FCC relaxes foreign-made router ban

Routers are boring until they stop getting patched. Then they turn into a security problem fast. That is basically the gap the FCC just tried to close. The agency is still blocking new approvals for broad categories of foreign-made consumer routers and some drones, but it quietly loosened one part of the rule on May 8 so gear already in use can keep receiving software and firmware updates until January 1, 2029. ### What did the FCC actually change? It did not reverse the ban. The ban still blocks equipment authorization for newly covered products — which is the step that lets companies import and sell many radio devices in the US. What changed is the waiver for devices that were already authorized or already deployed. The FCC pushed that waiver out by two years and clarified that vendors can keep shipping software and firmware updates for those products through at least the start of 2029. (arstechnica.com) ### Which devices are we talking about? Two buckets. First, consumer-grade routers produced in a foreign country, which the FCC added to its Covered List on March 23, 2026. Second, drones and certain drone components produced abroad, which were added earlier, in late 2025, with some later carveouts and FAQ guidance. The common thread is that the FCC now treats these categories as posing national-security risk on a going-forward basis unless they qualify for an exemption or conditional approval. (arstechnica.com) ### Why was a waiver needed at all? Because the original crackdown created an awkward side effect. If you ban a class of products too bluntly, you can also freeze the update pipeline for devices already sitting in homes, offices, warehouses, and field operations. That is the worst of both worlds — no new approvals, but also no patches for old boxes still connected to real networks. The FCC’s updated guidance basically admits that unpatched deployed gear is its own risk. (fcc.gov) ### Does this mean consumers need to replace routers now? Not automatically. The FCC’s own router FAQ says current users of lawfully obtained covered routers are not being told to rip them out immediately, and there are no blanket restrictions on merely using them. The main pressure lands on future approvals, imports, and sales of newly covered models. So if you already own one, the practical takeaway is simpler: keep updating it while the waiver is in place. (arstechnica.com) ### Why does “firmware updates” matter so much? Because firmware is where a lot of the real security maintenance lives. Router bugs, Wi‑Fi flaws, authentication fixes, and stability patches often arrive there, not in some app-store style update channel. Think of the waiver as permission to keep changing the locks on a house you already live in. Without it, the device might stay online but slowly become easier to break into. (fcc.gov) ### What is the catch for companies? The catch is that support windows and procurement rules are now colliding. Enterprises, ISPs, schools, and public agencies can no longer assume that “already deployed” means “safely supportable forever.” If a product category ends up on the Covered List, legal approval, replacement planning, and patch management all become architecture questions, not just purchasing questions. Segmenting older hardware and shortening refresh cycles starts to look less optional. (arstechnica.com) This is an inference from the FCC’s actions and the way the waiver was structured. ### Why stop at 2029? The FCC has not framed this as a permanent safe harbor. It looks more like a bridge — long enough to keep existing equipment patched while users and vendors move to compliant replacements or seek conditional approvals where available. In other words, the agency wants fewer risky new products entering the market, but it also does not want millions of already-installed devices to rot in place unpatched. (fcc.gov) ### Bottom line This is a small policy retreat, not a policy reversal. The FCC still wants foreign-made routers and some drones out of the future approval pipeline. But it also realized that security bans can backfire if they strand the gear people already depend on. So the rule now has a pressure valve — patches can keep flowing for a few more years. (arstechnica.com)