NDAA Section 848 Compatible Drones: A Buyer's Guide

NDAA Section 848 is the structural rule that determines which drone vendors can sell into US federal procurement. Codified as 10 U.S.C. § 4881, the rule restricts the Department of Defense from procuring uncrewed aircraft systems with components sourced from China, Russia, Iran, or other covered nations. The rule has spread beyond the DoD into the broader federal procurement frame, and the EU has implemented a parallel structure under EDIS. A buyer in 2026 evaluating drone vendors for any regulated US federal or critical-infrastructure procurement is operating inside this compliance envelope whether they realise it or not.

This is the practical 2026 buyer's guide to Section 848 — what it requires, what counts as covered, how the rule is verified, and where the sovereign-supply-chain market actually sits.

What Section 848 actually says

Section 848 originated in the National Defense Authorization Act for Fiscal Year 2020 and has been refined by subsequent NDAA cycles. The current statutory form, codified at 10 U.S.C. § 4881, restricts the US Department of Defense from operating, procuring, or contracting with vendors that supply covered uncrewed aircraft systems containing components originating in a defined list of covered foreign nations. The covered-nation list centres on China, Russia, Iran, and North Korea, with refinements added across NDAA cycles.

Two structural properties matter for procurement decisions.

First, the rule applies at the procurement contract level, not at the unit level. A DoD office cannot procure a non-compliant UAS, period — the buyer does not have a workaround route via informal acquisition, third-party intermediary, or aftermarket modification. Compliance is a precondition for the contract, not a quality the buyer can confer after the fact.

Second, the rule covers the supply chain, not just the airframe origin. A drone assembled in Switzerland with a Chinese-manufactured flight controller is not compliant. A US-assembled drone running a Chinese GPS receiver is not compliant. The covered-component scope explicitly extends to flight controllers, GNSS receivers, RF data links, ground-station hardware, autopilot systems, and the software supply chain. The compliance verification operates on the bill of materials, not on the final assembly location.

The downstream effect is structural: a vendor cannot become Section 848-compliant by relocating final assembly. Compliance is engineered into the supply chain from the beginning, or it isn't there.

The spread beyond the DoD

Section 848 is a DoD statute. The practical compliance frame has spread well beyond it.

Other federal agencies have mirrored the restriction. The Department of Homeland Security has implemented equivalent rules across its UAS procurement. The Department of Energy applies parallel restrictions to grid-resilience and critical-infrastructure UAS programmes. The Department of Transportation applies equivalent rules to UAS procurement under the Infrastructure Investment and Jobs Act and the Federal Aviation Administration's BVLOS pilot programmes. NASA applies parallel rules to its own UAS programmes. The pattern is consistent: federal procurement increasingly defaults to Section 848-equivalent compliance even where the originating statute does not strictly apply.

State-level procurement has followed. Several US states have implemented equivalent supply-chain restrictions on state-level critical-infrastructure UAS programmes — particularly states with significant defense industrial bases (Texas, Florida, Virginia, California) and states with state-level grid security funding (New York, Massachusetts, the Northwest cluster).

Commercial operators of critical infrastructure increasingly inherit the rule. Electric utilities operating under CIP (Critical Infrastructure Protection) standards face procurement scrutiny on UAS vendor selection. Rail operators subject to TSA security directives face equivalent scrutiny. Port and pipeline operators receive the rule from their downstream customers or insurance carriers.

The practical 2026 procurement frame: any UAS procurement with regulatory exposure should assume Section 848-equivalent compliance is required, regardless of which federal statute strictly applies.

What counts as a "covered component"

The covered-component scope is where buyers most often discover gaps in vendor claims. The acquisition guidance and the practical procurement-panel review treat the following as in-scope:

• Flight controllers — the central avionics unit. Chinese-manufactured flight controllers (including those under common consumer-vendor labels) are not compliant.
• GNSS receivers — GPS, Galileo, GLONASS, BeiDou-receiver hardware. The covered-nation rule applies to component manufacture, not signal source. A receiver manufactured in China that processes US GPS signals is still non-compliant.
• RF data links and command-and-control radios — the radios connecting the UAS to its ground station. Including the chipsets, the RF front-end components, and the modulation stack.
• Ground-station hardware — the operator-side hardware. Compliance verification applies to the ground station's components, not just the airborne system.
• Autopilot systems and inertial sensors — IMUs, gyros, accelerometers, magnetometers, barometers. Frequently the place where compliance gaps appear because sensor-class components are often consumer-grade and Chinese-origin.
• Propulsion components — motors, ESCs, propellers. Less commonly a gap, but verification applies.
• Software supply chain — including over-the-air update channels, software components from covered-nation suppliers, and the build infrastructure. A flight-control firmware that updates from a Chinese-controlled cloud endpoint is a software-supply-chain gap.

A vendor that ships an airframe assembled in a compliant jurisdiction with non-compliant flight controllers is not compliant. A vendor that ships compliant hardware with software-supply-chain gaps is not compliant. The diligence panel checks the full BOM and the full software supply chain.

The Blue UAS catalog — and what's outside it

The Defense Innovation Unit's Blue UAS programme is the pre-vetted catalog of Section 848-compliant small UAS. Vendors on Blue UAS have passed DIU's structured supply-chain review and are pre-approved for DoD procurement.

Blue UAS is narrow by design. The list focuses on small UAS in specific size and capability classes — primarily Group 1 and Group 2 platforms by DoD UAS classification. The addition cycle is slow, with new vendor onboarding taking months to years. The list does not cover enterprise-class UAS, drone-in-a-box systems with persistent-coverage capability, counter-UAS interceptors, hybrid UAV-UGV platforms, or specialised payload-class systems.

This is by design rather than by oversight. Most of the federal-civil and defense procurement budget in 2026 is in classes Blue UAS doesn't cover. The direct-contract procurement path — where a procuring office runs an equivalent supply-chain review on a non-listed vendor and procures under the same Section 848 standard — remains the active pathway for the broader procurement surface.

The direct-contract path requires three things from the vendor: a structured Section 848 compliance attestation, traceable BOM provenance documentation, and the willingness to support deep-audit on selective component classes. Vendors that maintain this documentation as a standing pack pass procurement reviews on first cycle. Vendors that don't either fail or trigger extended review cycles that delay award by months.

The EU parallel — EDIS

The European Union published the European Defence Industrial Strategy (EDIS) in March 2024. EDIS establishes parallel sovereign-supply-chain restrictions for EU member-state defense procurement, applying equivalent covered-nation rules across the EU.

The frame is similar to Section 848 in scope and effect: EU defense procurement increasingly excludes UAS vendors with covered-nation components, with national implementation varying by member state. For UAS vendors serving both US federal and EU defense procurement, the practical requirement converges: NATO-allied non-CN/RU/IR supply chain, traceable component provenance, software supply chain inside sovereign infrastructure.

The convergence has procurement implications. A vendor structured to satisfy Section 848 for the US side and EDIS for the EU side serves both markets on a single supply-chain architecture. A vendor structured for the Chinese supply chain is locked out of both. The bifurcation is structural and increasingly hard to bridge.

Where the compliant supply chain actually sits

The set of NATO-allied jurisdictions with credible UAS supply-chain depth is small. The US has prime-led capability concentrated in a small number of vendors. NATO Europe has depth in Poland, the Czech Republic, Germany, France, and Italy. The UK has specialised capability. The Nordic cluster has emerging capability.

Aviation Valley in southeastern Poland is the densest aerospace and defense supply cluster in NATO Europe outside the major prime hubs. The cluster integrates engineering bench, supplier network, certified aerospace materials supply, defense-procurement heritage, and EDIS-aligned industrial-strategy support. The Jasionka factory line that builds the Dronehub portfolio sits inside that cluster.

The structural advantage of Polish manufacturing for Section 848 procurement: full supply-chain provenance documentation, zero covered-nation components, defense-grade environmental specifications inherited from the cluster's aerospace heritage, and the EU industrial-strategy alignment that EDIS depends on. The same factory line serves Section 848 procurement for US federal-civil and defense buyers and EDIS procurement for EU defense buyers without a separate compliance architecture.

What this looks like for the procurement panel

For a US federal-civil buyer (DHS, DoE, DOT, NASA, FAA-funded programmes, state-level critical-infrastructure programmes) — the Section 848-equivalent compliance frame is now the default. Vendor selection collapses to NATO-allied non-CN suppliers with traceable BOM provenance and the documentation pack to survive the diligence review. Dronehub Inc. is the Delaware C-Corp US entity; manufacturing is at Jasionka in Aviation Valley under NATO-allied non-CN supply chain. The compliance pack survives federal procurement review on first cycle.

For a DoD buyer (SBIR/STTR, AFWERX, DIU, USSOCOM) — the rule applies structurally. Blue UAS covers the small-UAS class; direct-contract procurement covers the rest. Dronehub procures through both pathways. The portfolio (counter-UAS interceptor, drone-in-a-box persistent-coverage, hybrid UAV-UGV, mobile-dock convoy escort, AI inspection at infrastructure scale) maps to procurement topics across DoD innovation pipelines.

For an EU defense buyer (EDF consortium, NATO DIANA, national-MoD programmes) — EDIS-aligned sovereign supply chain is the equivalent of Section 848 compatibility. The same Jasionka manufacturing serves both compliance frames simultaneously.

For a commercial critical-infrastructure operator (utility, rail, port, refinery) — the rule is increasingly inherited from the regulator or downstream customer. Procurement of a Section 848-compatible vendor is the future-proof default.

The manufacturing-door page is at /manufacturing. The drone-in-a-box product line under sovereign supply chain is at /drone-in-a-box. The US federal R&D-partnership door is at /rd-partnership/us-defense. The dual-domicile entity structure (Delaware C-Corp Dronehub Inc. + Polish Sp. z o.o.) is documented on /about. For a procurement-readiness conversation, open the contact form.