The FCC Banned New DJI Drones. It Let Thousands of Old Ones Keep Flying.
The FCC Banned New DJI Drones. It Let Thousands of Old Ones Keep Flying.
That's the contradiction at the center of a detailed filing the Drone Service Providers Alliance submitted to the Federal Communications Commission as the agency's public comment window closed on May 11. The alliance, which represents more than 33,000 remote pilots — commercial operators flying under Part 107 rules, inspection companies, mapping firms, agricultural service providers, and public safety agencies — is making a simple argument: if DJI and Autel Robotics drones truly pose an immediate national security threat, the logical response is immediate grounding of all affected aircraft. That never happened. Thousands of them are still flying legally over American farms, construction sites, infrastructure corridors, and emergency scenes right now.
"The Commission cannot have it both ways," the filing says. Either these drones are categorically unsafe in every operational context, or risk varies depending on how, where, and why they're being used.
The FCC declined to comment beyond the public record.
To be clear: DSPA is not defending DJI or Autel unconditionally. The alliance acknowledges that cybersecurity and national security concerns involving foreign drone manufacturers are legitimate. What it objects to is the regulatory shortcut of treating every foreign-made drone, every foreign-made component, and every operational use case as carrying identical levels of risk.
The FCC's concerns are real. Regulators have repeatedly raised issues involving cybersecurity vulnerabilities, data collection, firmware control, cloud connectivity, and the possibility that Chinese companies could be compelled to cooperate with Beijing under Chinese law. Those are not trivial concerns. But DSPA argues the FCC has never answered the prior question: What exactly makes a drone dangerous?
Is it the country where it was assembled? The software stack? The cloud connection? The firmware update system? The mission profile? The type of data being collected? Whether the drone is online or offline? Whether it's flying near critical infrastructure or simply photographing a roof for a home inspection?
"If the concern is cloud connectivity, the framework should address cloud connectivity," the filing argues. "If the concern is firmware update control, the framework should address firmware provenance."
That distinction matters enormously because cybersecurity risk is not binary. A drone flying offline to inspect farmland or map a construction site does not necessarily present the same level of risk as a cloud-connected drone operating near sensitive infrastructure. DSPA is asking the FCC to make that distinction in regulation rather than treating country of origin as a proxy for risk level.
DSPA also argues that domestic drones can carry serious cybersecurity weaknesses. Insecure firmware updates, weak encryption, poor vulnerability management, uncontrolled cloud dependencies, and inadequate authentication systems could create dangerous vulnerabilities on American-made aircraft too. The filing warns that sweeping restrictions based on geography do nothing to address those failure modes.
National security, in other words, cannot simply be reduced to "Chinese drone bad, American drone good."
Instead of blanket bans, DSPA wants what it repeatedly calls a "risk-appropriate framework." That would include cybersecurity standards for all drones regardless of origin, mission-based risk categories, local-only data storage options, cloud-disablement controls, firmware verification requirements, audit logging, vulnerability disclosure obligations, and restrictions tailored specifically to high-risk operations. The alliance also wants the FCC to distinguish between adversarial supply chains and allied countries rather than lumping all foreign production together.
Whether that framework has any path through the current FCC proceeding is a separate question. The December 2025 Covered List addition sits inside a broader national security apparatus that has shown little appetite for granular risk distinctions. The NDAA-mandated restrictions are in place, petitions are pending, and DJI has filed both a petition for reconsideration at the FCC and a separate lawsuit in the Ninth Circuit challenging the import ban. The commission is not required to accept DSPA's framing.
But the numbers in DSPA's filing are difficult to dismiss. According to survey data the alliance cites, 96.7% of drone operators currently use DJI drones. Seven in ten operators run fleets composed entirely of DJI aircraft. Among public safety agencies specifically, 97% of surveyed users operate DJI drones.
That dependency exists because DJI dominates on affordability, reliability, battery availability, software integration, sensor ecosystems, and ease of use. DSPA argues Washington may be underestimating how disruptive replacing those systems would actually be. Fleet replacement costs for state agencies alone could range from roughly $10 million to $50 million nationally, with even higher figures once local agencies are factored in. Those estimates do not include retraining, software migration, workflow redevelopment, certification, operational downtime, or productivity losses.
For small businesses, the consequences could become existential. America's commercial drone industry is not dominated by giant corporations. It is overwhelmingly built on small operators, sole proprietors, mapping companies, roof inspectors, agricultural service providers, real estate photographers, infrastructure inspectors, utility contractors, and emergency response specialists. Many of them are already operating on thin margins.
The FCC's own logic loop is what makes this filing worth reading. Regulators said the risks were serious enough to justify sweeping restrictions on new equipment authorizations and imports. But they did not say the risks were serious enough to ground the existing fleet — which means thousands of drones the FCC apparently considers potentially dangerous are still in the air, doing real work, right now. If that fleet truly posed an immediate and unavoidable threat, it would not be allowed to fly.
DSPA is calling the FCC's bluff. The question is whether anyone in Washington is listening.
Sources: