FCC extends security-update waiver for covered drones and routers to 2029
Covered drone and router vendors can issue security updates only within the FCC waiver scope
Change
The FCC extended until at least 1 January 2029 waivers allowing software and firmware updates for previously authorised covered UAS, UAS critical components and covered routers despite Covered List permissive-change restrictions.
Why it matters
The order preserves a route for security and functionality updates to covered devices already authorised before their Covered List dates. The waiver does not reopen general equipment-authorisation pathways for all covered devices; it is limited to software and firmware updates that mitigate harm to US consumers. Device compliance teams must map each update to the covered-device category, original authorisation date and waiver scope before release.
Implications
- — Covered UAS and router manufacturers must verify that each software or firmware update fits the FCC waiver scope — updates outside the waiver remain blocked by the permissive-change restrictions for Covered List equipment.
- — Equipment-authorisation compliance teams must check the device’s original authorisation date against the relevant Covered List date — the waiver applies only to covered UAS and UAS critical components authorised before 22 December 2025 and covered routers authorised before 23 March 2026.
- — Security-update and product-maintenance teams must document that covered updates mitigate harm to US consumers, patch vulnerabilities, maintain functionality or preserve operating-system compatibility — undocumented update purposes weaken the compliance basis for relying on the waiver.
Who is affected
- — Covered UAS and router manufacturers
- — Equipment-authorisation compliance teams
- — Security-update and product-maintenance teams
- — US importers and distributors of covered consumer routers
What to watch
- — 1 January 2029: FCC waiver remains available until at least this date for covered software and firmware updates.