Why federal compliance is becoming a competitive moat in AgriTech.
DJI restrictions, NDAA Section 848, CMMC 2.0 — how compliance is reshaping who can sell into US agriculture.
For two decades, AgriTech was sold the way enterprise software was sold: feature-by-feature, ROI deck by ROI deck, with the buyer's procurement team treated as an obstacle to be cleared late in the cycle. In 2026, that order has inverted. Procurement policy now decides which vendors are even eligible to bid, and that decision is being made before the feature comparison ever begins.
The inflection point was November 2025. With the formal effective date of the CMMC 2.0 final rule for DoD-related contracts, a compliance posture that used to be a "nice to have for federal work" became a binary gate. Vendors without an assessed CMMC posture stopped receiving certain RFPs entirely. The change was not announced as an AgriTech story, but it is an AgriTech story — because USDA-adjacent work, state programs funded by federal pass-through, and any platform that touches federally-controlled data now sit inside that gate.
Section 848 in plain English
NDAA Section 848 — and the broader cluster of restrictions that have accumulated around it — prohibits federal agencies from procuring or operating drones manufactured in or containing critical components from a covered foreign country. In practice, this has meant DJI and a small list of other Chinese-origin manufacturers are off the table for federal users, and for any state or local entity buying with federal dollars.
This matters because DJI holds roughly 70% of the global commercial agricultural drone market by most industry estimates. Most US growers operate DJI. Most ag service providers operate DJI. Most of the "drone scouting" line items in farm budgets in 2025 were, structurally, DJI line items. That entire installed base is now a procurement liability the moment a federal flag touches the program.
How the restriction propagates
The most underappreciated mechanic in this whole story is pass-through. A state department of agriculture funded in part by federal grants inherits the same restrictions on its drone procurement. A cooperative running an EQIP-funded conservation program inherits them. A university extension office buying drones with a federal research grant inherits them. The restriction is not contained to the Pentagon; it travels with the money.
We have watched several state agencies discover this the hard way in the last 12 months, finding mid-program that the drone fleet they had standardized on could not legally be used for the federal portion of their own budget. The remediation is expensive — both in capital and in operational disruption — and it almost always comes as a surprise.
CMMC 2.0 as a structural moat
CMMC 2.0 is the other half of the gate. Less than 1% of the Defense Industrial Base is currently certified at the levels required for sensitive contracts. The certification process is genuinely demanding: documented system security plans, third-party assessment, continuous monitoring, evidence of practiced incident response. It cannot be bought; it has to be built.
For AgriTech vendors, the implication is straightforward. Any vendor with a CMMC posture is structurally eligible for a class of federal and federal-adjacent work that vendors without one cannot compete for. That is not a marketing claim — it is a contracting fact. And because the certification takes 12 to 18 months to attain seriously, it creates a moat that cannot be closed quickly by competitors who chose to defer.
What this means for buyers
Two things, mostly. First: audit your supply chain now. If your drone fleet, your edge devices, your network gear, or your software stack contains components from restricted manufacturers, you need to know that before a federal program lands in your portfolio. The audit is cheap; the remediation, if you discover the answer mid-program, is not.
Second: budget realistically for compliant hardware. Blue UAS-listed platforms cost more than DJI per unit and have shorter feature roadmaps. That premium is the price of federal eligibility, and for an organization that intends to do federally-adjacent work over a 5- to 10-year horizon, it is almost always the right trade. The cost of being locked out of a single state program for non-compliance dwarfs the per-unit hardware delta.
What this means for vendors and integrators
Compliance is becoming a defensible market segmentation. The vendors who invested early in NDAA-compliant supply chains, CMMC posture, and FedRAMP-aligned deployment options are now the only credible bidders for an entire tier of work. That tier is growing, not shrinking, as more state agencies adopt federal-style procurement standards even where they are not strictly required.
For integrators — which is the seat JMJ occupies — the implication is that the compliance posture is no longer a back-office function. It is the front of the engagement. Customers want to know, on the first call, whether the integrator can deliver a system that will pass an audit. The vendors who can answer yes with documentation win. The vendors who answer "we'll figure it out" lose.
The window that is closing
This is one of the few moments in tech where regulation creates rather than destroys competitive advantage. The buyers who recognize it earliest will pay less for compliance now than they will after the next federal action — and there will be another federal action. The current trajectory of US procurement policy in critical infrastructure (and food security is increasingly framed as critical infrastructure) is toward tighter, not looser, restrictions.
The compliance moat is open to anyone willing to invest. It will not be open forever, and it will not be cheap to cross late. We tell every CIO and head of operations we work with the same thing: treat compliance posture as a strategic asset on the balance sheet, not as a line item in the IT budget. The buyers who do that will find themselves with options their competitors do not have.