The Federal Communications Commission (FCC) has granted a two-year extension for foreign-made routers to continue receiving security patches and firmware updates. According to a May 8, 2026, announcement, the new deadline for software maintenance is Jan. 1, 2029, a significant shift from the initial March 1, 2027, cutoff. The move provides a temporary reprieve for a domestic market where nearly every consumer networking device is manufactured abroad.
This extension follows a sweeping FCC ban on foreign-made routers enacted on March 23, 2026. The agency cited national security concerns, stating that routers produced overseas were directly implicated in the Volt, Flax, and Salt Typhoon cyberattacks. Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) previously attributed the Volt Typhoon campaign to state-sponsored actors targeting critical infrastructure. Without the deadline shift, millions of devices currently in use across the United States risked becoming vulnerable to exploits due to a lack of security maintenance.
Industry groups highlighted the logistical challenges posed by the initial ban. Kevin O’Hanlon, vice president at the Global Electronics Association, told CNET that there is currently no domestic supply chain for a final networking product. While the FCC has granted specific exemptions to Netgear and Amazon-owned Eero, those waivers are contingent on the companies onshoring their manufacturing processes within mandatory timelines. Alan Butler, senior counsel at the Electronic Privacy Information Center, observed that without these extensions, a large percentage of existing hardware would simply turn into pumpkins in a year.
The privileged position of networking hardware makes security maintenance essential. Rik Ferguson, vice president of security intelligence at Forescout, noted that all home network traffic must pass through the router. Last month, the FBI took the rare step of remotely resetting out-of-date routers that had stopped receiving software updates to mitigate ongoing threats. The FCC indicated it will recommend codifying this waiver through a formal rulemaking process to make the update permissions permanent, even as the broader restrictions on foreign manufacturing remain in place.
