NDAA Compliance for Drone Programs: A Procurement Guide

This guide is for agency program managers, contracting officers, and procurement specialists responsible for acquiring UAS components under NDAA Section 889 requirements. It covers the legal framework, compliance verification process, acquisition pathways, and practical guidance for writing compliant solicitations.

The Legal Framework

NDAA Section 889 (codified in the John S. McCain National Defense Authorization Act for Fiscal Year 2019) establishes two primary prohibitions. Part A (effective August 2019) prohibits federal agencies from procuring covered telecommunications and video surveillance equipment. Part B (effective August 2020) prohibits federal agencies from contracting with entities that use covered equipment, even for non-covered purposes.

"Covered equipment" includes items manufactured by Huawei Technologies, ZTE Corporation, Hytera Communications, Hangzhou Hikvision, and Dahua Technology, as well as their subsidiaries, affiliates, and any entity that the Secretary of Defense reasonably believes is controlled by or connected to the Chinese government.

For UAS procurement specifically, this means any component in the drone's supply chain — from the flight controller's processor to the camera sensor to the radio transceiver — must not originate from a covered entity.

Compliance Verification Process

Step 1: Identify the Acquisition Pathway

Three pathways exist for procuring compliant UAS components:

Blue UAS Framework: Products listed on the DIU Blue UAS Cleared List have undergone government review for cybersecurity, supply chain integrity, and operational standards. This is the fastest path — no additional review is required for listed products.
Green UAS (Buy American): Products that meet Buy American Act requirements and have received an individual assessment from the procuring agency. More flexible than Blue UAS but requires agency-level review.
Waiver/Exception: In limited cases, agencies may obtain waivers for non-compliant equipment if no compliant alternative exists and the mission requires it. Waivers are rare and require senior-level approval.

Step 2: Vendor Due Diligence

For each vendor, verify the following:

Corporate registration: Is the company registered in the US or an allied nation? Verify against SAM.gov for government contractors.
Self-attestation: Does the vendor provide a written statement of NDAA compliance? Request a compliance letter on company letterhead.
Supply chain documentation: Can the vendor provide a Bill of Materials showing country of origin for key sub-components (processors, radio ICs, camera sensors, PCBs)?
Blue UAS or equivalent listing: Check the current Blue UAS Cleared List for the product.
FCC certification: For RF-emitting components, verify current FCC authorization via the FCC Equipment Authorization database.

Step 3: Component-Level Review

For DIY or custom-build programs (as opposed to purchasing a complete listed system), each component requires individual verification. The BlackAtlas NDAA Component Database provides a pre-screened catalog of 138 verified components across 19 categories, with compliance status, manufacturer data, and country of origin for each entry.

Writing Compliant Solicitations

When drafting RFPs, RFQs, or SOWs for UAS components, include the following language:

Sample solicitation clause: "All UAS components, sub-components, and software provided under this contract shall comply with NDAA Section 889(a)(1)(A) and (B). The contractor shall certify that no covered telecommunications or video surveillance equipment (as defined in Section 889) is incorporated in any deliverable. Products listed on the DIU Blue UAS Framework Cleared List are preferred. For products not on the Blue UAS list, the contractor shall provide supply chain documentation demonstrating compliance, including country of origin for all RF-emitting components, processors, and camera/sensor modules."

Common Procurement Pitfalls

Assuming "commercial off-the-shelf" means compliant: Many popular COTS drone components (DJI, Caddx, iFlight, BetaFPV) are manufactured in China and do not meet NDAA requirements, regardless of where they're sold.
Confusing NDAA compliance with "Made in USA": A product can be NDAA compliant without being US-manufactured — it simply must not contain covered telecommunications equipment. Allied nations' products are generally compliant.
Overlooking sub-components: A US-assembled product may contain Chinese-sourced ICs or sensors that create compliance issues. The relevant question is the supply chain, not just the final assembly location.
Relying solely on Blue UAS listing: The Blue UAS list is not exhaustive. Many compliant products exist that haven't gone through the DIU review process. Absence from the list does not indicate non-compliance.
Ignoring the FCC Covered List: Since 2024, the FCC maintains a separate Covered List restricting authorization of equipment from covered entities. Even if a component is NDAA compliant, check that its FCC authorization hasn't been revoked or flagged. The current deadline for Blue UAS exemptions is January 1, 2027.

Available Resources

Resource	What It Does	Link
BlackAtlas Component Database	138 pre-screened NDAA components with compliance status	Browse
UAS Build Configurator	Interactive build tool with compliance scorecard and BOM export	Open
Live Compliance Status	Real-time Blue UAS and FCC Covered List tracking	View
Agency Procurement Guide	Detailed procurement workflows for government buyers	Read
Compatibility Matrix	Verified component stacks for common mission profiles	View

Need a Custom Build Quote?

Configure a complete NDAA-compliant UAS build and request a quote. We source, assemble, test, and deliver ready-to-fly platforms.

Start Building