The U.S. Federal Communications Commission (FCC) recently announced that it will extend the software update deadline for foreign-made Wi-Fi routers and drones from 2027 to January 1, 2029. This decision is intended to protect U.S. consumers from cybersecurity threats. On Friday, the FCC's Office of Engineering and Technology issued an extension order allowing previously authorized foreign-made drones and Wi-Fi routers to "continue to receive software and firmware updates to mitigate harm to U.S. consumers" until at least January 1, 2029.
Previously, affected routers could only receive software updates until March 1, 2027, while the deadline for foreign-made drones was set to January 1, 2027. The White House has pushed for the bans, arguing that foreign-made drones and Wi-Fi routers pose national security risks to U.S. networks and infrastructure. However, an obvious problem is that these two types of products are widely used by millions of consumers, and without software updates provided by the manufacturers to patch vulnerabilities that hackers can exploit, these devices will be at risk of security vulnerabilities.
The Office of Engineering and Technology decided to address the issue after a major tech industry group urged the FCC to extend the deadline, citing "public interest." The extension statement states: "These updates include all software and firmware updates that ensure continued functionality of the device, such as updates that patch vulnerabilities and promote compatibility with different operating systems. The Office of Engineering and Technology believes that special circumstances require departures from the general rule and that extending the exemption from the prohibition on Class I license changes in these cases is more in the public interest."
The office also plans to recommend that the Commission consider "codifying this exemption through the rulemaking process," the statement said. "The limited duration of this exemption will also provide the Commission with an opportunity to conduct rulemaking on this issue while also reducing potential harm to the public interest." Therefore, the FCC may further extend the deadline or even lift the restriction entirely, depending on future rulemaking. The office's exemption adds that software and firmware updates involving more substantial "Class II licensing changes that mitigate harm to U.S. consumers" are also allowed until January 1, 2029. Previously, the office only allowed software updates that were classified as minor Category 1 licensing changes.
"We clarify that this exemption only applies to the prohibition on Class I or II license changes to already authorized equipment," the Office of Engineering and Technology clarified. (Category III changes are more significant and involve changes to the radio transmitter, such as frequency range or output power.) All upcoming and newly developed foreign-made Wi-Fi routers and drones remain prohibited unless the vendor obtains a short-term exemption known as "conditional approval" from the Pentagon or Department of Homeland Security. So far, only a handful of router and drone manufacturers have received exemptions, including Netgear and Amazon's eero. Chinese drone maker DJI and major Wi-Fi router brand TP-Link have not yet received exemptions.
TP-Link plans to apply for an exemption and has informed the committee that the company is investing "hundreds of millions of dollars" in U.S. manufacturing. DJI, meanwhile, has been fighting the ban in court and through the FCC's own petition process, hoping to remove itself from the blacklist.