Title 41 — Public ContractsRelease 119-73not60

§1829 Government-wide Policy for Procurement of Unmanned Aircraft Systems.

Title 41 › Subtitle Subtitle I— Federal Procurement Policy › Chapter 39— SPECIFIC TYPES OF CONTRACTS › § 1829

Last updated Apr 5, 2026|Official source

Summary

OMB must create, within 180 days after the Act is passed, a government-wide policy for buying unmanned aircraft systems (UAS) for non-Defense and non‑intelligence uses and for grants or cooperative agreements with nonfederal groups. OMB must work with the Department of Homeland Security, Department of Transportation, Department of Justice, other departments it chooses, and consult the National Institute of Standards and Technology. The policy must set security rules, using industry standards and NIST advice when possible, to protect federal information on UAS. It must cover controlled access; managing changes to software, firmware, and hardware with secure update methods; cryptographic protection of sensitive, privacy, and controlled unclassified data; safeguards during and after use; keeping data out of nonapproved storage or destinations; and letting users opt out of sending nonrequired data and choose with whom required data is shared. The policy must use a risk-based approach. Within 180 days after the policy is issued, the Federal Acquisition Regulatory Council must revise the Federal Acquisition Regulation as needed, and any agency not fully under the FAR must update its own rules. OMB must include subtitle exemptions and allow a written waiver by the head of the buying agency (not delegable below Deputy Secretary or Administrator) if no compliant product meets mission-critical needs; the waiver must say how many items and the procurement value, last no more than 3 years, be reported to OMB, and be sent within 30 days to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Oversight and Accountability of the House of Representatives.

Full Legal Text

Title 41, §1829

Public Contracts — Source: USLM XML via OLRC

“(a)Not later than 180 days after the date of the enactment of this Act, the Director of the Office of Management and Budget, in coordination with the Department of Homeland Security, Department of Transportation, the Department of Justice, and other Departments as determined by the Director of the Office of Management and Budget, and in consultation with the National Institute of Standards and Technology, shall establish a government-wide policy for the procurement of an unmanned aircraft system—

“(1)for non-Department of Defense and non-intelligence community operations; and

“(2)through grants and cooperative agreements entered into with non-Federal entities.

“(b)The policy developed under subsection (a) shall include the following specifications, which to the extent practicable, shall be based on industry standards and technical guidance from the National Institute of Standards and Technology, to address the risks associated with processing, storing, and transmitting Federal information in an unmanned aircraft system:

“(1)Protections to ensure controlled access to an unmanned aircraft system.

“(2)Protecting software, firmware, and hardware by ensuring changes to an unmanned aircraft system are properly managed, including by ensuring an unmanned aircraft system can be updated using a secure, controlled, and configurable mechanism.

“(3)Cryptographically securing sensitive collected, stored, and transmitted data, including proper handling of privacy data and other controlled unclassified information.

“(4)Appropriate safeguards necessary to protect sensitive information, including during and after use of an unmanned aircraft system.

“(5)Appropriate data security to ensure that data is not transmitted to or stored in non-approved locations.

“(6)The ability to opt out of the uploading, downloading, or transmitting of data that is not required by law or regulation and an ability to choose with whom and where information is shared when it is required.

“(c)The policy developed under subsection (a) shall reflect an appropriate risk-based approach to information security related to use of an unmanned aircraft system.

“(d)Not later than 180 days after the date on which the policy required under subsection (a) is issued—

“(1)the Federal Acquisition Regulatory Council shall revise the Federal Acquisition Regulation, as necessary, to implement the policy; and

“(2)any Federal department or agency or other Federal entity not subject to, or not subject solely to, the Federal Acquisition Regulation shall revise applicable policy, guidance, or regulations, as necessary, to implement the policy.

“(e)In developing the policy required under subsection (a), the Director of the Office of Management and Budget shall—

“(1)incorporate policies to implement the exemptions contained in this subtitle; and

“(2)incorporate an exemption to the policy in the case of a head of the procuring department or agency determining, in writing, that no product that complies with the information security requirements described in subsection (b) is capable of fulfilling mission critical performance requirements, and such determination—

“(A)may not be delegated below the level of the Deputy Secretary, or Administrator, of the procuring department or agency;

“(B)shall specify—

“(i)the quantity of end items to which the waiver applies and the procurement value of those items; and

“(ii)the time period over which the waiver applies, which shall not exceed three years;

“(C)shall be reported to the Office of Management and Budget following issuance of such a determination; and

“(D)not later than 30 days after the date on which the determination is made, shall be provided to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Oversight and Accountability of the House of Representatives.

Reference

Citations & Metadata

Citation

41 U.S.C. § 1829

Title 41 — Public Contracts

Last Updated

Apr 5, 2026

Release point: 119-73not60