FCC reverses course, allows software updates for foreign-made drones and routers until 2029 — agency says blocking security patches could create cybersecurity risks
The FCC is extending a software lifeline for millions of already-deployed drones and routers.
The Federal Communications Commission announced on Friday, May 8, through its Office of Engineering and Technology (OET), that it was extending temporary waivers allowing certain foreign-produced drones, drone components, and consumer routers to continue receiving software and firmware updates in the United States.
In late 2025 and early 2026, the FCC added these categories of equipment to its “Covered List,” which effectively blocked already-authorized devices from receiving post-approval software and firmware modifications. The agency subsequently issued waivers permitting critical security and functionality updates to continue through January 1, 2027, for drones and drone components, and through March 1, 2027, for consumer routers.
Under the updated waiver, manufacturers of affected devices will now be allowed to continue issuing software and firmware updates until at least January 1, 2029, provided the devices had already been authorized for use in the U.S. before being added to the FCC’s “Covered List.” The extension also broadens the waiver to include certain Class II permissive changes involving software and firmware updates intended to mitigate consumer harm.
The decision follows growing concern that a strict enforcement of the restrictions could unintentionally leave millions of existing devices vulnerable to cybersecurity threats, compatibility issues, and operational failures. In practical terms, without the waiver, manufacturers of affected products could have been blocked from deploying even basic security patches and bug fixes once the devices were designated as covered equipment.
The FCC first added foreign-produced unmanned aircraft systems (UAS), UAS critical components, and certain communications equipment to the Covered List in late 2025 as part of broader national security efforts to reduce reliance on potentially risky foreign technology infrastructure. Routers produced in foreign countries were later added to the list in March 2026, except for models that had received conditional approval from the Department of War or the Department of Homeland Security.
The restrictions stem from revisions to FCC equipment authorization rules adopted in October 2025. Those revisions effectively prohibited “permissive changes” to covered equipment — a category that includes software and firmware modifications made after a device has already received certification. While the rules were designed to tighten oversight on high-risk equipment, they also created a difficult dilemma: preventing updates could inadvertently make already-deployed devices less secure over time.
In its notice, the FCC acknowledged that continued software support remains necessary to protect U.S. consumers. The waiver specifically allows updates that maintain device functionality, patch vulnerabilities, and preserve compatibility with changing operating systems and network environments.
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
The agency argued that the public interest would be better served by allowing these limited updates rather than freezing software support entirely. According to the FCC, the waiver provides regulators time to consider a more permanent framework while avoiding immediate cybersecurity risks to users currently operating affected devices.
Importantly, the waiver does not reverse the broader restrictions or remove the devices from the Covered List. Instead, it applies only to already-authorized products and to software- and firmware-related changes intended to maintain safe and secure operation. Manufacturers must still comply with other FCC requirements governing permissive changes and equipment certification.
The move highlights the increasingly complex balancing act regulators worldwide face as governments seek to secure communications infrastructure without inadvertently creating new cybersecurity vulnerabilities.
Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.
Etiido Uko is a news contributor for Tom's Hardware covering the latest updates in big tech and the PC industry. He is a mechanical engineer and senior technical writer with over nine years of experience in documentation and reporting. He is deeply passionate about all things engineering and technology, and is an expert in gadgets, manufacturing, robotics, automotive, and aerospace.
-
Cyber_Akuma Call me a conspiracy theorist, but I have a huge conscern that they made them agree to put backdoors in their updates as part of this sudden "change of heart" to suddenly allow firmware updates for the next three years.Reply -
USAFRet Reply
They don't have to.Cyber_Akuma said:Call me a conspiracy theorist, but I have a huge conscern that they made them agree to put backdoors in their updates as part of this sudden "change of heart" to suddenly allow firmware updates for the next three years.
Part of the original functionality is a log of when, where, how high, and for how long.
They just need to get that from the mothership.
I have a log in my HolyStone app that shows all that, going back 3+ years. -
hwertz This is so dumb. So OK you aren't allowing new models from these vendors (which is a whole 'nother kettle of fish.) But how does barring software updates on already deployed hardware benefit anyone? At least they've extended it (probably extended enough, since Netgear, D-Link, etc. aren't exactly known for providing many years of updates anyway.)Reply -
John Kiser Reply
The FCC is currently full on idiocy. We don't have the domestic production and it is easy enough to monitor network traffic for telse that know what they are doing to tell if something is good or bad.hwertz said:This is so dumb. So OK you aren't allowing new models from these vendors (which is a whole 'nother kettle of fish.) But how does barring software updates on already deployed hardware benefit anyone? At least they've extended it (probably extended enough, since Netgear, D-Link, etc. aren't exactly known for providing many years of updates anyway.) -
phead128 Is this the same FCC that tried to ban Jimmy Kimmel because they don't like his jokes?Reply
Is this the same FCC that removed Net Neutrality because Internet giants lobbying?
Is this the same FCC that banned foreign made routers and giving Netgear a solo monopoly as of that makes things more "secure"? Who is to say Netgear isn't giving backdoors to NSA in return for monopoly?
Is this the same FCC that banned new models of foreign drones because of "muh national security" when there is no evidence of national security issues?
FCC is run by a bunch of incompetents that exceed even Kash Patel's or Pete Kegsbreath' level drunkard incompetency.