How an August 2017 Army memo ordering the removal of all DJI drones from service set off a multi-year recalibration of US government drone procurement — and accelerated data-security features that have shaped the consumer market ever since.
On August 2, 2017, the US Army issued a memorandum ordering all personnel to stop using DJI-manufactured drones, uninstall DJI software from Army computers, and remove batteries and storage media from any DJI drones held in Army storage. The memo — first reported by the SUAS News site — cited “increased awareness of cyber vulnerabilities associated with DJI products,” without specifying what those vulnerabilities were. This piece looks at the 2017 memo, DJI’s response, the subsequent developments across the US government, and how the episode reshaped consumer drone procurement policy in ways that continue to affect the market today. For a companion piece focused on DJI’s technical response — the Local Data Mode feature — see our related article.
The memo and what it required
The August 2, 2017 memo was specific in its requirements. It directed Army personnel across all commands to:
- Immediately cease use of DJI-manufactured drones.
- Uninstall all DJI applications from government computers and mobile devices.
- Remove all batteries and storage media from any DJI drones held in Army inventory, effectively rendering the equipment non-operational.
- Report the compliance status back up the chain of command.
The instruction was notable for both its reach and its vagueness. It applied to all DJI drones — not specific models, not specific use cases — and it cited “cyber vulnerabilities” without identifying them. For an Army memo of this type, the lack of specificity was unusual. Typically, a directive to stop using a specific vendor’s equipment would be accompanied by at least a general description of the identified problem. The absence of such detail suggested either that the underlying concerns were classified, that they were sufficiently diffuse that no single vulnerability could be named, or that the decision reflected a precautionary stance rather than a specific technical finding.
Shortly after the initial memo, a follow-up dated 11 August 2017 introduced a mechanism for granting exceptions: once a DJI-supplied plug-in to the Army’s own drone-control software had been properly vetted, exceptions to the ban could be approved on a case-by-case basis. The follow-up indicated that the Army was not categorically refusing to consider DJI hardware; it was demanding a higher standard of validation before allowing its use.
DJI’s position
DJI, headquartered in Shenzhen, was and remains the dominant global manufacturer of consumer and prosumer drones. The company’s response to the Army memo was measured. In statements to the BBC and other outlets, DJI said that it had not been informed of the Army’s specific concerns ahead of the memo’s publication, that it had already been developing enhanced data-security options for enterprise customers, and that it was accelerating the rollout of those options in response to the renewed customer interest the memo created.
The company also pointed out, accurately, that its flight-control applications do not automatically upload flight logs, video or still images unless the user opts in. The default behaviour of the DJI apps included periodic connectivity for software updates, map data, and geofencing information, but customer-generated flight data remained on the device unless the user chose to back it up.
DJI had previously faced public scrutiny in 2016, when a junior member of its staff told reporters that the company had shared customer data with Chinese authorities. The company issued a clarification shortly afterwards, saying the employee had “misspoke” and that DJI only handed over customer information in response to valid legal requests from Chinese authorities or from other governments — the same standard any multinational technology company would apply.
For DJI, the 2017 memo was a significant business event. The company’s US government and military sales were not a large share of its overall revenue, but they were high-profile and carried signal value for adjacent enterprise customers. The memo’s public-relations impact extended beyond the Army itself to any institutional buyer that might reasonably wonder whether the US Army’s concerns should apply to its own procurement decisions.
The Local Data Mode response
In the weeks after the memo, DJI announced Local Data Mode — a feature that allows the DJI flight-control app to operate entirely offline, preventing any exchange of data with DJI’s servers during a flight. The feature was launched in late September 2017, roughly two months after the Army memo, and it was explicitly targeted at enterprise and government customers operating in contexts where data transmission was a procurement concern.
Enabling Local Data Mode disables several features that depend on internet connectivity: live streaming to services like YouTube; automatic installation of map updates and new geofencing boundaries; and notifications about newly-issued airspace restrictions. These trade-offs are acceptable to enterprise users flying known missions in controlled environments but would be limiting to consumer pilots who benefit from the latest airspace data. For that reason, DJI noted that the mode might not be available in jurisdictions where pilots are legally required to have up-to-date airspace information at all times.
Local Data Mode addressed the specific data-transmission concern that could be inferred from the Army memo. What it did not address — and could not, by its nature — was broader concerns about supply-chain origin, firmware auditability, or the geopolitical status of a Chinese-manufactured drone in sensitive US government contexts. Those concerns would continue to drive policy developments in subsequent years.
The years after 2017
The 2017 Army memo turned out to be an early signal in what has become a sustained recalibration of US government procurement of Chinese-manufactured drones. Key developments since:
- 2019–2020: The US Department of the Interior grounded its fleet of approximately 800 DJI-made drones pending a security review, citing concerns about Chinese-made components.
- 2020: The US Department of Defense added DJI to a list of companies believed to be linked to the Chinese military, adding additional procurement restrictions.
- 2021: The US Treasury added DJI to its investment blacklist, restricting US investment in the company.
- 2022–2024: Various legislative proposals sought to ban DJI products from federal procurement more broadly. The National Defense Authorization Act has included Chinese-drone restrictions in several recent versions.
- Throughout: US domestic drone manufacturers — particularly Skydio and BRINC — have positioned themselves as alternatives for government and sensitive-enterprise buyers, benefiting significantly from the recalibrated procurement environment.
For consumer and commercial drone buyers outside the US government and its contractors, DJI’s products have remained the dominant choice throughout. The 2017 memo and subsequent policy developments affected a specific institutional procurement space rather than the general consumer market, and DJI has continued to release new drones and expand its product line across the period.
What the memo meant for the broader market
Looking back at the 2017 Army memo with several years of subsequent context, a few observations are clear.
First, the memo established that the data-security properties of consumer drones are a procurement consideration at institutional scale. Before 2017, consumer drones were largely purchased on price, capability and reliability. After 2017, any serious institutional buyer had to evaluate the software stack, cloud dependencies, and geopolitical origin of the drone in addition to its hardware. This is now an accepted feature of the procurement landscape.
Second, the memo accelerated the development of enterprise-focused drone software. DJI’s own Pilot and Pilot 2 apps, Local Data Mode, Flight Hub and related enterprise tools were all developed against a backdrop of heightened institutional attention to data-security questions. Competitors — particularly those positioning themselves against DJI — were pushed to develop equivalent enterprise features.
Third, the memo opened market space for non-Chinese drone manufacturers. Skydio in the US, Parrot in France, and several other manufacturers have built significant enterprise and government businesses on the foundation of buyers who want non-DJI options for policy reasons. This is not the same thing as saying their products are as capable as DJI’s — the comparative technical merit is a separate question — but the existence of a market for non-DJI alternatives is a direct consequence of the recalibration the 2017 memo initiated.
Closing
The US Army’s 2017 memo on DJI drones was a single-page document with disproportionate consequences. It did not by itself resolve the questions it raised — the specific vulnerabilities it referenced were never publicly detailed — but it established a framework in which those questions had to be considered by every institutional buyer of consumer drones. Seven years later, the consumer drone market is still technically dominated by DJI, but the institutional procurement landscape is bifurcated, the data-security features that exist in the current generation of drones owe much to DJI’s 2017 response, and the broader question of Chinese-manufactured hardware in sensitive US applications remains active. The memo started a conversation that has continued to develop since.
