THE US Federal Communications Commission has extended the deadline for owners of banned internet routers to provide security updates to US-based users by two years. In March 2026, the Commission banned the import and sale of all consumer-grade internet routers produced in a foreign country, placing them on the FCC’s covered list with limited exceptions for units granted conditional approval by the DoD or DHS.
Alongside the ban, manufacturers were told they could still ship security updates to US-based customers until March 2027, and a new public notice published on May 8 extends this deadline to at least 1 January 2029 for software and firmware updates that mitigate harm to US consumers. The extension covers updates that patch vulnerabilities and ensure device functionality, but does not allow new features via this channel.
The same extension applies to foreign-made drone systems and drone critical components, which were banned in December 2025; these mitigations are presented as reducing attackers’ footholds in unpatched, end‑of‑life infrastructure, including campaigns linked to Volt Typhoon and Salt Typhoon.