The Federal Communications Commission (FCC) has quietly extended waivers allowing software and firmware updates for foreign-made routers currently in use in the U.S. until at least January 1, 2029. This move prevents a looming disruption in network security that would have resulted from the original ban on updates, set to start as early as 2027.

  • FCC bans new approvals for foreign-made routers starting 2026-27
  • Existing devices can now receive updates through early 2029
  • Update block risked exposing networks to persistent vulnerabilities

What happened

In March 2026, the FCC updated its Covered List to include all foreign-made consumer routers, effectively banning the sale of new devices made outside the U.S. However, this policy initially did not consider the impact on existing devices already in use. Without further action, these devices would have been blocked from receiving software and firmware updates starting as early as January 1, 2027.

Recognizing this serious security gap, the FCC has now quietly extended the waiver allowing updates for currently deployed foreign-made routers and related equipment through January 1, 2029. This extension ensures that these devices can continue receiving necessary security patches that address vulnerabilities and protect users and critical infrastructure from cyber threats.

Why it matters

Routers play a central role in handling network traffic, and vulnerabilities in these devices have been exploited in significant cyberattacks like Volt, Flax, and Salt Typhoon. Blocking updates for millions of routers could leave consumers and organizations vulnerable to attackers, undermining the FCC's goal of reducing network risks. Firmware updates often include critical fixes to newly discovered security flaws, and denying these patches effectively freezes devices with outdated protections.

The original policy assumed that moving manufacturing to the U.S. would mitigate risks, but routers and their components are predominantly made abroad and sourced internationally. Security flaws affect hardware regardless of origin, so blocking firmware updates globally on foreign-made routers was widely viewed as counterproductive. Experts and industry groups supported the FCC’s updated stance, highlighting that ongoing patching is essential for maintaining device security.

What to watch next

Additionally, the extension lasts until January 2029 amid political transitions, with the potential for new FCC leadership to revisit or revise these policies. It will be important to monitor whether the agency balances national security concerns with practical cybersecurity needs, ensuring that critical network devices remain both secure and updatable.

Source assisted: This briefing began from a discovered source item from The Register Headlines. Open the original source.
How SignalDesk reports: feeds and outside sources are used for discovery. Public briefings are edited to add context, buyer relevance and attribution before they are published. Read the standards

Related briefings

Instagram Discontinues End-to-End Encrypted Direct Messages Twin Brothers Erase 96 Government Databases Minutes After Termination Law Firms and LLM Vendors Pioneer Collaborative AI Workflows for Legal Services