US FCC Lets Consumer Routers Receive Updates Through 2028

Endpoint Security , Governance & Risk Management , Patch Management US FCC Lets Consumer Routers Receive Updates Through 2028 Agency Grants Routers a 18-Month Reprieve From Obsolesce Greg Sirico • May 12, 2026     Share Post Share Credit Eligible Get Permission Image: Shutterstock The U.S. Federal Communications Commission extended through Jan. 1, 2029, a waiver allowing foreign-made routers already approved for use in the United States to continue receiving updates. See Also: The Healthcare CISO's Guide to Medical IoT Security The agency earlier this year instituted a ban on foreign-made consumer routers, citing national security concerns. It set March 1, 2027, as a cutoff date for existing routers to receive patches (see: US FCC Targets Foreign Routers in Supply-Chain Crackdown). Almost all consumer-grade routers are made outside the United States, leaving manufacturers uncertain about how to continue producing new models. Industry lobbying group Global Electronics Association has criticized the ban, saying that security flaws in routers don't correlate to where they're made. They're primarily a function of inadequate patching and equipment operating past its end-of-life. Netgear in April obtained a temporary waiver allowing it to continue importing already-approved consumer routers through most of 2027 (see: US FCC Grants Netgear Temporary Exemption From Router Ban). Amazon-owned Eero has also obtained a waiver. The FCC requires as a condition of obtaining a waver submitting a plan for establishing router manufacturing plants inside the United States. Published by the FCC's Office of Engineering and Technology last Friday, the extension includes expanded waivers covering "analogous Class II permissive changes" tied to software and firmware updates intended to mitigate harm to U.S. consumers. Class II permissive changes typically involve more substantive hardware or software modifications than Class I updates and often require FCC review and approval before being deployed. According to the notice, the FCC said an expanded waiver is required to ensure any previously authorized devices can still receive updates.