A little over six months after Congress passed the SAFER SKIES Act (the Act), DOJ and DHS have released the rulebook that authorizes state, local, tribal, and territorial (SLTT) law enforcement agencies to deploy counter-UAS (C-UAS) technology for detection and mitigation operations. The Interim Final Rule (released for public inspection and effective July 1, 2026) lays out what agencies can buy, who can operate it, and what federal legal relief applies. For SLTT agencies, it is the operational roadmap they’ve been waiting for and for industry, it provides legal certainty for their customers.
The Structure of the IFR
The IFR separately lists each Department’s authority: DOJ authority is codified in 28 CFR Part 124, and DHS authority in 6 CFR Part 124. The regulations are textually identical but tied to distinct Departmental mandates, a structural feature to monitor as the two Departments operationalize the rules through their respective authorities.
The rule establishes four key pillars:
- Two certification tiers: one for detection and warning operations and a more rigorous tier for mitigation operations.
- Two-list technology framework: the Authorized Technologies List (the “ATL” lists categories of technology) and the Authorized Systems List (the “ASL” lists specific systems within each category).
- Three data categories: control communications, raw sensor data, and pattern data, each triggering privacy and retention requirements and sharing restrictions.
- Phased national rollout: rapid deployment of detect-and-warn capabilities across the country; slower and more controlled deployment of mitigation capabilities.
Critically, the IFR clarifies a legal ambiguity within the industry since the 2018 Preventing Emerging Threats Act. The rule explicitly states that it only applies to C-UAS technology that requires the legal relief provided for in the Act, such as RF-based systems (detection with signal interception, RF disruption/jamming, command injection) and mitigation technologies. It explicitly does not apply to passive technologies like electro-optical, infrared, acoustic sensors, or radar, which agencies could use lawfully, subject to FCC regulations, before the Act and can continue using under existing law. The IFR repeats this distinction in an apparent nod to the legal gray area the industry and public safety agencies have navigated for eight years.
Detect and Warn vs. Mitigation: A Side-by-Side Comparison
The rule establishes a tiered approach reflecting statutory risk allocation. Detection is a rapid rollout with low friction, while mitigation is a controlled, phased rollout requiring intensive training. Here’s the operational breakdown:
| Requirement | Detection & Warning | Mitigation |
|---|---|---|
| Who can operate | Authorized personnel (no contractors) holding Detect-and-Warn Certification obtained from online training | Authorized personnel (no contractors) holding Detect-and-Warn Certificate + Mitigation Certificate from live NCUTC training |
| Technology | Any system within ATL categories; no system-level approval required until ASL is populated | Any ATL-category system until ASL is populated; then must use only ASL-listed systems |
| Agency approval | Self-attestation via Federal C-UAS Coordination portal that agency has adopted in its detection-and-warning policy | Self-attestation that agency has adopted comprehensive C-UAS Operations Plan (model to be published by DOJ/DHS) |
| Pre-operation coordination | None for passive systems | Required; agencies must notify federal partners before operating |
| Post-operation reporting | Compliance with privacy/data handling/retention rules | Compliance with privacy/data handling/retention rules and 48-hour mitigation action report to DOJ and DHS |
| Speed to deployment | Days (online training, automatic-certification, portal attestation) | Months (live training pipeline required, coordination workflows, ops plan development) |
The IFR states that SLTT agencies can deploy detection capabilities in days if they already own detection equipment by: (1) becoming certified, (2) completing self-attestation through the online portal, and (3) developing and executing their Detect-and-Warn policy.
Mitigation technology requires that SLTT agencies comply with heightened safety and security requirements. Agency personnel must attend live training at the FBI’s National Counter-UAS Training Center (NCUTC). However, the IFR allows other qualified Federal training providers to deliver instruction if NCUTC maintains oversight and certification authority, a much-needed solution to the current training bottleneck at NCUTC.
Understanding the C-UAS Equipment Framework: Authorized Technologies and Authorized Systems

The rule establishes a two-tier equipment approval structure. The Authorized Technologies List (ATL) identifies categories of technology authorized for SLTT agency use, such as broadband jamming. The Authorized Systems List (ASL) identifies specific systems within those categories by make and model.
Until the ASL is populated for a particular technology category, SLTT agencies can deploy any system within the ATL categories. But once the ASL is populated, which is expected to happen on a rolling basis over the coming months, agencies must switch to only the systems listed on the ASL.
The IFR expects the ASL to start with RF detection (command-and-control signal interception), RF disruption (broadband and protocol-specific jamming), and RF protocol manipulation (command injection and cyber takeover). The ASL will be populated on a rolling basis, starting with systems that already have federal operational deployment history under the 2018 statute and existing interagency coordination.
Mitigation Requires Use of a Model C-UAS Operations Plan
SLTT agencies using mitigation technology will be required to use a model C-UAS Operations Plan that DOJ and DHS will publish. This model will not be built from scratch. It will reflect the operational experience of DOJ and DHS over the past eight years of conducting C-UAS operations at covered facilities and assets, refining procedures, learning what works operationally, and documenting the decision-making required to conduct mitigation safely and lawfully.
The model plan includes comprehensive requirements for threat assessments, coordination workflows, data handling, and post-operation reporting. All of these are drawn directly from federal practice. For agencies, this means the federal government is providing not just authority but a proven operational playbook they can use to get their programs started. For industry, it will provide further clarity on what clients will need in order to deploy their systems.
Privacy, Data, and the First Amendment Overlay
The IFR regulates three categories of C-UAS data collection: control communications, raw sensor data, and pattern data. It imposes explicit First Amendment and Fourth Amendment compliance requirements, sets data retention and sharing limits, and restricts collection of incidental or unrelated communications.
- Control communications encompass operator-to-aircraft signals and telemetry, including video and audio feeds used for navigation.
- Raw sensor data includes unprocessed outputs from detection and mitigation systems: RF captures, radar returns, imagery, acoustic signatures, and system telemetry.
- Pattern data consists of anonymized, aggregated trends reflecting UAS activity across multiple operations, with no identifying information.
These definitions will be critical as industry and public safety agencies develop unmanned traffic management (UTM) systems and navigate the legal restrictions governing data sharing. All stakeholders should carefully analyze these definitions and their associated sharing restrictions and provide feedback on any unintended consequences on the development of UTM systems.
The FCC’s Spectrum Move: A Sea-Shift in C-UAS Regulatory Approval
With data governance addressed, the next critical gap was spectrum authority and regulatory clarity to deploy and operate C-UAS systems. While SLTT agencies still must comply with the Communications Act (spectrum licensing, equipment authorization, and harmful interference rules remain in effect), the FCC provided meaningful relief. On July 2, the FCC issued a companion fact sheet (DOC-422788A1) marking a regulatory inflection point. The FCC:
- Waived rules to allow the marketing and importation of counter-drone equipment that had previously faced regulatory barriers.
- Granted temporary spectrum authority to permit SLTT counter-drone actions in the near term, without requiring traditional long-form licensing applications.
- Clarified the Communications Act boundaries for testing and operational use of counter-drone technology, particularly around what constitutes “harmful interference.”
Joe Heaps, former Senior Policy Advisor at the FCC, Senior Physical Scientist at DOJ, and current President & CEO of Heaps Strategy Group, LLC, noted that,
“For eight years, FCC oversight created barriers: industry faced import and equipment authorization delays while SLTT agencies lacked a clear pathway to obtain relief. The IFR resolves this. Vendors can now accelerate R&D and commercialization under FCC’s temporary spectrum authority without traditional licensing delays. For agencies, receiving broad temporary spectrum authorization as long as they operate within the ATL framework and follow federal coordination protocols accelerates timelines for operations.”
The Comment Period Closes September 4, 2026

The rule is live and effective now. The 60-day comment period closes September 4.
SLTT agencies and the associations that represent them should be mobilizing their members to flag any operationally prohibitive requirements and where the federal framework misaligns with state and local practice. They should be asking whether the requirements in the detect-and-warn and C-UAS operations plan are realistic for their resourcing levels and whether they can comply with the different reporting requirements.
Here is the link to comment on the Interim Final Rule.
