The FCC announced on May 8, 2026, that it will allow critical software and firmware updates to continue for foreign-made drones and routers until January 1, 2029, extending the original ban deadline by nearly two years.
- Update deadline extended from 2027 to 2029
- Concerns focus on espionage and unauthorized surveillance
- Majority of U.S. drones and routers are foreign-made
What happened
The Federal Communications Commission (FCC) revised its previous guidance related to firmware updates on foreign-made drones and routers. Initially, updates for these devices were set to be banned after March 1, 2027, but the FCC's Office of Engineering and Technology extended this deadline to January 1, 2029. This extension grants nearly two more years for vendors and users to manage security vulnerabilities without losing the ability to receive critical patches.
This decision follows concerns about hardware security related to drones and routers primarily originating from China. The update ban was designed to prevent potential cyber exploits used for espionage, unauthorized surveillance, and data exfiltration. The extension reflects an attempt to balance cybersecurity policy enforcement with the practical realities faced by consumers and manufacturers.
Why it matters
Foreign-made routers and drones represent a significant share of the U.S. market, with approximately 60% of routers and over 80% of drones produced abroad, mainly in China. These devices are considered potential channels for cyberattacks due to embedded vulnerabilities, exemplified by threats like the Volt Typhoon advanced persistent threat, which targets compromised hardware to access critical American infrastructure data.
By delaying the end of update support, the FCC is providing consumers and manufacturers time to address existing security issues and seek alternatives. Organizations like the Consumer Technology Association urged regulators to reconsider the original ban, emphasizing the impact on American consumers who have already invested in these technologies. The extension also hints at a gradual shift toward increased supply chain localization in response to the evolving cybersecurity landscape.
What to watch next
The extended deadline to 2029 opens a window for hardware makers to redesign and localize production to comply with U.S. security standards, potentially reducing reliance on foreign-made components vulnerable to exploitation. Regulatory bodies will likely continue refining policies to mitigate security risks while minimizing consumer disruption and uncertainty.
Additionally, the enforcement and clarification of product restrictions remain key. The FTC and other agencies may issue further guidance to clearly define which devices are subject to bans or update restrictions, helping consumers make informed decisions. Monitoring developments related to espionage threats and cybersecurity incidents involving drones and routers will be crucial as the deadline approaches.