FCC Extends Drone and Router Update Waiver Until 2029

Key Takeaways

• Foreign-made drones and routers can receive software updates in the US until January 1, 2029
• The FCC acknowledged that blocking security patches could create cybersecurity vulnerabilities
• The waiver covers devices already authorized before being added to the FCC's Covered List

What Changed

The Federal Communications Commission announced on May 8 that it would extend temporary waivers for foreign-produced drones, drone components, and consumer routers. These devices can now receive software and firmware updates through at least January 1, 2029.

The decision came from the FCC's Office of Engineering and Technology. It reverses course on restrictions the agency put in place in late 2025 and early 2026 when it added these device categories to its Covered List.

Being on the Covered List effectively blocked already-authorized devices from receiving post-approval software and firmware modifications. The agency had issued earlier waivers through January 2027 for drones and March 2027 for routers. The new deadline pushes that back by nearly two years.

The Cybersecurity Problem

The FCC acknowledged a difficult reality: strict enforcement of update restrictions could leave millions of devices vulnerable to cybersecurity threats. Without the waiver, manufacturers would have been blocked from deploying even basic security patches and bug fixes.

The extended waiver also broadens coverage to include certain Class II permissive changes. These are software and firmware updates specifically intended to mitigate consumer harm.

In practical terms, the original rules created a dilemma. Devices already in American homes and businesses would become less secure over time because their makers could not patch known vulnerabilities. Compatibility issues and operational failures were also concerns.

Timeline of Events

What Devices Are Covered

The waiver applies to devices that had already received FCC authorization before being added to the Covered List. This includes foreign-produced unmanned aircraft systems (UAS), UAS critical components, and certain communications equipment added in late 2025.

Consumer routers produced in foreign countries were added to the list in March 2026. There is one exception: routers that received conditional approval from the Department of War or the Department of Homeland Security are not subject to these restrictions.

The National Security Context

The FCC added these devices to the Covered List as part of broader national security efforts. The goal was reducing reliance on potentially risky foreign technology infrastructure. The October 2025 rule revisions prohibited permissive changes to covered equipment, a category that includes software and firmware modifications made after a device receives certification.

The rules were designed to tighten oversight on high-risk equipment. But they created an unintended consequence. Preventing updates made already-deployed devices less secure over time, not more. The FCC's notice acknowledged that continued software support remains necessary to protect consumers.

What Happens Next

Manufacturers of affected devices now have nearly three years to continue issuing updates. The January 1, 2029 deadline gives the industry time to plan, but it does not resolve the underlying policy tension.

For businesses running foreign-made networking equipment or using drones in their operations, the immediate pressure is off. Security patches will keep coming. The longer-term question is what happens when the waiver expires and whether the FCC will extend it again or find a permanent solution.

Frequently Asked Questions

Which devices are affected by the FCC waiver extension?

The waiver covers foreign-produced drones, drone components, and consumer routers that were already authorized in the US before being added to the FCC's Covered List.

When does the new FCC waiver expire?

The extended waiver allows software and firmware updates through at least January 1, 2029.

Why did the FCC reverse its position on blocking updates?

The agency acknowledged that blocking security patches could leave millions of devices vulnerable to cybersecurity threats, compatibility issues, and operational failures.

Are all foreign-made routers affected by these restrictions?

No. Routers that received conditional approval from the Department of War or the Department of Homeland Security are exempt from these restrictions.

Can manufacturers still release new foreign-made devices in the US?

The waiver applies to devices already authorized before being added to the Covered List. New devices face separate authorization requirements.

Source: Latest from Tom's Hardware