DJI Trust Center
OverviewConsumerEnterpriseBug BountyResources

Security Audits & Certifications

Since 2017, DJI’s data security practices have been validated by multiple federal agencies as well as independent private sector firms. The agencies independently procure DJI products off-the-shelf and conduct a thorough technical investigation.

An overview of the audits and their findings are outlined below.

ETSI EN 303 645 CERTIFICATION FOR DJI ROMO (2025)
DJI Romo has obtained ETSI EN 303 645 certification by TÜV SÜD, confirming that Romo meets internationally recognized cybersecurity standards for consumer Internet of Things (IoT) devices. This certification verifies that the product adheres to core security protocols, including the elimination of default passwords and the implementation of secure software update mechanisms. Click here for more information.

DIAMOND IOT SECURITY RATING FOR DJI ROMO (2025)
DJI Romo has achieved the Diamond level IoT Security Rating verified by UL Solutions, the highest tier within the UL Solutions IoT Security Rating Program. This top-level rating confirms that the product has passed rigorous penetration testing and binary code security audits to protect device integrity and safeguard user privacy. Click here for more information.

EU CYBERSECURITY & PRIVACY CERTIFICATION FOR DJI ROMO (2025)
DJI Romo has obtained an EU Type-Examination Certificate by TÜV Rheinland, confirming compliance with the core cybersecurity requirements of the European Union’s Radio Equipment Directive (RED). Specifically, Romo has been independently verified under the EN 18031 standard for robust Network Protection (Article 3.3d) and Personal Data & Privacy (Article 3.3e), ensuring it can withstand cyber threats and protect consumer data. Click here for more information.

ISO 27701 CERTIFICATION FOR DJI FLIGHTHUB 2 (2025)
DJI FlightHub 2 has obtained ISO 27701 certification by the British Standards Institution (BSI), confirming that FlightHub 2 meets privacy and data protection legal and regulatory requirements (such as GDPR). This builds on the existing ISO 27001 certification which certifies that FlightHub 2 complies with information security management standards. Click here for more information.

FTI Cybersecurity Audit for Mavic 3T, Pilot 2 & RC Pro (2024)
Assessed the Mavic 3T, Pilot 2 and RC Pro and reaffirmed that when U.S. operators choose to share flight data with DJI, the data resides within U.S.-based servers. Also validated that Local Data Mode (LDM) resulted in no outbound traffic. Click here for more information.

ISO 27001 CERTIFICATION FOR DJI FLIGHTHUB 2 (2023)
DJI FlightHub 2 has obtained ISO 27001 certification, issued by the British Standards Institution (BSI), which proves that the design, development, and operational services (such as risk management, security controls, and continuous improvement) of DJI FlightHub 2 comply with the information security management standards. Click here for more information.

FIPS 140-2 CERTIFICATION (2022)
In 2022, the DJI Core Crypto Engine obtained the NIST FIPS 140-2 CMVP Level 1 certification, which proves that DJI meets the rigorous security standards in design and implementation and provides a high level of protection for sensitive data and communication. The engine is a firmware hybrid cryptographic module which provides foundational security services for the entire platform, including cryptography, key management, platform identity, secure boot, and secure Life Cycle State (LCS).

Formally validated by the U.S. and Canadian Governments, FIPS 140-2 compliance has been widely adopted around the world in both governmental and non-governmental sectors as a practical security benchmark and realistic best practice. The standard ensures that the hardware validated meets specific security requirements.

DJI products are equipped with this secure engine, which indicates that the products have a high level of security and comply with industrial and regulatory security standards. Click here to view the certificate details.

TÜV SÜD AUDIT (2022)
In 2022, TÜV SÜD conducted an audit of the following product portfolios of DJI: DJI consumer drones (DJI Air 2S, DJI Mini 2, and DJI Mavic 3) along with the DJI Fly app (for iOS and Android) and a DJI industrial-grade drone (DJI Matrice 300 RTK) along with the DJI Pilot app (for Android). The audit reports issued by TÜV SÜD confirm that the preceding product portfolios meet the requirements of NIST IR 8259 and ETSI EN 303645 standards in terms of network security and privacy protection. Click here for more information.

BOOZ ALLEN HAMILTON - UAS COE AUDIT (2020)
Cybersecurity firm Booz Allen Hamilton, on behalf of PrecisionHawk’s Unmanned Aerial Intelligence Technology Center of Excellence (UAS CoE), conducted risk assessment testing and analysis of three DJI commercial drone products: Mavic Pro GE, Matrice 600 Pro GE, and Mavic 2 Enterprise. Click here for more information.

FTI SECURITY AUDIT (2020)
FTI Consulting (FTI) conducted an independent review and validation of Local Data Mode and DJI’s drone products through a source code review of DJI applications as well as a hardware cybersecurity review of devices. The audit found that when Local Data Mode was enabled, no data generated by the drone or application was sent externally to infrastructure operated by any third party, including DJI, validating DJI’s assertions about the utility and function of the feature. Click here for more information.

IDAHO NATIONAL LABORATORY (2019)
The Idaho National Laboratory conducted a cybersecurity test which involved DJI Matrice 600 Pro and Mavic Pro 2 GE edition drones. The report found “no major areas of concern related to data leakage, thereby supporting that the multi-layered mitigations DOI has in place are in fact working as designed to meet their published security requirements”. Click here for more information.

U.S. DEPARTMENT OF INTERIOR AUDIT (2019)
The U.S. Department of Interior (DOI) conducted thorough tests and evaluations on the DJI government-grade (GE) version of drones. Click here for more information.

KIVU SECURITY AUDIT (2018)
Kivu is a global technology and consultancy firm. In 2018, DJI released Kivu’s independent report, which reviewed DJI’s data practices and concluded that DJI is capable of protecting users’ personal data. Click here for more information.

DJI FLIGHTHUB SOC2 AUDIT (2017)
DJI FlightHub products passed the SOC2 certification issued by the American Institute of Certified Public Accountants.