FCC Extends Deadline for Foreign-Made Router and Drone Updates to 2029
The FCC has extended the deadline for a ban on software and firmware updates for foreign-made routers and drones to January 2029, citing the need to maintain security for millions of currently deployed devices.

The Federal Communications Commission (FCC) has extended the deadline for a controversial ban on software and firmware updates for foreign-made routers and drones, pushing the cutoff from March 2027 to at least January 1, 2029 The Record. This decision modifies a March 2026 ruling that sought to prohibit foreign manufacturers from selling new consumer router models in the United States due to national security concerns Dark Reading.
Under the original mandate, foreign manufacturers were restricted to providing only limited maintenance and security patches to existing devices until March 2027 Dark Reading. The updated guidance from the FCC’s Office of Engineering and Technology (OET) now permits these vendors to issue both minor security fixes and more substantial software and firmware updates that may alter device functionality without requiring additional agency review Dark Reading.
The FCC’s initial prohibition was driven by pressure from the White House, which identified foreign-manufactured networking equipment and drones as potential national security threats, noting that nation-state actors have historically exploited such hardware to facilitate attacks against U.S. organizations Dark Reading The Record. However, the policy faced significant pushback from the tech industry, including the Consumer Technology Association, which argued that the original timeline would leave millions of deployed devices vulnerable by preventing necessary security patching The Record.
Infosec professionals have long warned that a hard prohibition on updates would create a dangerous security vacuum, effectively forcing users to operate aging, unpatchable hardware Dark Reading. Jason Soroko, a senior fellow at Sectigo, noted that replacing millions of embedded devices across national infrastructure is a capital-intensive process that cannot be completed overnight, making the continued ability to patch existing systems a critical operational necessity Dark Reading.
The FCC acknowledged these concerns, stating that the extension is in the "public interest" and is intended to ensure the continued safety and compatibility of devices currently in use The Record. The OET further indicated that it may initiate a formal rulemaking process to evaluate these waivers, leaving open the possibility that the deadline could be extended further or that the ban on updates could be reconsidered entirely The Record.
This policy shift highlights the ongoing tension between national security objectives and the practical realities of maintaining a secure, interconnected consumer landscape. By allowing updates through 2029, the FCC has prioritized the immediate need for vulnerability management over the broader risks associated with hardware origins, providing a reprieve for the millions of small businesses and consumers who rely on these devices Dark Reading.