What is NDAA Section 889?

NDAA Section 889 is a provision of the National Defense Authorization Act for Fiscal Year 2019 (Public Law 115-232). It names specific Chinese telecommunications equipment manufacturers - Huawei, ZTE, Hytera, Hikvision, and Dahua Technology - as covered telecommunications equipment. Federal agencies are prohibited from procuring this equipment (Part A). Federal contractors and subcontractors are prohibited from using this equipment in their operations while performing federal contracts (Part B). The statute is enforced through the Federal Acquisition Regulation (FAR).

What is the FCC Covered List?

The FCC Covered List is maintained by the Federal Communications Commission under the Secure and Trusted Communications Networks Act of 2019. It identifies communications equipment and services that pose an unacceptable risk to US national security or the security of US persons. Hikvision and Dahua both appear on this list. Federal agencies cannot purchase equipment on this list using FCC Universal Service Fund money. The list is publicly available at https://www.fcc.gov/supplychain/coveredlist and is the authoritative source for what is and is not covered equipment.

Does NDAA Section 889 apply to private companies?

NDAA Section 889 directly applies to federal executive agencies and to companies that hold federal contracts or subcontracts, or receive certain federal grants for security infrastructure. It does not currently prohibit purely private companies with no federal exposure from owning non-compliant cameras. However, insurance carriers, enterprise procurement teams, and supply-chain auditors are increasingly treating NDAA non-compliance as a risk factor in their own vendor qualification processes - which is extending the practical reach of the law beyond its formal scope.

Which camera brands are on the FCC Covered List?

In the surveillance camera category, Hikvision and Dahua Technology appear on the FCC Covered List. Lorex, a consumer brand owned by Dahua's parent company, carries the same Section 889 exposure. These are the brands federal-touching buyers need to remove. The complete, authoritative list is at https://www.fcc.gov/supplychain/coveredlist - Tec-Tel reviews it quarterly because the list can be updated.

What are the most commonly installed NDAA-compliant camera brands?

The camera brands Tec-Tel installs that are NDAA Section 889 compliant are Axis Communications (Sweden), Hanwha Vision (South Korea), Avigilon by Motorola Solutions (US), Bosch Security (Germany), Verkada (US), and Eagle Eye Networks (US). All publish formal NDAA 889 compliance statements. Milestone XProtect is a compliant VMS platform (Denmark headquarters) that runs any of these cameras. Genetec Security Center (Canada) is also compliant and widely used alongside these camera brands.

What happens if a federal contractor does not remove non-compliant cameras?

Part B of Section 889 means a contractor using covered equipment can be found to be in breach of the Federal Acquisition Regulation clauses that reference NDAA compliance. Consequences range from contract termination for cause to suspension and debarment from future federal contracting. Some contracting officers have issued cure notices; others have moved straight to formal remediation requirements. The actual enforcement experience varies by agency and contract vehicle, which is why consulting your legal counsel is important once you identify Section 889 exposure.

Can I phase a migration from non-compliant to NDAA-compliant cameras?

Yes. Tec-Tel designs phased migrations regularly. The typical approach is to prioritize sites that are within the scope of federal contract performance or grant funding first, then migrate remaining sites on the next camera refresh cycle. A phased plan lets you manage the capital expenditure over 12 to 24 months while demonstrating a documented remediation path to your contracting officer. The free consultation includes a migration priority map.

Is Verkada NDAA compliant?

Yes. Verkada is headquartered in San Mateo, California, and publishes a formal NDAA Section 889 compliance statement. Verkada cameras are NDAA-compliant and are used in some federal-adjacent deployments. The Verkada trade-off is proprietary hardware lock-in and a cloud-only architecture, which is a separate evaluation from NDAA compliance.

NDAA-Compliant vs Non-Compliant Security Cameras: What the Law Says and Who It Binds

What NDAA Section 889 actually says

This is a factual explainer, not advocacy. The law says specific things; it binds specific buyers; it does not say other things. Understanding the difference saves you both from unnecessary panic and from real compliance gaps.

NDAA Section 889 was enacted as part of the National Defense Authorization Act for Fiscal Year 2019 (Public Law 115-232). It prohibits federal executive agencies from procuring or obtaining any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component or critical technology. The covered vendors named in the statute are: Huawei Technologies Company, ZTE Corporation, Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company (Hikvision), and Dahua Technology Company.

The statute has two operative parts that bind different groups of buyers:

Part A prohibits federal executive agencies from directly buying or using covered equipment. If you are a federal agency, this has been the law since August 2019.

Part B is broader and has wider commercial reach. It prohibits federal agencies from entering into or extending a contract with any entity that uses covered telecommunications equipment or services anywhere in their operations. This is the provision that catches federal contractors who may not have thought carefully about their internal security cameras. If your company holds a federal contract and you have Hikvision cameras in your warehouse, you are potentially in Part B territory.

The Federal Acquisition Regulation (FAR) clauses 52.204-24 and 52.204-25 implement Section 889 in federal contracting. Most federal contracts issued since 2020 include these clauses.

The FCC Covered List is a separate but parallel authority. Maintained by the Federal Communications Commission under the Secure and Trusted Communications Networks Act of 2019, it identifies communications equipment posing an unacceptable risk to national security. Hikvision and Dahua both appear on this list. Federal agencies cannot use FCC Universal Service Fund money to purchase equipment on the list. The list is publicly available and updated. Check it at https://www.fcc.gov/supplychain/coveredlist.

Who the law binds

Federal executive agencies. Directly prohibited from buying or using covered equipment under Part A since August 13, 2019.

Federal contractors and subcontractors. Prohibited from using covered equipment in performance of a federal contract under Part B since August 13, 2020. Some agencies and contracting officers interpret this to cover facility-wide use, not just equipment used in direct contract performance. If you hold a federal contract, assume the more conservative interpretation until your legal counsel says otherwise.

Recipients of certain federal grants. Infrastructure and security grants increasingly include explicit NDAA compliance requirements as grant terms. Check your specific grant agreement. Federal grant programs administered through DHS, DOJ, and HUD have increasingly incorporated these requirements.

Federally regulated industries. Not directly bound by the NDAA statute itself, but insurance carriers, enterprise customers, and procurement teams in healthcare, defense-adjacent manufacturing, financial services, and logistics are adding NDAA compliance requirements to their own vendor qualification and facility audit processes. The practical reach of the law is spreading beyond its formal legal scope.

What the law does not say. NDAA Section 889 does not prohibit private companies with no federal exposure from owning or operating Hikvision, Dahua, or Lorex cameras. A small retail store with no government contracts, no federal grants, and no federally regulated supply chain faces no current legal obligation to migrate. Whether to do so is a business risk decision based on future exposure, insurance requirements, or supply chain relationships - not a current legal mandate.

The non-compliant vendors: what the FCC Covered List covers

Vendor	Status	Notes
Hikvision (Hangzhou Hikvision Digital Technology)	On FCC Covered List; Section 889 named vendor	State-linked Chinese company; largest IP camera manufacturer by volume. Do not procure for federal-touching deployments.
Dahua Technology	On FCC Covered List; Section 889 named vendor	Second-largest Chinese camera manufacturer; same prohibitions apply.
Lorex	Owned by Dahua parent entity	Consumer brand; carries the same Section 889 exposure as Dahua for federal-touching buyers.

The specific source for all three: https://www.fcc.gov/supplychain/coveredlist.

The compliant vendors: who passes the test

All NDAA compliance facts below are sourced from each vendor’s own published NDAA Section 889 compliance statement as referenced in Tec-Tel’s vendor records. Headquarters locations are from each vendor’s published corporate information.

Vendor	Headquarters	NDAA 889 compliant	Cloud option	On-prem option
Axis Communications	Sweden (Lund)	Yes	No	Yes
Hanwha Vision	South Korea	Yes	No	Yes
Avigilon (Motorola Solutions)	US (Chicago, IL)	Yes	Yes (Alta)	Yes (Unity)
Bosch Security	Germany	Yes	No	Yes
Verkada	US (San Mateo, CA)	Yes	Yes (cloud-only)	No
Eagle Eye Networks	US (Austin, TX)	Yes	Yes	No
Genetec (VMS)	Canada (Montreal)	Yes	Yes (Clearance)	Yes (Security Center)
Milestone XProtect (VMS)	Denmark (Copenhagen)	Yes	No	Yes

Notes on this table: Genetec and Milestone are video management software platforms, not camera hardware. They run on top of compliant cameras. The compliance question for a VMS is whether the software vendor has Section 889 exposure - both are headquartered outside the US, in Canada and Denmark respectively, neither is named in the statute.

What makes a camera “NDAA-compliant”

NDAA Section 889 compliance for a camera vendor means the vendor’s products are not covered telecommunications equipment under the statute and the vendor is not an entity owned by or under the substantial control of the named covered companies (or their subsidiaries and affiliates).

Each of the compliant vendors in the table above publishes a formal NDAA Section 889 compliance statement that addresses both points. The statement is what your contracting officer, grant administrator, or procurement auditor will ask for when you document your migration.

Note that “NDAA compliant” as used in the market sometimes refers to NDAA Section 889, sometimes to Buy American provisions in other NDAA sections, and sometimes to DoD information security standards. In the context of the security camera discussion, Section 889 is the operative provision and the one this page covers.

Non-compliant vs compliant cameras: side-by-side

Dimension	Non-compliant (Hikvision, Dahua, Lorex)	NDAA-compliant (Axis, Hanwha, Avigilon, Bosch, Verkada, Eagle Eye)
Section 889 status	Covered - prohibited for federal-touching buyers	Compliant - usable by federal agencies and contractors
FCC Covered List	Hikvision and Dahua listed	None of the compliant vendors listed
Federal agency purchase	Prohibited	Permitted
Federal contractor use	Prohibited under Part B	Permitted
Insurance / procurement audit risk	Rising - insurers treating as risk factor	Low - compliant status documented
Published NDAA compliance statement	Cannot produce one	All vendors above publish one
Published security advisories	Inconsistent; Hikvision advisories have had delayed disclosure	All compliant vendors above publish advisories on regular cadence
Supply chain transparency	PRC state-linked ownership	US, South Korean, Swedish, German, Canadian, Danish headquarters
Hardware cost	Hikvision/Dahua are the lowest-cost cameras on the market	Hanwha is the lowest-cost compliant camera; Axis/Bosch/Avigilon run higher

Choosing among compliant cameras

NDAA compliance is a floor, not a differentiator among the compliant vendors. Once you are in the compliant tier, the vendor choice turns on different criteria.

Choose Axis if premium image quality, cybersecurity posture, and long deployment lifespan (10 to 15 years) are the priority. Axis ARTPEC processors run edge AI without cloud dependency. Axis runs at the premium end of the compliant market on hardware cost - typically 2x to 3x Hikvision hardware cost at comparable specs.

Choose Hanwha Vision if you are migrating a large fleet on a budget constraint. Wisenet cameras typically run 1.3x to 1.8x Hikvision hardware cost - the smallest premium among compliant alternatives. Strong ONVIF support, broad VMS compatibility, solid NDAA documentation.

Choose Avigilon if you already operate Motorola Solutions radios or ALPR, or if you want on-camera Appearance Search analytics as part of the migration upgrade. Best AI features tie closely to the Avigilon Unity VMS.

Choose Bosch if camera-level cybersecurity posture is the priority alongside NDAA compliance. Bosch uses signed firmware, secure boot, and strong encryption standards. Common in critical infrastructure and government-adjacent deployments.

Choose Verkada if you want a cloud-only platform with no on-prem server, fast multi-site deployment, and a polished non-technical-operator interface. Proprietary hardware lock-in is the trade-off.

Choose Eagle Eye Networks if you want cloud VMS with ONVIF camera flexibility - Eagle Eye supports a wide range of ONVIF camera makes alongside its own managed cameras.

Migration guides

If you are running Hikvision and need to migrate:

See Hikvision alternatives for a full compliance migration guide with vendor-by-vendor options and project cost ranges.

If you are running Dahua and need to migrate:

See Dahua alternatives for the equivalent Dahua migration guide.

Get a free consultation

If you are uncertain whether your camera fleet triggers Section 889 requirements, Tec-Tel’s free consultation covers exactly that question. You walk through your current camera inventory and federal exposure; you leave with a written compliance gap assessment and migration options at different price points.

Book directly: . Tec-Tel. Morganville, NJ. 855-577-0400.