Development
After banning foreign routers, FCC says existing ones can get updates until 2029
May 12, 2026 Development Source: Ars Technica
Share this article
Devices on the Covered List need waivers to continue receiving software updates, the FCC Office of Engineering and Technology said in its waiver extension order on Friday.
“Under this waiver, all Uncrewed Aircraft Systems (UAS), UAS critical components, and routers produced in a foreign country that were authorized for use in the United States prior to these devices being added to the Covered List may at least until January 1, 2029, consistent with FCC rules, continue to receive software and firmware updates that mitigate harm to US consumers,” the FCC engineering office said.
The waiver covers “all software and firmware updates to ensure the continued functionality of the devices, such as those that patch vulnerabilities and facilitate compatibility with different operating systems.” The FCC engineering office said it “will, as soon as practicable, recommend to the full Commission considering codifying this waiver through a rulemaking.”
That means the waiver would become permanent, but the FCC could impose various conditions. This could happen through a rulemaking process in which the public is invited to comment on the impact of proposed changes. But the router ban itself was imposed without any public comment, and the idea of making the software-update waiver permanent is simply a recommendation at this point.
For both Class I and Class II, the FCC said its waiver is intended to cover “software and firmware updates that mitigate harm to consumers.” There’s no change to the process for Class III.
While extending or making the software-update waiver permanent will alleviate some concerns among router makers and users, the ban on new hardware may be a continued source of trouble. Many major router makers haven’t yet obtained exemptions that would let them import new models, and getting clearance could involve some negotiation with the Trump administration.
The ban extends to any device partially made outside the US, regardless of whether the router maker is a US-based company. But it appears that Chinese companies will have the most trouble obtaining exemptions.
Chinese drone company DJI has not received an exemption and sued the FCC over the ban. The process for gaining exemptions for routers and drones is the same, indicating that “Chinese-origin manufacturers like TP-Link may face a presumptive denial, while companies with manufacturing in allied nations like Taiwan, Vietnam, or South Korea could find an easier path,” said a report by the Global Electronics Association trade group.
One router maker still waiting for an exemption is TP-Link, which was founded in China but relocated to the US in 2024. The company has faced US scrutiny over hacking campaigns linked to the Chinese government.
TP-Link met with FCC officials in mid-April to discuss its request for an exemption. “TP-Link routers are safe and secure. Publicly available data places TP-Link on par with or ahead of other major industry players in terms of security outcomes,” the company said in a filing.
FCC guidance says that companies seeking exemptions must obtain a determination from the Department of Defense or Department of Homeland Security that their routers do not pose unacceptable national security risks. The FCC clarified last month that the router ban also includes portable hotspots, but not phones with hotspot features.