Frequently Asked Questions

We screen against authoritative U.S. government sources: the OFAC SDN & Consolidated Lists, BIS Entity List, SAM.gov FASC List (Consolidated Screening List), FCC Covered List (DA 25-1086), Census International Trade data, and USASpending.gov contract records. Lists are refreshed weekly.

Every BOM line is screened across seven federal compliance regimes: NDAA Section 848 (covered UAS components from China), ASDA/FASC (FAR 52.240-1 governmentwide UAS prohibition), OFAC sanctions, BIS Entity List including the September 2025 Affiliates Rule, FCC Covered List (expanded to UAS in December 2025), CMMC cybersecurity certification status, and ITAR registration gaps.

DepChain accepts CSV and XLSX files. The parser auto-detects column mappings for manufacturer part number, manufacturer name, description, and quantity. Messy headers, merged cells, and inconsistent formatting are handled automatically.

Yes. All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Infrastructure runs on Microsoft Azure in the East US region — no data leaves the United States. We never use customer data to train AI models. See our full security documentation at /security.

Screening lists are refreshed weekly from their authoritative government sources. OFAC updates are sporadic (no fixed schedule), so our pipeline runs daily checks. BIS Entity List updates follow Federal Register amendments. The SAM.gov FASC/CSL feed refreshes daily at 5:00 AM ET.

Yes. The sandbox includes a pre-loaded 14-component Recon-X UAS demo BOM that demonstrates the full analysis flow — compliance screening, risk scoring, sub-tier tracing, and alternative component suggestions — without requiring any of your proprietary data.

Section 848 of the FY2020 National Defense Authorization Act prohibits the Department of Defense from operating or procuring any UAS manufactured in China or containing covered components linked to China. Covered components include flight controllers, radios, cameras, gimbals, ground control systems, and operating software. A single non-compliant component disqualifies the entire system.

The American Security Drone Act (ASDA), implemented through FAR 52.240-1, extends UAS prohibitions governmentwide — not just DoD. The operational prohibition took effect December 22, 2025, meaning federal agencies can no longer operate covered UAS and no federal funds may be used to procure them. This applies to contractors, grantees, universities, and state/local agencies receiving federal funding.

DepChain is built for defense drone manufacturers (OEMs), component suppliers with NDAA compliance obligations, DoD program managers, and defense supply chain analysts. If you are competing for Drone Dominance Program contracts, pursuing Blue UAS certification, or managing DFARS flow-down compliance, DepChain is built for you.

Spreadsheets cannot screen against seven overlapping compliance regimes simultaneously, trace sub-tier supplier relationships, compute confidence scores with evidence provenance, or flag BIS Affiliates Rule exposure through ownership graphs. DepChain replaces the manual spreadsheet-plus-email compliance workflow with an automated, auditable pipeline that runs in minutes instead of weeks.

Enterprise customers can deploy DepChain on their own infrastructure, including DDIL (Denied, Disrupted, Intermittent, or Limited connectivity) environments. The platform is designed to run on NVIDIA Jetson Orin at forward operating bases with local inference and SQLite for offline operation. Contact us to discuss on-prem requirements.

Every compliance flag includes a confidence score (0–100%) reflecting the strength of the underlying evidence. The score is a composite of entity name match quality, country-of-origin verification method, contract history corroboration, sub-tier inference depth, and compliance list match type. Higher confidence means stronger evidence; lower scores flag areas where manual review is recommended.

In December 2025, FCC Public Notice DA 25-1086 added UAS and UAS critical components produced abroad to the Covered List. The component definition was expanded beyond NDAA §848 to include batteries, battery management systems, motors, navigation systems, and associated software. Temporary exemptions exist for Blue UAS-cleared drones but expire January 1, 2027.

No. DepChain processes unclassified data only. The platform rejects ITAR-controlled technical data, CUI, and classified information at upload. Users must acknowledge this classification requirement before submitting any file. If your BOM contains ITAR-controlled part numbers or technical data, redact those fields before upload or contact us about our on-prem deployment option.

Gauntlet is the DoD’s phased framework for eliminating Chinese-manufactured components from military drone supply chains. Phase I (effective now) covers flight controllers, radios, cameras, and software. Phase II (August 2026 deadline) expands coverage to batteries, motors, ESCs, and other critical subsystems. DepChain screens against both phases and flags components that will become non-compliant under Phase II before the deadline.

Yes. DepChain tracks CMMC level (1, 2, or 3), certification status (final or conditional), assessment date, annual affirmation status, and SPRS score for each supplier. Suppliers with expired assessments (older than 3 years) or missing annual affirmations are flagged. This helps primes verify that subcontractors handling CUI maintain current CMMC status as required by DFARS 252.204-7021.

SOC 2 Type II and CMMC Level 2 certifications are on our compliance roadmap. The platform runs on Microsoft Azure (US East region) with TLS 1.3 in transit, AES-256 at rest, and logically isolated per-customer data. We do not use customer data for AI model training. Contact us for our current security documentation under NDA.