FCC allows software updates until 2029

Routers and drones are the kind of products that get more dangerous when they stop getting updates. That is the core problem the FCC just had to deal with. The agency spent the past few months tightening restrictions on foreign-made networking gear and drones, but on May 8 it carved out a big practical exception: already-approved devices can keep receiving software and firmware updates until January 1, 2029. That matters because a ban on patches can turn a security policy into a security hole. ### What changed on May 8? The FCC’s Office of Engineering and Technology updated its guidance so covered foreign-made routers, drones, and some related components can still receive software and firmware changes meant to reduce harm to U.S. users through January 1, 2029. The earlier cutoff had been in early 2027, so this is roughly a two-year extension. ### What is the FCC trying to restrict? The bigger policy has not gone away. In December 2025, the FCC added certain foreign-produced drones and critical drone components to its Covered List, which blocks new equipment authorizations for those products. In March 2026, it did the same for all consumer-grade routers produced in foreign countries, meaning new models in those categories cannot get approved for import, marketing, or sale in the U.S. (mashable.com) ### So why allow updates at all? Because unpatched devices are a mess. The FCC’s updated router FAQ says covered routers can receive “basic software and firmware edits,” and the broader May 8 guidance extended that logic to security-focused updates for already-deployed gear. Basically, the agency seems to have concluded that freezing software on devices already sitting in homes, businesses, and public-safety fleets would create more immediate cyber risk than it would solve. (fcc.gov) ### Does this mean the ban got reversed? No — that is the important distinction. The FCC did not reopen the door for new foreign-made router and drone models to flow into the U.S. market as normal. The restriction on future approvals still stands. What changed is the treatment of products that were already authorized or already in use, which now get a longer runway for maintenance and security patching. (fcc.gov) ### Why are routers and drones grouped together? They look like different markets, but the FCC sees a similar national-security issue in both. Routers sit at the center of home and small-business internet traffic. Drones can collect video, location, and telemetry data, and they also matter for public safety and airspace security. The government’s concern is that foreign-produced equipment in both categories could enable surveillance, data exfiltration, or other exploitation if the wrong actors control the hardware or software stack. (fcc.gov) ### Who does this help in practice? Anyone already relying on this gear. That includes households with imported consumer routers, enterprises with installed networking equipment, and drone operators that cannot swap fleets overnight. The extension gives them time to keep devices patched while they plan replacements, instead of forcing a weird limbo where the gear remains legal to use but becomes steadily less safe to operate. That is the lifecycle-security argument in plain English. (sea.mashable.com) ### Could this become permanent? Possibly, but not yet. One recent report notes the FCC may later fold this waiver logic into formal rules, which could remove the hard cutoff altogether. Right now, though, the date that matters is January 1, 2029 — not forever, just a longer bridge between national-security restrictions and the reality that software maintenance does not stop when policy changes. (fcc.gov) ### Bottom line The FCC is still trying to squeeze foreign-made routers and drones out of future U.S. approvals. But turns out there is a practical limit to how hard you can push that idea once millions of devices are already deployed. Extending updates to 2029 is the agency admitting that secure retirement is better than abrupt software abandonment. (msn.com)