In a nutshell: The FCC has extended a deadline that will allow millions of routers and drones already in use in the US to keep receiving software updates for several more years, easing part of its broader national security crackdown. In an order released last week, the agency said foreign-made routers and uncrewed aircraft systems previously approved for use can continue to receive firmware and software updates until at least January 1, 2029. The earlier cutoff had been set for March 2027, raising concerns that devices still widely deployed in homes and businesses could lose access to critical security patches.

The change leaves the FCC's broader policy intact. Rules adopted in March block approval of new consumer routers manufactured outside the United States, part of an effort the commission says targets national security risks in foreign supply chains. That restriction remains in place, with exemptions granted selectively to companies the government deems safe. Netgear and Amazon-owned Eero are among those that have already received approval.

Instead, the FCC adjusted how long devices already on the market can receive software updates. Under the updated waiver, those products can continue to receive updates intended to maintain functionality and address vulnerabilities. That includes security patches and updates needed to maintain compatibility with operating systems and network environments.

The agency also expanded what types of updates are allowed. The original waiver covered only so-called Class I permissive changes, which are modifications that do not alter a device's reported performance characteristics.

The revised policy now includes Class II changes, which may introduce small variations in performance but are still considered acceptable under FCC rules. In practical terms, that expansion removes uncertainty around routine firmware updates that fall outside a narrow definition of "no-impact" changes.

The FCC's engineering office said the change is meant to avoid unintended consequences from its earlier rules. Allowing updates to continue, it said, helps "mitigate harm to US consumers" by ensuring that devices do not become frozen in time with unpatched vulnerabilities. That concern is especially relevant for routers, which are frequent targets if left unmaintained.

The waiver applies to equipment included on the FCC's Covered List, which identifies technologies the agency considers to pose "an unacceptable risk to the national security of the United States or the security and safety of United States persons." Devices on that list are subject to tighter controls, including limits on both import approvals and ongoing software support unless a waiver is granted.

While the extension provides some breathing room, it does little to clarify how the hardware restrictions will play out over time. Many router manufacturers have not yet secured exemptions to continue selling new devices in the US, and the approval process requires sign-off from either the Department of Defense or the Department of Homeland Security. That leaves vendors trying to plan product roadmaps without clear timelines for approval.

The outlook may be especially complicated for companies with ties to China. A report from the Global Electronics Association suggested that manufacturers based in or sourcing from allied countries could face fewer hurdles, while Chinese-origin companies may encounter a presumption of denial. TP-Link Systems Inc., whose headquarters are in the United States, is still waiting on a decision after meeting with FCC officials in April. In a filing, the company said, "TP-Link routers are safe and secure. Publicly available data places TP-Link on par with or ahead of other major industry players in terms of security outcomes."

For now, the FCC is trying to avoid a scenario where existing infrastructure becomes less secure because of its own rules. Extending the update window and broadening permissible software changes reflects the role ongoing firmware support plays in maintaining network security, even as the agency tightens controls on new hardware.