Implementing FCC Covered List Restrictions for Foreign-Produced UAS: Practical Steps and Engineering Implications

Question: 

How are the FCC’s Covered List restrictions on foreign-produced Uncrewed Aircraft Systems (UAS) and critical components implemented in practice, and why is this approach significant for engineering teams and system integrators?

Answer:

The practical implementation of the FCC’s Covered List restrictions—specifically the addition of foreign-produced UAS and their critical components—requires organizations to systematically identify, assess, and exclude non-compliant technologies from their communications infrastructure and operational deployments. This is significant because, as outlined in DA 25-1086A1 (released December 22, 2025), the intent is to mitigate unacceptable national security risks such as unauthorized surveillance, data exfiltration, and remote disabling of critical systems. By mandating that UAS and their key components (e.g., flight controllers, data transmission devices, navigation systems) must be produced in the United States, the FCC is enforcing a supply chain security standard that directly impacts procurement, system design, and ongoing maintenance—especially for entities in public safety, critical infrastructure, and government operations.

From a technical perspective, the implementation process starts with supply chain vetting and compliance auditing. Engineering teams must cross-reference their bill of materials and supplier lists against the FCC’s Covered List, which is updated regularly (most recently on July 23, 2025, per the article). For each UAS or component under consideration, engineers must verify its country of origin and whether the manufacturer is named in Section 1709 of the FY2025 NDAA or in related FCC dockets (e.g., WC Docket No. 18-89). This often involves requesting documentation from suppliers, analyzing part numbers, and using procurement management systems that flag restricted items. Such diligence is necessary because foreign-manufactured UAS components have been shown to enable persistent surveillance and remote access via software updates—a risk highlighted by both the FCC and U.S. cybersecurity guidance.

The implications for engineers are substantial: system designers must now select only U.S.-manufactured UAS and components, which may require redesigning existing platforms or sourcing alternative suppliers. For example, organizations that previously relied on video surveillance or communications equipment from companies like Hangzhou Hikvision or Dahua Technology (both flagged in earlier FCC notices on March 12, 2021) must now transition to compliant products, often entailing hardware swaps and software integration challenges. In practical terms, this affects everything from drone deployments at mass gathering events (such as the Olympics or World Cup) to routine infrastructure inspections, where data integrity and operational uptime are paramount. Engineers must also account for cybersecurity implications: using domestically produced components reduces the attack surface for remote exploits and unauthorized data harvesting.

To comply, engineering teams must establish robust processes for ongoing compliance monitoring, including regular training on evolving regulations and maintaining updated records of all UAS-related procurement. They must also assess legacy systems for non-compliance and plan phased replacements or upgrades. Documentation is key; keeping proofs of origin and compliance certifications can be critical during audits or federal reviews. Additionally, engineers must factor in system interoperability, as transitioning to domestic components may introduce integration challenges requiring custom firmware, new communication protocols, or updated ground control software. Ultimately, this approach reinforces broader engineering principles of risk management, system resilience, and lifecycle security, ensuring that critical infrastructure remains protected against both known and emerging threats.