The National Defense Authorization Act has added UAS-specific restrictions across multiple annual cycles, and the cumulative result is a framework that requires more than checking whether a platform appears on the Defense Innovation Unit’s Blue UAS cleared list. The cleared list is a useful starting point. It is not a complete answer.
What the Restrictions Actually Cover
The foundational restriction is Section 848 of the FY2020 NDAA, which prohibits the Department of Defense from operating or procuring unmanned aircraft systems that use covered foreign entity components in flight controller, communication, or critical mission systems. The prohibited entities list includes the major Chinese UAS manufacturers and several component suppliers whose hardware appears throughout the commercial drone supply chain.
Section 889 of the same act extends the restriction to telecommunications and video surveillance equipment from covered entities — relevant to UAS platforms that use commercial off-the-shelf communications payloads, video downlinks, or RF components sourced from covered manufacturers.
Subsequent authorization cycles have extended these restrictions in scope, clarified enforcement authority, and added verification requirements for contractors and integrators supplying platforms to DoD customers. The trend is toward more specificity, not less, and the assumption that compliance can be inferred from a platform’s country of origin is no longer adequate.
Where the Gaps Are
Several categories of risk are consistently underestimated in platform procurement:
Component-level sourcing versus system-level labeling. A platform assembled in the United States by an American company can still contain prohibited components if those components were sourced from covered entities and incorporated before or during final assembly. Country of assembly is not the same as country of component origin. A genuine NDAA-compliant platform requires a verified bill of materials that traces each critical component to a domestic or non-covered supplier.
Software and firmware dependencies. Flight controllers and ground control software built on open-source foundations can introduce covered entity code through library dependencies, proprietary extensions, or third-party integrations. The autopilot architecture matters, not just the autopilot label.
After-market modification. Platforms purchased as NDAA-compliant can become non-compliant if subsequently modified with aftermarket components from covered entities. Units that have made field modifications to their platforms should verify that those modifications have not reintroduced prohibited technology.
Communications payloads. The UAS airframe may be clean while the ISR or communications payload attached to it contains covered entity hardware. Procurement officers buying integrated configurations need to verify the payload stack, not just the platform.
What Verification Actually Requires
A credible NDAA compliance claim requires documentation at the component level — not a manufacturer’s assertion, not a cleared list entry, and not a domestic assembly location. The documentation should identify critical components by part number and manufacturer, trace each to a domestic or verified non-covered supplier, and be current to the production lot being delivered.
Procurement officers should ask for this documentation before award and include compliance verification requirements in the contract. A platform provider that cannot produce component-level sourcing documentation within a reasonable response window is a platform provider that cannot verify its own supply chain.
The Blue UAS cleared list, maintained by the Defense Innovation Unit, represents a vetted set of platforms that have undergone this verification process. It is the most efficient starting point for procurement. But the cleared list is not a static guarantee — it reflects the platform configuration at the time of evaluation, and platforms evolve. Verifying that a cleared-list platform has not changed materially since its last evaluation is a due diligence step, not an administrative formality.
The Practical Standard
The practical standard for a defensible procurement decision is documentation that would survive an audit: component-level sourcing records, a manufacturer’s compliance attestation that identifies the specific authorization cycle requirements being met, and a record of when that attestation was last updated relative to the current production configuration.
Platforms that have invested in genuine NDAA compliance can produce this documentation readily. The ones that cannot are the ones that require the most scrutiny.