Kat Ramsey, DJI’s director for U.S. government relations, told the Joint Interim Committees that the company has implemented multiple security and data‑control measures for enterprise customers and public‑safety users.

Ramsey said DJI introduced Remote ID about 18 months before the FAA adopted a similar requirement and highlighted features such as return‑to‑home, obstacle sensing and map‑based warnings for sensitive locations. For data control she described a local data mode that severs app connections to the Internet so an operator can run an "air‑gapped" flight where images and logs remain on operator devices or private cloud storage.

"In The US, as of last year, we no longer offer even that option. Users cannot share any information with DJI servers," Ramsey said, describing U.S. data storage on Amazon Web Services when data is shared outside China, TLS encryption for data in transit and enterprise options (standard, restricted, local) that limit network functions.

Ramsey said DJI runs a bug bounty program and periodically submits products for independent technical audits; she cited third‑party reviews including work conducted through a Department of Energy laboratory and assessments by industry contractors. She added that DJI has asked U.S. federal agencies to conduct a penetration test and audit but that, as of the hearing, none of the named agencies had taken up that work.

On geofencing, Ramsey said DJI no longer enforces mandatory geofences because they limited emergency operations, but that the company provides updated maps and in‑app warnings for restricted locations; she said enterprise customers historically could obtain exemptions (QEP codes) to fly in restricted areas when mission‑critical operations required it.

Ending: Ramsey offered to share DJI’s trust center materials and white paper with the committee and invited follow‑up with enterprise solutions staff to discuss state‑specific technical controls.