FCC to allow banned drones and routers to receive critical updates until 2029
Good news for owners of foreign-made drones and routers: The Federal Communications Commission has changed its original deadline that would have banned firmware updates for these devices after March 1, 2027.
In an announcement Published on May 8, 2026, the FCC Office of Engineering and Technology (OET) updated its previous guidance to allow new software and firmware updates for foreign-made drones and routers until January 1, 2029, adding nearly two years to the original deadline.
FCC Proposed Plan to Combat Spam Calls Puts Consumer Privacy at Risk
The main concerns cited by the US government are espionage, unauthorized surveillance and data exfiltration, all of which can be enabled by backdoor exploits directly integrated into drones and routers. The most famous example of such a cyberattack is the current Volt Typhoon “advanced persistent threat” (APT), which attempts to exploit compromised hardware, including routers, to steal data and establish “command and control” channels over US cyberinfrastructure.
Crushable speed of light
And although drones are newer than routers, they have been used for industrial espionage since at least 2022, when drones were used for infiltrate the wireless networks of a major American financial company.
From a numerical perspective alone, the scale of the vulnerability is frightening: around 60% of US routers are made in China, according to Reuterswhile more than 80% of operational drones in the United States were designed and built in China, according to the The Wall Street Journal.
But put yourself in the shoes of someone who just shelled out a lot of money for a drone or router, only to learn, after the fact, that the government made your purchase illegal. The Consumer Technology Association, defending precisely the interests of these American consumers, published an open letter to the FTC last month, urging lawmakers to show leniency and better clarify which products might be affected by the ban.
Their efforts are likely behind the two-year extension, but supply chains and manufacturers are expected to relocate in the coming years as the scale of the cybersecurity threat becomes clearer.
