2025 was a turning point for U.S. drone regulation. Two threads ran through the year. First, a sustained push from the federal executive branch and the FAA to move routine, commercial beyond-visual-line-of-sight operations out of ad hoc waivers and into a predictable, performance-based rule. Second, a parallel increase in attention to security, counter-UAS authorities, and state-level privacy limits that together underscored how fractured the governance landscape remains.
The White House signaled the federal intent in June with the executive order Unleashing American Drone Dominance. That order directed the FAA to accelerate BVLOS rulemaking, to deploy AI tools to speed Part 107 waiver reviews, and to prioritize a domestic industrial base for trusted UAS technologies. It set aggressive deadlines and framed rapid scaling of low-altitude operations as a national priority.
The FAA answered by publishing a long‑anticipated Notice of Proposed Rulemaking to create a new Part 108 governing BVLOS operations at low altitude. The NPRM is the biggest shift since Part 107: it proposes a performance and risk based framework that would replace many individualized waivers with two scalable authorizations, permits for lower‑risk activity and certificates for higher‑risk operations. Key proposed elements include airworthiness acceptance tied to consensus standards rather than full type certification, limits tied to population-density categories, routine operations below 400 feet AGL with strategic deconfliction requirements, lane‑style operational controls managed by automated data services, and explicit changes to right‑of‑way rules involving ADS‑B or electronic conspicuity. The NPRM was published in August and opened a 60‑day comment window.
The NPRM is consequential but controversial. Industry groups generally welcomed a clear path for scaled BVLOS flights, noting that waivers are a bottleneck for delivery, inspection, and utility use cases. At the same time, general aviation, aerial applicators, and some public‑safety operators raised concerns about parts of the proposal that shift collision‑avoidance burdens, and aviation safety groups asked for stronger detect‑and‑avoid expectations before granting drones de facto right‑of‑way over non‑cooperative manned aircraft. The FAA paired the NPRM with proposed TSA security provisions for certain operations, which many commenters said needed clarification to avoid undue burdens. Thousands of comments arrived during the docket period, signaling strong stakeholder engagement.
Remote identification remains the baseline requirement for integration. The FAA’s Remote ID framework continued to be the foundation for attribution and enforcement in 2025. Operators required to register must use standard Remote ID, retrofit broadcast modules, or operate inside FAA‑recognized identification areas. Remote ID is essential to many of the Part 108 concepts because it provides the attribution layer that law enforcement, automated data services, and strategic deconfliction systems will rely on. Yet Remote ID also continues to raise privacy and operational questions for hobbyists, event operators, and research programs.
Security and counter‑UAS policy also moved forward. In the defense and homeland security space, appropriations and authorization language retained a focus on detection and mitigation capability expansion. Congressional attention to counter‑UAS funding and organizational reforms continued in 2025, with legislative work and committee products documenting increased procurement and a call for more structured interagency coordination on defeat authorities. Those changes reflect a policy reality: as drone activity increases, the government is both enabling benign commercial scale and beefing up tools to address malicious use. The result is a dual regulatory posture that tries to be permissive for trusted, compliant operators while expanding defensive authorities for government actors.
At the same time, states and localities advanced their own suites of laws, mostly focused on privacy or narrowly defined no‑fly zones. The result is a patchwork. State legislatures passed statutes addressing unauthorized surveillance, limits on flying near critical facilities, protections for farms and agricultural operations, and occasionally procurement rules for “trusted” hardware. National Council of State Legislatures tracking shows continuing variation across states in both topics and enforcement mechanisms. That patchwork matters because many privacy and property questions lie outside FAA jurisdiction, and operators seeking to scale BVLOS or delivery services must plan for inconsistent local constraints. Examples such as recent state proposals to expand protections around farmsteads illustrate how quickly local concerns can produce operational limits that interact awkwardly with federal airspace policy.
What this all means for operators, policymakers, and communities
1) Transition clarity must be a priority. The Part 108 proposal promises a scalable regime, but the FAA and DOT will need explicit, realistic transition mechanisms for existing BVLOS waivers and ongoing experimental programs. Without clear grandfathering or expedited conversion processes, operators face regulatory uncertainty that will slow investment and deployment.
2) Right‑of‑way and detect‑and‑avoid tradeoffs remain unresolved. The NPRM’s leaning toward performance‑based mitigations and reliance on cooperative equipage creates tension with pilots who operate without ADS‑B or electronic conspicuity. Policymakers should avoid shifting uncompensated equipage burdens onto legacy aviators without a clear technical and enforcement path that demonstrably reduces risk.
3) AI for approvals requires transparency and governance. The executive order set a firm timeline for FAA use of AI to expedite Part 107 waiver reviews. Vendors and integrators stepped forward quickly, but responsible deployment will require documented audit trails, human‑in‑the‑loop safeguards, and public explanation of how AI shapes decisions. Transparency serves both safety and public trust.
4) Aligning security with civil liberties. Increased counter‑UAS investment and broader authority for government agencies is understandable given national security and critical infrastructure threats. But lawmakers and administrators must balance those powers with oversight, reporting requirements, and limits on private countermeasures to avoid a new era of uncoordinated takedowns and civil rights impacts.
5) Federal‑state coordination is urgent. States will continue to legislate on privacy and property. The federal government should provide clearer model language and preemption guidance where federal airspace safety rules apply, and leave room for legitimate local privacy protections. Harmonization will reduce compliance costs for commercial operators and reduce enforcement confusion for public safety agencies.
Bottom line
By October 2025 the U.S. had moved from conversation to concrete rulemaking. The executive order accelerated timelines and political will. The FAA’s Part 108 NPRM represents the technical architecture for routine BVLOS, but the proposal exposes difficult tradeoffs among automation, safety allocation, security, and privacy. The coming months will test whether the agency can convert a sprawling NPRM into a final rule that is both safe and commercially viable, while Congress and state legislatures finish shaping the security and privacy guardrails that will define where and how this low‑altitude economy actually grows. For regulators and operators alike, 2026 will be a year for implementation discipline, clearer transitions, and an insistence on transparency wherever AI and new enforcement authorities are used.