FCC Extends Software Update Waiver for Existing Covered Routers and Drones to 2029

The Federal Communications Commission announced a waiver extension on Friday allowing foreign-made routers and drones to receive software and firmware updates until January 1, 2029. The agency simultaneously expanded the waiver to cover more types of software updates, including Class II permissive changes.

Ars Technica reported that the Friday update lets devices on the Covered List continue receiving patches that mitigate harm to consumers.

Previously the FCC set a software update cutoff date of March 1, 2027 for routers already on the market. The FCC announced the original rules including the software update cutoff in March. Those rules imposed a ban on new hardware for routers made outside the US, a restriction that affects virtually every router maker with the possible exception of Starlink.

The Trump administration is handing out exemptions to hardware makers it decides are safe enough. Netgear and the Amazon-owned Eero have received exemptions.

U.S. Can continue to be imported and sold without a special exemption. The new 2029 cutoff date applies to foreign-made routers and foreign-made drones added to the Covered List. Devices on the Covered List are deemed to pose an unacceptable risk to the national security of the United States or the security and safety of United States persons.

Under the waiver, all Uncrewed Aircraft Systems (UAS), UAS critical components, and routers produced in a foreign country that were authorized for use in the United States prior to being added to the Covered List may continue to receive software and firmware updates until at least January 1, 2029.

The waiver covers all software and firmware updates to ensure the continued functionality of the devices, such as those that patch vulnerabilities and facilitate compatibility with different operating systems. The FCC engineering office will recommend to the full Commission considering codifying this waiver through a rulemaking.

It will also recommend making the waiver permanent for existing equipment on the Covered List and any future covered equipment with similar characteristics. The Friday update extended the waiver to Class II permissive changes while the original waiver covered only Class I changes.

Class I changes include modifications in the equipment which do not degrade the characteristics reported by the manufacturer and can be made without a filing to the commission.

Class II changes may degrade the performance characteristics a manufacturer previously reported to the FCC but the changes are expected to be minimal compared to Class III changes. For both Class I and Class II, the FCC waiver covers software and firmware updates that mitigate harm to consumers. There is no change to the process for Class III changes.

Extending the waiver to 2029 will give the Commission an opportunity to consider a rulemaking on this subject and reduce potential harm to the public interest, the FCC Office of Engineering and Technology stated. The router ban also includes portable hotspots but not phones with hotspot features. Chinese drone company DJI has not received an exemption and sued the FCC over the ban.

TP-Link met with FCC officials in mid-April to discuss its request for an exemption. “TP-Link routers are safe and secure. Publicly available data places TP-Link on par with or ahead of other major industry players in terms of security outcomes,” the company said in a filing.

TP-Link was founded in China but relocated to the US in 2024. Companies seeking exemptions must obtain a determination from the Department of Defense or Department of Homeland Security that their routers do not pose unacceptable national security risks. -based company.

Many major router makers have not yet obtained exemptions that would let them import new models. The process for gaining exemptions for routers and drones is the same.