The Federal Communications Commission‘s Office of Engineering and Technology released Public Notice DA 26-454 on Friday, May 8, 2026, extending its waiver for software and firmware updates to previously authorized foreign-made drones, UAS critical components, and consumer routers until at least January 1, 2029. The earlier deadlines were January 1, 2027 for drones and March 1, 2027 for routers. The agency also broadened the waiver to cover Class II permissive changes, substantive software and firmware modifications that mitigate consumer harm, in addition to the Class I changes the prior waivers already permitted.

The reasoning in the OET notice is the part worth reading. The agency stated that “special circumstances warrant a deviation from the general rules and the public interest would be better served by extending the waiver.” Translated out of regulatory language: blocking security patches on the millions of already-deployed DJI drones, Autel drones, and TP-Link routers sitting in American homes would have created a worse cybersecurity problem than the one the Covered List was meant to address. The agency is admitting that the ban it issued in December 2025, then expanded to routers in March 2026, would have left the existing installed base less safe over time if updates stopped flowing.

I have followed this regulatory chain since the October 28, 2025 FCC vote that granted the agency retroactive ban authority. Friday’s notice is the third time the OET has had to walk back the practical consequences of the Covered List framework: first for drones in January 2026, then for routers in March 2026, now for both together until 2029.

DA 26-454 Pushes Two Deadlines To 2029 And Adds Class II Updates

Under DA 26-454, all UAS, UAS critical components, and consumer-grade routers manufactured outside the United States that received FCC equipment authorization before being placed on the Covered List can continue to receive software and firmware updates until at least January 1, 2029. The waiver covers Class I permissive changes, modifications that do not require a new FCC filing and include security patches and bug fixes. It now also covers Class II permissive changes involving more substantial software and firmware work intended to mitigate consumer harm.

The eligibility cutoff dates are the December 22, 2025 Covered List addition for drones and the March 23, 2026 Covered List addition for consumer routers. A drone authorized on December 21, 2025 is covered. A drone authorized on December 23, 2025 was never eligible. The waiver does not retroactively authorize anything that was blocked when the original framework took effect.

The Covered List Itself Has Not Changed

The OET notice is explicit: the waiver does not remove any device from the Covered List, does not roll back the broader ban on new equipment authorizations, and does not create any new market access for DJI, Autel, TP-Link, or any other affected foreign manufacturer. Companies caught by the December 2025 and March 2026 additions remain blocked from bringing new products to the U.S. market unless they secure a Conditional Approval determination from the Department of War or the Department of Homeland Security.

To date, four enterprise drone systems have cleared that process: SiFly Aviation Q12, Mobilicom SkyHopper Series, ScoutDI Scout 137, and Verge X1. All four are from non-Chinese manufacturers. DJI and Autel remain fully blocked. On the router side, Netgear and Amazon eero have secured exemptions through the same pathway, while TP-Link has not, despite publicly committing to U.S. manufacturing investment.

The Logical Contradiction The FCC Just Conceded

The original December 22, 2025 determination found that foreign-made drones “pose an unacceptable risk to the national security of the United States and to the safety and security of U.S. persons.” The March 2026 router action used nearly identical language. Friday’s waiver is the agency telling the same drone and router owners that those same products, in the same homes and businesses, need to keep receiving software updates from those same foreign manufacturers for another two years and seven months, because cutting off updates would make the devices less safe.

Both statements cannot be fully true. Either these devices are dangerous enough that the U.S. market needs to be closed to new units, or they are safe enough that the installed base should remain on a normal patch cycle. The OET’s answer in DA 26-454 is implicitly the second. The agency cites concerns about “the continued safe operation of existing models” as the justification for letting Class II software modifications flow through. That is the federal government on the record stating that the DJI patch pipeline is part of consumer protection in the United States.

The Rulemaking Signal

The most consequential line in DA 26-454 sits in the final paragraph: “OET will, as soon as practicable, recommend to the full Commission that it consider codifying this waiver with respect to covered equipment described herein, as well as any future covered equipment with similar characteristics.”

That is the OET saying it does not believe a temporary waiver is the right long-term answer and that the full Commission should write the update permission directly into the rules. If that recommendation moves forward, the patch pipeline for grandfathered DJI hardware shifts from a discretionary administrative decision that can be revoked by the next OET memo to a codified regulation that requires a full notice-and-comment proceeding to undo. That is a structurally more durable protection for the existing U.S. installed base.

DroneXL’s Take

In January 2026, when the OET issued the first waiver running to January 1, 2027, I predicted the FCC would establish a formal firmware review process before that deadline arrived. That prediction has not come to pass. Instead, the agency has extended the existing waiver and broadened the categories of permitted changes. The OET is also now signaling it will recommend codifying the result through rulemaking. That is a meaningful departure from where I thought this was heading four months ago.

The pattern I have watched since October 2025 is consistent on the front end of the policy and inconsistent on the back end. The front end is the political message: foreign drones and foreign routers are a national security risk, and the U.S. market must be closed to new units. The back end is the engineering reality: millions of already-authorized devices are sitting in American homes, on American farms, and in American police departments, and the agencies running this policy do not actually want those devices to stop receiving security updates. The May 8 notice is the back end winning another round.

What I would watch from here. The OET’s recommendation to the full Commission for codifying the waiver is the first signal that matters. If that recommendation arrives and moves into a formal Notice of Proposed Rulemaking, the patch pipeline for existing DJI and Autel hardware in the U.S. becomes harder to unwind. If the recommendation sits, January 1, 2029 becomes the next regulatory cliff, and the agency will face the same engineering reality it just acknowledged today, only with two and a half more years of accumulated security debt on the existing installed base.

The May 11 reply deadline on DJI’s reconsideration petition is today. Whether the timing of DA 26-454, released three days before the FCC’s record on DJI’s petition closes, was a coincidence or a signal is an open question that the public record does not answer. What is observable is that the OET issued a major waiver expansion benefiting the same companies whose petitions the full Commission is preparing to consider. The classified intelligence the Pentagon cited in its April opposition filing and the OET’s engineering acknowledgement that these devices are safe enough to keep patching are two government positions that need to share the same administrative record. Whether the full Commission can reconcile them is the question Friday’s waiver leaves unresolved.

Sources: FCC Office of Engineering and Technology, Public Notice DA 26-454; Tom’s Hardware.

DroneXL uses automated tools to support research and source retrieval. All reporting and editorial perspectives are by Haye Kesteloo.

Discover more from DroneXL.co

Subscribe to get the latest posts sent to your email.

Check out our Classic Line of T-Shirts, Polos, Hoodies and more in our new store today!

MAKE YOUR VOICE HEARD

Proposed legislation threatens your ability to use drones for fun, work, and safety. The Drone Advocacy Alliance is fighting to ensure your voice is heard in these critical policy discussions.Join us and tell your elected officials to protect your right to fly.

TAKE ACTION NOW

Get your Part 107 Certificate

Pass the Part 107 test and take to the skies with the Pilot Institute. We have helped thousands of people become airplane and commercial drone pilots. Our courses are designed by industry experts to help you pass FAA tests and achieve your dreams.

Copyright © DroneXL.co 2026. All rights reserved. The content, images, and intellectual property on this website are protected by copyright law. Reproduction or distribution of any material without prior written permission from DroneXL.co is strictly prohibited. For permissions and inquiries, please contact us first. DroneXL.co is a proud partner of the Drone Advocacy Alliance. Be sure to check out DroneXL's sister site, EVXL.co, for all the latest news on electric vehicles.

FTC: DroneXL.co is an Amazon Associate and uses affiliate links that can generate income from qualifying purchases. We do not sell, share, rent out, or spam your email.