Implementing FCC Covered List Restrictions for Foreign-Produced UAS: Practical Steps and Engineering Implications

Question:

What are the technical requirements or compliance considerations for integrating uncrewed aircraft systems (UAS) and their critical components under the new FCC Covered List as outlined in DA 25-1086A1?

Answer: T

he primary technical requirement introduced by DA 25-1086A1 is that all uncrewed aircraft systems (UAS) and their critical components must be produced within the United States to be considered compliant. This mandate extends to data transmission devices, communications systems, flight controllers, ground control stations, navigation systems, batteries (including smart batteries), and motors if they are intended for use in U.S. public safety, critical infrastructure, or sensitive environments. The underlying rationale is national security: foreign-manufactured UAS or their components have been identified as posing unacceptable risks, such as enabling persistent unauthorized surveillance, data exfiltration, or disruptive operations, especially at mass gatherings or over critical infrastructure. By requiring domestic production, the FCC aims to mitigate the risk of foreign interference and ensure supply chain integrity.

The mechanism behind this requirement is rooted in the Secure and Trusted Communications Networks Act of 2019 and reinforced by Section 1709 of the FY2025 National Defense Authorization Act (NDAA). These directives empower the FCC to update its Covered List—essentially a blacklist—based on national security determinations made by interagency executive bodies with expertise in cybersecurity and communications. Technical compliance, therefore, means that UAS manufacturers and operators must verify and document the origin of every critical component, ensuring none are sourced from foreign entities identified as threats. This includes not only hardware but also embedded software and firmware, as remote software updates from foreign suppliers have been flagged as potential vectors for disabling or hijacking systems.

For engineers and system integrators, the implications are significant and immediate. Existing fleets or new designs using components from companies like Hangzhou Hikvision, Dahua Technology, Hytera Communications, or AO Kaspersky Lab (as referenced explicitly in the FCC’s July 23, 2025, Covered List update) may require urgent review or replacement. Engineers must now prioritize supply chain transparency and traceability, ensuring that every link—from raw materials to final assembly—meets the FCC’s domestic sourcing requirements. Practically, this may necessitate redesigning systems, requalifying suppliers, or even revisiting the architecture of communications and control systems to remove or replace non-compliant modules.

To comply, engineers must implement robust documentation and verification processes, including audits of bills of materials, supplier certifications, and possibly third-party validation. It is no longer sufficient to rely on “assembled in the USA” claims; every critical subsystem must be traceably sourced from U.S.-based manufacturers. Additionally, engineers should monitor updates to the FCC Covered List and NDAA section 1709, as these may expand the scope of restricted components or suppliers. Beyond regulatory compliance, adhering to these requirements also embodies broader engineering principles of risk management and system resilience—ensuring that national infrastructure and sensitive data remain protected from foreign adversaries and supply chain vulnerabilities.