January 19, 2026.
- DJI. Enterprise drone privacy controls user guide. Accessed January 19, 2026.
- DroneSense. Setting the startup app on DJI enterprise controller. Accessed January 19, 2026.
- DroneSense. Networking. Accessed January 19, 2026.
- United States Congress. H.R. 3786 – Drones for First Responders Act. Accessed January 19, 2026.
- Warner MR. Sens. Mark Warner, Rick Scott lead bill to crack down on Chinese-made drones in the US. July 2024.
- US Senate. Lobbying Disclosure Act database. Accessed January 19, 2026.
- McFadden C. Skydio CEO denies lobbying the US government to ban DJI drones. Digital Camera World. July 2024.
