Good news for owners of foreign-made drones and routers: the Federal Communications Commission has amended its original deadline that would have banned firmware updates to these devices after March 1, 2027.
In an announcement posted on May 8, 2026, the FCC's Office of Engineering and Technology (OET) updated its previous guidance to allow new software and firmware updates to foreign-made drones and routers until January 1, 2029, adding nearly two years to the initial cut-off date.
The main concerns cited by the American government are espionage, unauthorized surveillance, and data exfiltration, all of which can be enabled by backdoor exploits built directly into both drones and routers. The most famous example of such a cyberattack is the ongoing Volt Typhoon "advanced persistent threat" (APT), which attempts to leverage compromised hardware, including routers, to steal data and establish "command and control" channels over American cyber infrastructure.
And though drones are newer than routers, they have been used in corporate espionage since at least 2022, when drones were used to infiltrate the wireless networks of a major American financial firm.
From a numbers perspective alone, the size of the vulnerability is frightening: around 60% of America's routers are manufactured in China, according to Reuters, while more than 80% of the drones operational in the United States were designed and built in China, according to the Wall Street Journal.
But put yourself in the shoes of someone who just shelled out serious money for a drone or router, only to learn, after the fact, that the government had made your purchase illegal. The Consumer Technology Association, advocating on behalf of precisely those American consumers, issued an open letter to the FTC just last month, urging legislators to exercise leniency, as well as to better clarify which products might be affected by the ban.
Their efforts are probably responsible for this two-year extension, but expect supply lines and manufacturers to re-localize in the coming years as the full scope of the cybersecurity threat becomes clearer.