Wi-Fi for Indoor Critical Infrastructure
Wi-Fi is a real indoor connectivity layer and a genuine contributor to citizen emergency calling and indoor location. It is not, and under current fire and building code cannot be, the first-responder radio system. And the same ranging precision that makes Wi-Fi useful for emergency location is in direct tension with device privacy. Three things get conflated. This page separates them and names the governing body for each.
— Shankar K. · Last reviewed: June 2026 · See also: /bfi-privacy for the device-privacy attack surface and /governing-bodies for the standards-body map
"Wi-Fi for public safety" is three separate claims wearing one label. Carrying a 911 call indoors over Wi-Fi is a 3GPP and FCC matter, and Wi-Fi does contribute. Giving firefighters a working radio inside a concrete building is an NFPA 1225 and IFC 510 matter, and Wi-Fi is not eligible for it. Knowing where a device is to within a metre is an IEEE 802.11 ranging matter, and it is the same capability that lets a passive observer track that device. Keeping these straight is the whole job.
This is the leg where "Wi-Fi helps public safety" is true. A VoWiFi 911 call reaches the PSAP through the carrier IMS, and Wi-Fi infrastructure can supply the indoor location that the FCC mandate requires. None of this makes Wi-Fi the first-responder radio system, which is the next card.
NFPA 1225 is the current standard, published in 2022, consolidating and replacing NFPA 1221, NFPA 1061, and the emergency-communication portions of NFPA 72 Chapter 24. Many jurisdictions still say "ERRCS" because they adopt the IFC, which uses that term. The naming shift from ERRCS to ERCES was made to let an AHJ optionally fold in cellular and FirstNet frequencies, which only sharpens the point below.
Even the broadened ERCES definition, which now reaches toward LTE and FirstNet Band 14 under AHJ latitude, does not contemplate Wi-Fi. So "Wi-Fi DAS for first responders" sits outside the framework twice over: it is neither the licensed land mobile radio the code is built around, nor the public-safety LTE the code is starting to admit. A building can have flawless Wi-Fi and still fail its ERCES inspection, because they are answering different code sections.
Wi-Fi earns a legitimate place here as a resilience and offload layer, and the WBA work is worth reading. The honest framing is that it is industry positioning and engineering capability, not a regulated priority service of the kind WPS and GETS provide.
| Function | Mechanism | Governing body | Wi-Fi does it? |
|---|---|---|---|
| Citizen 911 indoors | VoWiFi (IMS / ePDG) | 3GPP + FCC | Yes, complementary |
| Dispatchable indoor location | Location DB + FTM ranging | FCC mandate; IEEE provides the tech | Yes, real contribution |
| First-responder radio | ERCES (BDA + DAS, LMR) | NFPA 1225 / IFC 510 / UL 2524 / FCC | No, not code-eligible |
| NS/EP priority comms | WPS / GETS class | CISA (WPS / GETS) | No regulated equivalent |
802.11az is finalised, but commercial support for secure FTM remains limited and most mobile clients still do not implement it. So the ranging that is actually running in buildings today is mostly legacy 802.11mc, which is the unprotected, spoofable, and most trackable variant. The cm-accurate secure version exists on paper and on a handful of development platforms; the metre-accurate insecure version is what a capture will show. Plan around what is deployed, not what is ratified.
The capability that lets a building locate a 911 caller to within a metre is the same capability that lets a passive observer follow a device around. Worse, FTM exchanges expose features that fingerprint a client's hardware and firmware, so a randomized MAC address alone does not stop tracking. Two IEEE amendments exist specifically to address this, and they are the standards that matter most to anyone working on randomization in the field.
Published (Amendment 1, Operation with Randomized and Changing MAC Addresses, Sept 2024). Restores legitimate device continuity (onboarding, diagnostics, arrival detection) under a rotating MAC, via two methods: IRM, where the client tells the AP the MAC it will use next time, and Device ID, where the AP issues the client an identifier. This is the amendment that maps directly onto real-world randomization handling.
Enhanced Data Privacy. Broader device-identity protection across the association lifecycle, including anti-fingerprinting. Still in development and at an early draft (around D1.0 in late 2025), so years from publication. Scope reaches beyond ranging into how much a passive observer can learn about a device over time.
Protects the integrity of the ranging measurement against spoofing and man-in-the-middle distance manipulation. It hardens the measurement; it does not by itself make the act of being ranged private.
Accurate indoor location and strong device privacy pull against each other. Secure LTF protects the measurement, and 802.11bh and 802.11bi address identity, but in 2026 deployment this is a tradeoff to be managed, not a problem that is solved. The right answer is per-venue and per-use-case, and it starts with knowing which ranging variant is actually on the air.
- ▸ High-rises and large commercial buildings
- ▸ Hospitals and healthcare campuses
- ▸ Hotels, schools, warehouses, large venues
- ▸ Any structure that fails an in-building radio coverage survey under IFC 510
- ▸ Driven by NFPA 1225 / IFC 510 and the AHJ, not by the Wi-Fi design
- ▸ Citizen 911 access indoors via VoWiFi (carrier-dependent)
- ▸ Dispatchable indoor location for the FCC obligation
- ▸ Indoor wayfinding and asset / personnel location
- ▸ Dense-venue connectivity and resilient offload
- ▸ Privacy-sensitive deployments that must choose a ranging posture deliberately
wlan.fixed.publicact == 0x21
wlan.fixed.publicact == 0x2f
Ranging: 802.11mc (in 802.11-2016), 802.11az-2022 (in 802.11-2024), 802.11bk-2025 (320 MHz, later). Privacy: 802.11bh-2024 (published), 802.11bi (in development). Defines the location technology and the privacy mechanisms.
Certification, including Passpoint, which underpins seamless venue connectivity. A certification body, not a standards-writing body.
Industry alliance. OpenRoaming, the Mission Critical / Emergency Services reports, and a forming Wi-Fi DAS project. Positioning and frameworks, not code or standards.
VoWiFi / Wi-Fi Calling via IMS and the ePDG. The reason a 911 call can traverse Wi-Fi to the carrier core at all.
E911 dispatchable-location obligation (47 CFR Part 9), 6 GHz AFC, and BDA certification. The regulator behind both the location mandate and the public-safety amplifier rules.
NFPA 1225 and ICC IFC 510 set the ERCES requirement; UL 2524 lists the components; FirstNet Band 14 is the public-safety LTE an AHJ may admit. None of this is Wi-Fi.
- ▸ IEEE 802.11bi (Enhanced Data Privacy) -- progress from early draft toward ballot; how far it narrows passive trackability
- ▸ 802.11az secure-FTM client adoption -- whether the secure variant displaces legacy mc in shipping devices
- ▸ WBA Wi-Fi DAS project -- first deliverables, and whether they keep the citizen-vs-responder distinction clean
- ▸ NFPA 1225 2027 edition -- any movement on cellular / FirstNet scope, still no Wi-Fi path expected
- ▸ FCC PS Docket 07-114 -- the 2025 Sixth FNPRM on tightening wireless E911 location accuracy
- ▸ International equivalents -- UK Emergency Services Network and EU in-building obligations as comparison points
Building WiFi Analyser V2 · CWNA-109 in progress · one post every two weeks