The American Drone Security Act: The Sequel

The original American Drone Security Act (ADSA) proposal has had a significant impact on the drone industry, even though it was not passed.  The ADSA has now been reintroduced, however – with some changes.  Guest Contributor Dawn Zoldi, drone law expert and CEO of P3 Tech Consulting, gives us the deep dive into this version, outlining what’s new, what remains the same, and why it’s important for the drone industry to watch.

By Dawn M.K. Zoldi, Guest Contributor

In cinema, the sequel often fails to come close to the original. Rocky II did not pack quite the same punch as Rocky. Senator Rick Scott (R-FL) just reintroduced the American Drone Security Act (ADSA) into 117th Congress and it’s essentially a remake of his original Senate Bill 2502, with bonus features. Like Balboa’s right hook, for some, it could pack a bit of a wallop.

This newest iteration largely tracks its predecessor. It would, with limited exceptions, prohibit the feds from purchasing, operating, doling out federal funds to purchase or operate or using the government-issued purchased cards to buy “covered unmanned aircraft systems (UAS) from covered foreign entities.”

Words matter – and these terms have very specific and nuanced meanings. The easy one is “covered UAS.” It has the same meaning as in the Federal Aviation Authority laws: “the unmanned aircraft and associated elements (including communication links and the components that control the unmanned aircraft) that are required for the operator to operate safely and efficiently in the national airspace system.” (49 USC 44801).

The term ‘‘covered foreign entity’’ is a bit more complicated. It means an entity included on a list developed and maintained by the Federal Acquisition Security Council (FASC). This is different from last year’s proposal because that bill did not mention the FASC at all.

For the uninitiated, the 2018 Federal Acquisition Supply Chain Security Act (FASCSA) established the FASC as an executive branch interagency council to improve executive branch coordination, supply chain information sharing, and actions to address supply chain risks in information and communications technology and services.

A senior-level official from the Office of Management and Budget (OMB) chairs the Council, which includes representatives from the General Services Administration; Department of Homeland Security (DHS) and its Cybersecurity and Infrastructure Security Agency (CISA); Office of the Director of National Intelligence (ODNI) and its National Counterintelligence and Security Center; Department of Justice and its Federal Bureau of Investigation; Department of Defense (DoD) and its National Security Agency; Department of Commerce (Commerce) and its National Institute of Standards and Technology and “any other executive agency, or agency component, as determined by the Chairperson of the FASC.”

OMB published an Interim Final Rule on the FASC, effective September 1, 2020, which nevertheless still allowed for public comment through November 2, 2020. A whopping six comments were submitted (compare that to 53,000 for the Federal Aviation Administration’s Remote Identification rule!) There has been no updates or action since, so let’s assume this one is good to go.

The Rule creates the Information Sharing Agency (ISA), led by the CISA. The ISA standardizes processes and procedures for submitting and disseminating supply chain information to the FASC’s technical expert group, the Supply Chain Risk Management (SCRM) Task Force. This Task Force conducts risk assessments and, among other things, recommends that DHS, DoD and ODNI issue  “exclusion orders,” to exclude sources or “covered articles” from future federal procurement actions. “Covered articles” include, among other things, “Hardware, systems, devices, software, or services that include embedded or incidental information technology” (think: drones). The rule outlines specific review criteria and processes too lengthy to address here.

Now, back to our regularly scheduled program. As noted above, the American Drone Security Act (ADSA), which contains various bans relating to “covered foreign entity,” defines that term as an entity included on a list developed and maintained by the FASC. The FASC Rule speaks of no particular “covered entity list” (nor does the FASCSA for that matter).  However, it can be implied that such list would be maintained as part of the Task Force recommendation to DHS, DoD and/or ODNI for their various orders. In the ADSA, Congress (external to the FASCSA), essentially directs that the FASC list willinclude entities that are:

• On the Consolidated Screening List (CSL). This is a list of parties for which Commerce maintains restrictions on certain exports, reexports, or transfers of items. (I addressed export controls previously in Inside Unmanned Systems magazine). For example, a search of this handy CLS search engine for the name “DJI” pulls up their latest blacklist information.
• Foreign-Directed. Any entity that is subject to extrajudicial direction from a foreign government, as determined by the Secretary of Homeland Security. Think: foreign government directed or sponsored.
• Deemed National Security Risks. Any entity that the principals of DHS, in coordination with the ODNI and DoD, determines poses a national security risk.
• China-Based or Subject to PRC Control. Any entity domiciled in the People’s Republic of China or subject to influence or control by the Government of the People Republic of China or the Communist Party of the People’s Republic of China, as determined by the DHS Secretary.
• Subsidiaries and Affiliates of the above.

In the 2020 version, the “covered entity” definition included “a covered entity designated by the Secretary of Commerce.” This is now gone, probably as housekeeping, given that Commerce controls the CSL and is a key member of the FASC.

With these key definitions in mind, the American Drone Security Act specifically prohibits the feds from:

• Buying UAS and associated elements, manufactured or assembled by such covered foreign entities (Section 3). Associated elements are comm links and components that control the UA. The new bit is that the FASC, in coordination with the Secretary of Transportation, will develop and update a list of these associated elements.
• Operating covered UAS manufactured or assembled by a covered foreign entity (Section 4). This one also applies to federal contractors. It has a 2 year-from-enactment implementation horizon. Finally, it requires DHS to produce relevant regulations within 6 months.
• Using federal funds for federal awards (grants, cooperative agreements, contracts) to buy or operate these drones or counter-UAS tech (Section 5). This one has a 2 year horizon as well.
• Using the Government Purchase Card to buy them. Now and period.

There are four common exceptions that apply to Sections 3 – 5, below. The last three are new:

• DHS, DoD and the Attorney General R&D/T&E. These folks can buy/operate the covered drones solely for research, evaluation, training, testing or analysis in the areas of electronic warfare, info warfare ops, UAS/counter-UAS tech development, counterterrorsim or counterintel, federal criminal or national security investigations and “as required in the national interest of the U.S.”
• FAA Alliance for System Safety of UAS through Research Excellence (ASSURE) Center for Excellence for UAS R&D/T&E. As long as SecTrans consults with DHS, ASSURE can buy and operate covered drones for research etc.
• National Transportation Safety Board (NTSB) Safety Investigations. Buying and using covered drones solely for safety investigations is good to go, so long as NTSB first consults with DHS.
• National Oceanic Atmospheric Administration (NOAA) for Marine/Atmospheric Science or Management. Another new one, NOAA must also consult with DHS.

Section 5 on federal awards, contains one additional exemption. If the contract, grant or cooperative agreement was awarded prior to the law’s enactment date, it is good to go.

Waiver, as distinguished from exemption, is also possible for these same Sections. Such waiver must occur at the agency head level, with approval of DHS or SecDef, on a case-by-case basis and upon notifying Congress.

The proposal also contains inventory, reporting requirements, government-wide UAS procurement policy creation and an independent study relating essentially to the viability of the U.S. drone industry (which is not required to be sought until 3 years from enactment). These are also important, but are also the same as before. The true guts of the law are outlined above.

Will this one last all 9 rounds? Unclear, but this one is proposed by the same bi-partisan group (cosponsors Senators Chris Murphy (D-CT),  Marco Rubio (R- FL), Richard Blumenthal (D-CT), Marsha Blackburn (R-TN), Tom Cotton (R-AR) and Josh Hawley (R-MO)) that almost went the distance in 2020. Then again, the odds were in favor of a win last year, and we know how that turned out. So grab your seats and let’s get ready to rumble!

Dawn M.K. Zoldi (Colonel, USAF, Retired) is a licensed attorney with 28 years of combined active duty military and federal civil service to the Department of the Air Force. She is an internationally recognized expert on unmanned aircraft system law and policy, the Law-Tech Connect™ columnist for Inside Unmanned Systems magazine, a recipient of the Woman to Watch in UAS (Leadership) Award 2019, and the CEO of P3 Tech Consulting LLC. For more information, visit her website.