Federal & State Lawfederalstatelaw.com
Home/Federal/Federal Register/2025-21001
Rule2025-21001

Protecting Against National Security Threats to the Communications Supply Chain Through the Equipment Authorization Program

Primary source

Metadata and text below are from the Federal Register, a public-domain U.S. government work. Always verify the official published version before relying on it for any legal matter.

Published
November 25, 2025
Effective
December 26, 2025

Issuing agencies

Federal Communications Commission

Abstract

In this document, the Federal Communications Commission (Commission or FCC) clarifies that rules prohibiting authorization of covered equipment include modular transmitters and adopts a prohibition on authorization of devices that include modular transmitters that are covered equipment. The Commission also adopts a procedure to limit previously granted authorizations of covered equipment to prohibit the continued importation and marketing of such equipment. It further discusses the broad scope of the prohibition on authorization of equipment identified on the Covered List by clarifying the term "produced by" as used in the Commission's rules concerning covered equipment and clarifying the prohibition on modification to previously authorized covered equipment.

Full Text

<html>
<head>
<title>Federal Register, Volume 90 Issue 225 (Tuesday, November 25, 2025)</title>
</head>
<body><pre>
[Federal Register Volume 90, Number 225 (Tuesday, November 25, 2025)]
[Rules and Regulations]
[Pages 53227-53237]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2025-21001]


=======================================================================
-----------------------------------------------------------------------

FEDERAL COMMUNICATIONS COMMISSION

47 CFR Part 2

[ET Docket No. 21-232; FCC 25-71; FR ID 318540]


Protecting Against National Security Threats to the 
Communications Supply Chain Through the Equipment Authorization Program

AGENCY: Federal Communications Commission.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: In this document, the Federal Communications Commission 
(Commission or FCC) clarifies that rules prohibiting authorization of 
covered equipment include modular transmitters and adopts a prohibition 
on authorization of devices that include modular transmitters that are 
covered equipment. The Commission also adopts a procedure to limit 
previously granted authorizations of covered equipment to prohibit the 
continued importation and marketing of such equipment. It further 
discusses the broad scope of the prohibition on authorization of 
equipment identified on the Covered List by clarifying the term 
``produced by'' as used in the Commission's rules concerning covered 
equipment and clarifying the prohibition on modification to previously 
authorized covered equipment.

DATES: Effective December 26, 2025.

FOR FURTHER INFORMATION CONTACT: Jamie Coleman of the Office of 
Engineering and Technology, at <a href="/cdn-cgi/l/email-protection#a7edc6cacec289e4c8cbc2cac6c9e7c1c4c489c0c8d1"><span class="__cf_email__" data-cfemail="2369424e4a460d604c4f464e424d634540400d444c55">[email&#160;protected]</span></a> or 202-418-2705.

SUPPLEMENTARY INFORMATION: This is a summary of the Commission's Second 
Report and Order, in ET Docket No. 21-232, FCC 25-71, adopted on 
October 28, 2025, and released on October 29, 2025. The full text of 
this document is available for public inspection and can be downloaded 
at <a href="https://docs.fcc.gov/public/attachments/FCC-25-71A1.pdf">https://docs.fcc.gov/public/attachments/FCC-25-71A1.pdf</a>. Alternative 
formats are available for people with disabilities (Braille, large

[[Page 53228]]

print, electronic files, audio format) by sending an email to 
<a href="/cdn-cgi/l/email-protection#6c0a0f0f595c582c0a0f0f420b031a"><span class="__cf_email__" data-cfemail="6a0c09095f5a5e2a0c0909440d051c">[email&#160;protected]</span></a> or calling the Commission's Consumer and Governmental 
Affairs Bureau at (202) 418-0530 (voice), (202) 418-0432 (TTY).
    Regulatory Flexibility Act. The Regulatory Flexibility Act of 1980, 
as amended (RFA), requires that an agency prepare a regulatory 
flexibility analysis for notice-and-comment rulemaking, unless the 
agency certifies that ``the rule will not, if promulgated, have a 
significant economic impact on a substantial number of small 
entities.'' Accordingly, the Commission has prepared a Final Regulatory 
Flexibility Analysis (FRFA) concerning the possible impact of the rule 
and policy changes contained in the Second Report and Order on small 
entities. The FRFA is set forth in Appendix C of the Second Report and 
Order.
    Paperwork Reduction Act. This document contains proposed new or 
modified information collection requirements subject to the Paperwork 
Reduction Act of 1995 (PRA), Public Law 104-13. The Commission, as part 
of its continuing effort to reduce paperwork burdens, will be inviting 
the general public and the Office of Management and Budget (OMB) to 
comment on any information collection requirements contained in this 
document. In addition, pursuant to the Small Business Paperwork Relief 
Act of 2002, Public Law 107-198, see 44 U.S.C. 3506(c)(4), the 
Commission will seek specific comment on how it might ``further reduce 
the information collection burden for small business concerns with 
fewer than 25 employees.''
    Congressional Review Act. The Commission has determined, and the 
Administrator of the Office of Information and Regulatory Affairs, 
Office of Management and Budget, concurs, that this rule is ``non-
major'' under the Congressional Review Act, 5 U.S.C. 804(2). The 
Commission will send a copy of the Second Report and Order and Further 
Notice of Proposed Rulemaking to Congress and the Government 
Accountability Office pursuant to 5 U.S.C. 801(a)(1)(A).

Synopsis

    In November 2022, as part of the Commission's ongoing efforts to 
protect the security of America's communications networks and equipment 
supply chains, the Commission adopted the Equipment Authorization 
Security Report and Order, Order, and Further Notice of Proposed 
Rulemaking, ET Docket No. 21-232 and EA Docket 21-233 (EA Security R&O 
and FNPRM). In that item, the Commission adopted rules as part of its 
equipment authorization program to prohibit authorization of 
communications equipment that has been determined to ``pose an 
unacceptable risk to the national security of the United States or the 
security and safety of United States persons'' (covered equipment), 
which the Commission publishes in its Covered List. The rules 
constituted significant changes to the prior equipment authorization 
program. The Commission recognized that these revisions were only first 
steps and that further revisions should be considered to better ensure 
effective implementation of this prohibition. In the FNPRM portion of 
the item, the Commission sought comment on taking additional steps in 
the equipment authorization program to protect our nation's 
communications networks and supply chains. Building on the record 
received, Commission experience implementing the prohibition, and other 
recent Commission actions aimed at protecting our nation's 
communications networks and supply chain, the Commission adopted this 
Second Report and Order to take important next steps in modifying the 
equipment authorization program.

Background

    Enacted in March 2020, the Secure Networks Act requires the 
Commission to publish a list of equipment and services that pose ``an 
unacceptable risk to the national security of the United States or the 
security and safety of United States persons'' based solely on specific 
determinations made by certain enumerated sources (Covered List). In 
June 2021, the Commission initiated this proceeding in Protecting 
Against National Security Threats to the Communications Supply Chain 
through the Equipment Authorization Program; Protecting Against 
National Security Threats to the Communications Supply Chain through 
the Equipment Authorization Program, ET Docket No. 21-232 & EA Docket 
No. 21-233, Notice of Proposed Rulemaking and Notice of Inquiry (2021) 
(EA Security NPRM). The Commission noted that this proceeding--which 
involves revising the Commission's equipment authorization program--is 
part of the Commission's overall efforts in carrying out its important 
role in protecting the security of America's equipment supply chains, 
and also is part of the ongoing efforts of Congress, the Executive 
Branch, and the Commission to identify and eliminate potential security 
vulnerabilities in communications networks and supply chains.
    In the EA Security R&O and FNPRM, the Commission established 
several new rules to prohibit authorization of equipment identified on 
the Commission's Covered List developed pursuant to the Secure Networks 
Act. In particular, the Commission adopted several revisions to its 
part 2 rules concerning equipment authorization requirements, 
processes, and guidance that involve significant changes to the 
equipment authorization program. These changes include new requirements 
placed on applicants seeking equipment authorizations as well as 
``responsible parties'' associated with equipment authorizations and 
entities that are identified on the Covered List. These rules also 
place significant new responsibilities on telecommunication 
certification bodies (TCBs), private third-party organizations 
recognized by the Commission and to which the Commission has delegated 
particular responsibilities pursuant to section 302 of the 
Communications Act. TCBs are now tasked with reviewing equipment 
authorization applications and certifying that the subject equipment 
complies with all applicable Commission requirements, both technical 
(such as based on information submitted by test labs) and non-technical 
(such as those prohibiting authorization of covered equipment).
    These rules require that, going forward, no communications 
equipment produced by entities identified on the Covered List can 
obtain an equipment authorization unless the authorization is pursuant 
to the certification process, which would require filing an application 
with supporting data that TCBs review. Commission rules no longer 
permit authorization of any such equipment through the Supplier's 
Declaration of Conformity (SDoC) procedures, which does not require an 
application filing, nor can such equipment now qualify for any 
exemption from the need for an equipment authorization. To help 
implement the prohibition on authorization of any covered equipment, 
applicants seeking such authorization are required to make certain 
attestations (in the form of certifications) about the equipment for 
which they seek authorization-these include attesting that the 
equipment is not covered and indicating whether the applicant is an 
entity identified on the Covered List. To further help with 
implementation of the prohibition, the Commission adopted a requirement 
that each of the entities named on the Covered List file a report with 
the Commission identifying its

[[Page 53229]]

associated but unnamed entities (e.g., its subsidiaries and 
affiliates). TCBs, pursuant to their responsibilities as part of the 
Commission's equipment authorization program, review the applications 
and must ensure that only devices that meet all of the Commission's 
applicable technical and non-technical requirements are ultimately 
granted authorization, and that none of these grants are for covered 
equipment. To help TCBs perform their responsibilities, and to provide 
guidance to TCBs, applicants, and other interested parties, the 
Commission provides guidance on what constitutes covered equipment, 
with delegated authority to the Office of Engineering and Technology 
(OET) and the Public Safety and Homeland Security Bureau (PSHSB) to 
update that guidance as appropriate. The Commission has also adopted 
streamlined revocation procedures for authorizations of equipment in 
cases in which an applicant submitted false statements or 
representations in the newly required attestations relating to the 
equipment for which they had sought authorization.
    In adopting the EA Security R&O and FNPRM, the Commission decided 
not to require, at that time, that the applicant make attestations that 
address individual component parts contained within the applicant's 
equipment and it did not revoke previously granted authorizations of 
covered equipment. The Commission determined that both of these 
matters, along with several other issues, would receive further 
consideration.
    The Commission sought comment on whether the presence of certain 
component parts would result in the device being covered equipment 
prohibited from authorization and, if so, how the prohibition should be 
implemented in the Commission's equipment authorization program. It 
also sought comment on the role that applicants and responsible parties 
would play were the Commission to prohibit authorization of devices 
that include certain component parts. In addition, it sought comment on 
the extent to which the Commission should revoke any previous 
authorizations of covered equipment and, if so, based on which 
considerations and procedures, and the scope such revocations should 
take, as well as the extent to which it should take into account supply 
chain considerations. It also sought comment on whether to require all 
applicants seeking equipment certification to have a U.S.-based 
responsible party to help ensure compliance with the Commission's 
equipment authorization program rules. Finally, the Commission sought 
comment on various other issues concerning implementation of the 
prohibition on authorization of covered equipment, such as applicants' 
provision of additional information on equipment; additional activities 
that TCBs should conduct in light of the goals of this proceeding; the 
review of authorizations after grant by TCBs through post-market 
surveillance; and enforcement of the Commission's newly-adopted rules.
    Recent developments concerning the equipment authorization program. 
In 2023, Hikvision USA, Inc. and Dahua Technology USA, Inc. petitioned 
the U.S. Court of Appeals for the District of Columbia Circuit to 
review aspects of the Commission's EA Security R&O and FNPRM that 
affected them. Hikvision USA, Inc. v. Federal Communications 
Commission, 97 F.4th 938 (D.C. Cir. 2024). On April 2, 2024, the court 
issued a partial remand concerning one part of the Commission's 
decision. Specifically, the court vacated those portions of the 
Commission's decision defining ``critical infrastructure'' for purposes 
of understanding when video surveillance and telecommunications 
equipment produced by Hytera Communications Corporation (Hytera), 
Hangzhou Hikvision Digital Technology Company (Hikvision), and Dahua 
Technology Company (Dahua) (or their respective subsidiaries and 
affiliates) is used ``for the purpose of . . . physical security 
surveillance of critical infrastructure,'' statutory language drawn 
from Congress's proscription regarding such equipment as set forth in 
section 889(f)(3) of the National Defense Authorization Act of 2019 
(NDAA). The court found that the Commission's definition of ``critical 
infrastructure'' was ``unjustifiably broad,'' and remanded those 
portions of the Equipment Authorization Security R&O to the Commission 
to ``comport its definition and justification for it'' with the NDAA 
statutory provision.
    In May 2025, the Commission adopted Promoting the Integrity and 
Security of Telecommunications Certification Bodies, Measurement 
Facilities, and the Equipment Authorization Program, ET Docket No. 24-
136 (2025) (EA Integrity R&O and FNPRM), in which it took steps, and 
proposed further steps, to promote the integrity and security of TCBs, 
measurement facilities (test labs), and laboratory accreditation 
bodies, which play an integral role in the Commission's equipment 
authorization program. Specifically, it adopted a prohibition on FCC 
recognition of any TCB, test lab, or laboratory accreditation body 
owned by, controlled by, or subject to the direction of a prohibited 
entity (as defined by the EA Integrity R&O and FNPRM). These entities 
are barred from participating in the Commission's equipment 
authorization program, including both the equipment certification 
process and SDoC process. To help ensure that the Commission has the 
necessary information to enforce this prohibition, the Commission 
expanded its reporting and certification requirements for all 
recognized TCBs, test labs, and laboratory accreditation bodies to 
certify to the Commission that they are not owned by, controlled by, or 
subject to the direction of a prohibited entity and to report all 
equity or voting interests of 5% or greater by any entity. It also 
adopted amendments to the rules to state that the Commission will not 
recognize--and will revoke any existing recognition of--any TCB, test 
lab, or laboratory accreditation body that fails to provide, or that 
provides a false or inaccurate, certification; or that fails to 
provide, or provides false or inaccurate, information regarding equity 
or voting interests of 5% or greater. In addition, it also clarified 
that Commission rules apply equally to all TCBs, test labs, and 
laboratory accreditation bodies regardless of the existence of MRAs or 
the physical location of the relevant facility. In the EA Integrity R&O 
and FNPRM, the Commission proposed and sought comment on further 
measures to safeguard the integrity of the equipment authorization 
program. Namely, it sought comment on whether to extend the 
prohibitions to also include entities subject to the jurisdiction of a 
foreign adversary and whether to expand the group of prohibited 
entities to include several additional lists from federal agencies or 
statutes. It also sought further comment on ways the Commission can 
facilitate and encourage more equipment authorization testing to occur 
at test labs located within the United States or United States allied 
countries. Finally, it sought further comment on post-market 
surveillance procedures to ensure compliance relating to prohibitions 
on authorization of covered equipment.

Report and Order

    In the Second Report and Order, the Commission clarifies that rules 
prohibiting authorization of covered equipment include modular 
transmitters and adopts a prohibition on authorization of devices that 
include modular transmitters that are covered equipment. The Commission 
also adopts a procedure to limit previously granted authorizations of 
covered equipment to prohibit the continued importation and marketing 
of such

[[Page 53230]]

equipment. The Commission further discusses the broad scope of the 
prohibition on authorization of equipment identified on the Covered 
List by clarifying the term ``produced by'' as used in the rules 
concerning covered equipment and clarifying the prohibition on 
modification to previously authorized covered equipment.

Prohibition on Modular Transmitters on the Covered List

    In general, the Commission permits authorization of transmitters as 
standalone devices that can then be incorporated into a host device 
that may either rely on the authorization of that modular transmitter 
or require its own additional authorization. Because modular 
transmitters are not required to obtain their own authorization as 
standalone devices, they can also be incorporated as a component in a 
host device that requires its own authorization. In this Second Report 
and Order, the Commission clarifies that the existing rules prohibiting 
the authorization of covered equipment include modular transmitters. 
The Commission also now further prohibits the authorization of any 
device that includes a modular transmitter when that modular 
transmitter is itself covered equipment. Under the existing attestation 
requirement, applicants and responsible parties will be required to 
attest that the subject equipment for which authorization is sought 
does not include such modular transmitters. The Commission finds that 
these rule modifications advance both FCC national security objectives 
and the congressional directive to prevent the authorization of 
equipment that poses an unacceptable risk to national security.
    Background. In the EA Security NPRM adopted in June 2021, the 
Commission proposed to require that applicants, when seeking equipment 
authorization, ``attest that no equipment (including component part) is 
comprised of any `covered' equipment,'' as identified on the Covered 
List. Many commenters opposed including an attestation requirement that 
considered component parts. In the subsequently adopted EA Security R&O 
and FNPRM, the Commission required that each applicant attest that the 
equipment for which it seeks authorization is not covered equipment, 
but it declined at that time, based on the state of the record and the 
need for further consideration, to require that the applicant 
attestation address individual component parts contained within the 
applicant's equipment. In declining to address component parts at that 
time, the Commission noted that it was seeking further comment on 
potentially including certain component parts within the scope of 
covered equipment.
    In seeking comment, the Commission ``endeavor[ed] to ensure that 
equipment [ ] that include[s] component parts that pose an unacceptable 
risk to national security also be prohibited from authorization.'' 
Accordingly, the Commission, noting many of the concerns that 
commenters raised, sought comment on whether certain component parts, 
if included in equipment, would result in that equipment being covered 
equipment prohibited from authorization, and, if so, how the 
prohibition on the inclusion of any such component parts in equipment 
could be implemented in the Commission's equipment authorization 
program. In particular, the Commission sought comment on whether it 
should attempt to identify components based on a risk assessment (e.g., 
examining whether the equipment contains components that are produced 
by entities identified on the Covered List and that process and retain 
data, or that only process data). The Commission recognized that if it 
prohibited certain component parts, it would need to provide guidance 
on which components would be prohibited.
    The Commission focused much discussion on seeking comment on 
prohibiting authorization of equipment that incorporates as component 
parts certain types of modules produced by entities on the Covered 
List, whether authorized under the Commission's certification 
procedures or under the SDoC procedures. As explained, the Commission 
permits specific types of modules-modular transmitters-to be authorized 
as ``standalone'' equipment under existing rules (provided the 
equipment meets all applicable Commission requirements). A modular 
transmitter is a completely self-contained transmitter that only 
requires an input signal and power source to make it functional. 47 CFR 
15.212. Commission rules provide that when an authorized modular 
transmitter is incorporated as a component part into another product, 
host, or device (e.g., composite systems, personal computers), no 
further equipment authorization is required insofar as the final 
product, host, or device conforms to the terms of the module's 
authorization. Considering these existing rules, the Commission further 
noted that telecommunications or video surveillance equipment could 
contain, as component parts, one or more such modular transmitters 
produced by entities identified on the Covered List, or could be 
assembled as a composite system and contain such equipment.
    The Commission specifically asked whether applicants (under 
certification procedures) and responsible parties (under SDoC 
procedures) should be required to use the Commission's equipment 
certification procedures to obtain an equipment authorization if the 
equipment or composite system includes, as a component part, a modular 
transmitter produced by an entity identified on the Covered List. 
Further, the Commission inquired whether it should apply this equipment 
certification requirement to any equipment that incorporates, as a 
component part, a previously authorized modular transmitter produced by 
these entities (i.e., a modular transmitter authorized prior to 
adoption of the Commission's rules prohibiting authorization of covered 
equipment). It also asked about potential additional costs in time and 
money that such approaches would impose on device developers. 
Similarly, the Commission inquired whether composite systems should be 
treated in the same general manner as modular transmitters. Relatedly, 
the Commission asked whether it should deem as covered equipment (and 
thus prohibited from authorization) any equipment that includes a 
component part that could be authorized as equipment on a standalone 
basis but for the fact that the standalone equipment would be 
prohibited from authorization as covered equipment.
    Further, the Commission asked for comment on the potential impact 
that prohibiting authorization of particular component parts (those 
that would be deemed covered equipment) would have on both equipment 
security and the economy. Specifically, it sought comment and data on 
the effect of prohibiting particular component parts on the U.S. market 
(including quantity and market share of modules or other component 
parts that might be prohibited in products intended for sale in the 
U.S. market), the availability and costs of substitute modules, 
devices, and component parts from suppliers that are not identified on 
the Covered List, and the average lifespan/product cycle of affected 
final products. It also inquired about the different impacts on both 
equipment security and the economy that would be expected depending on 
the breadth of the scope of a component part(s) prohibition. In 
addition, the Commission generally sought comment on supply chain 
considerations, including whether the Commission should take into 
account

[[Page 53231]]

how any prohibition of modular transmitters, if implemented immediately 
without advance notice or opportunity for the development of 
alternative sources of equipment, could have a deleterious effect on 
the public interest.
    The Commission received many comments on potentially including as 
covered equipment certain component parts produced by entities 
identified on the Covered List. Commenters include equipment and vendor 
associations, industry associations, U.S. equipment producers, 
consultants, producers of covered equipment, small businesses, and 
think tanks.
    Discussion. Consistent with the potential approach on modules 
discussed in the EA Security R&O and FNPRM, the Commission concludes 
that any ``modular transmitter'' (as defined in 47 CFR 15.212) that is 
covered equipment is prohibited from authorization under the rules. 
Furthermore, it concludes that authorizing equipment that includes such 
a modular transmitter would effectively be authorizing the transmitter. 
As such, the Commission prohibits from authorization any modular 
transmitter that is covered equipment, and any product, host, or device 
that incorporates a modular transmitter that is covered equipment, 
regardless of any previous authorization of the modular transmitter. 
This includes any transmitter identified on the Covered List that 
otherwise could be authorized as a module or on a standalone basis 
regardless of whether it is authorized. The Commission believes this 
particular approach is necessary to ensure that modular transmitters 
that pose an unacceptable risk to national security or the safety and 
security of U.S. persons cannot be imported or marketed in the United 
States either as standalone devices or as incorporated into another 
device. And it believes that this approach ensures that it is 
addressing the national security threats that Congress intended for the 
Commission to address in the Secure Equipment Act, when Congress 
directed the Commission to not ``approve any application for equipment 
authorization for [covered] equipment.''
    Section 15.212 provides for a standalone authorization of modular 
transmitters under the Commission's certification procedures. 47 CFR 
15.212. The Commission concludes that modular transmitters, as defined 
in Sec.  15.212, constitute communications equipment insofar as they 
are used in fixed or mobile broadband networks and provide high-speed, 
switched, broadband telecommunications capability that enables users to 
originate and receive high-quality voice, data, graphics, and video 
telecommunications using any technology with connection speeds of at 
least 200 kbps in either direction. To the extent that a modular 
transmitter falls within the scope of what constitutes covered 
communications equipment under Commission rules, the modular 
transmitter is itself covered equipment and thereby prohibited from 
authorization under the rules. 47 CFR 2.903(a), 1.50001(d).
    Many modular transmitters are designed to be incorporated into 
equipment to enable that equipment to have certain critical or 
essential functionalities associated with the provision of fixed or 
mobile services. While such transmitters could be independently 
authorized, they are not required to be. Given the conclusion that 
Commission rules prohibit from authorization standalone transmitters 
that fall within the scope of what constitutes covered equipment, the 
Commission correspondingly prohibits from authorization equipment that 
includes, as a component part, a transmitter that meets the 
requirements for a modular transmitter, even if the transmitter is not 
independently authorized as a module. The Commission notes that 
cellular IoT devices would fall within the scope of modular 
transmitters under Commission rules. This approach is consistent with 
the Commission's suggested approach in the EA Security R&O and FNPRM to 
prohibit authorization of any equipment that includes a component part 
that could be authorized on a standalone basis but for the fact that 
the standalone equipment would be prohibited from authorization. 
Because this communications equipment is covered equipment, preventing 
authorization of equipment that includes this covered equipment is 
necessary and appropriate, and consistent with the Commission's 
authority under the Act, the Secure Networks Act, and the Secure 
Equipment Act to prohibit authorization of equipment that poses an 
unacceptable risk to national security, and covered equipment more 
specifically. That is, the Commission concludes that granting an 
authorization for equipment that includes a modular transmitter that is 
covered equipment would, in effect, be granting an authorization to 
equipment that, by inclusion of this covered modular transmitter, would 
pose an unacceptable risk to national security and would undermine 
Congress's goals in the Secure Equipment Act when it directed the 
Commission to cease authorizing covered equipment. The Commission 
agrees with the Heritage Foundation that such equipment can ``present[ 
] risks to national security that are equally severe as risks from 
finished products.'' Authorizing devices containing one or more covered 
modular transmitters is tantamount to authorizing the modular 
transmitter(s). It makes little sense for the Commission to prohibit 
certain modular transmitters from obtaining independent authorization, 
but to allow authorization for devices containing exactly those modular 
transmitters. In this sense, the Commission agrees with the Hudson 
Institute that continued authorization of devices that contain these 
modular transmitters ``undermine the intent of'' the Secure Networks 
Act and the Secure Equipment Act.
    The Commission therefore modifies its rules to explicitly prohibit 
authorization of any modular transmitter that is covered equipment, and 
any product, host, or device that incorporates a modular transmitter 
that is covered equipment, regardless of whether the Commission 
previously authorized that modular transmitter. Modular transmitters, 
as defined in Sec.  15.212 of the Commission's rules, that can be 
authorized under the rules as standalone devices (each consisting of a 
completely self-contained transmitter device) and incorporated into 
other devices, include ``single-modular transmitters,'' ``split-modular 
transmitters,'' and ``limited modular transmitters.'' The Commission 
also includes in its prohibition modular transmitters that operate 
pursuant to licensed radio services rules. The Commission concludes 
that this prohibition furthers the objectives of the equipment security 
rules, as well as the congressional directive to prohibit authorization 
of equipment that poses an unacceptable risk to national security. In 
adopting rules to prohibit use of modular transmitters in equipment for 
which authorization is sought, the Commission is in effect prohibiting 
composite systems that include modular transmitters that are covered 
equipment.
    The Commission rejects the contention of some commenters either 
that the Commission may not have the requisite legal authority to 
prohibit use of any component parts or that only the enumerated sources 
identified in the Secure Networks Act should make determinations on 
whether component parts constitute covered equipment. First, the only 
component parts that the Commission is prohibiting with the rules 
announced in this item are those

[[Page 53232]]

that are themselves covered equipment, which have already been 
determined to pose ``an unacceptable risk to the national security of 
the United States or the security and safety of United States 
persons.'' 47 U.S.C. 1601(b); 47 CFR 1.50002(b)(1). While the 
Commission lacks independent authority to add new equipment to the 
Covered List without the specific determination of an enumerated source 
or direction from Congress, it concludes that the Commission has the 
requisite RF equipment expertise to reach the conclusion that whatever 
unacceptable risks are posed by modular transmitters are posed 
regardless of whether those modular transmitters are initially approved 
as standalone devices or incorporated within a product, host, or 
device, as modular transmitters are generally intended to be. In 
issuing this prohibition, the Commission is not making impermissible 
national security determinations. The Commission is rather using its 
decades-long technical expertise concerning RF equipment and 
familiarity with its equipment authorization process to close a 
loophole that would undermine both the Secure Equipment Act's 
directives and Congress's and the Executive Branch's determinations as 
to national security risks.
    Second, the Secure Equipment Act directed the Commission to ``adopt 
rules in the [EA Security NPRM proceeding].'' Congress thus directed 
the Commission to adopt final rules in a proceeding which had proposed 
to require that applicants ``attest that no equipment (including 
component parts) is comprised of any `covered' equipment, as identified 
on the [Covered List].'' Had Congress (incongruously) intended for the 
Commission to not authorize certain covered equipment but to authorize 
devices containing covered equipment, Congress could have prohibited 
the Commission from addressing components parts, as proposed. Congress 
chose not to.
    Third, even in the absence of the Secure Equipment Act, the 
Commission concludes that the Commission possesses sufficient legal 
authority under the Act to implement the prohibitions contained in this 
section. As explained in the EA Security R&O and FNPRM, section 302 of 
the Act authorizes the Commission to make regulations ``consistent with 
the public interest, convenience, and necessity . . . governing the 
interference potential of [radio frequency] devices.'' This public 
interest regulatory authority implicates other statutory 
responsibilities, including the missions for which the Commission was 
created--promoting national defense and the safety of life and 
property; interests clearly furthered by prohibiting the importation 
and marketing of devices that pose ``unacceptable risks to the national 
security of the United States or the safety and security of United 
States persons.'' 47 U.S.C. 1601. Other statutory authorities confirm 
this. See, e.g., 47 U.S.C. 303(g), 303(e), 303(r), 154(i). If there was 
any doubt that the Commission possessed this pre-existing authority, 
Congress confirmed it with the Secure Equipment Act. The Secure 
Equipment Act's direction of Congress to adopt rules in the EA Security 
NPRM ratified the Commission's tentative legal conclusions and 
decisively established the Commission's legal authority to enact the 
proposals in the EA Security NPRM, one of which was to require 
attestation as to component parts.

Limitation on Existing Authorization of Covered Equipment

    The Commission sets forth a process to place limitations on 
previously granted authorizations of covered equipment to prohibit the 
continued importation and marketing of such equipment. Through this 
approach, the Commission aims to effectively address the established 
national security risks posed by previously authorized covered 
equipment while minimizing the impact on users. The goal is to mitigate 
potential national security risks associated with covered equipment 
that was authorized prior to adoption of the EA Security R&O and FNPRM 
in November 2022.
    Background. In the EA Security R&O and FNPRM, the Commission 
adopted a prohibition on the authorization, going forward, of covered 
equipment, and concluded that it has the requisite legal authority 
under the Act, confirmed by the Secure Equipment Act, to revoke 
existing authorizations, but it did not at that time revoke any 
existing authorizations. The Commission also adopted streamlined 
revocation procedures for equipment authorizations granted after 
adoption of the prohibition if the applicant included a false statement 
or representation that the equipment for which it had sought and 
obtained a grant is not ``covered'' equipment. The Commission sought 
further comment on the issues raised in the EA Security NPRM concerning 
revocation of covered equipment authorizations granted prior to the 
Commission's adoption of a prohibition on authorization of such 
equipment. It sought to expand the record that developed in response to 
the EA Security NPRM, particularly in light of the actions taken and 
guidance provided in the EA Security R&O and FNPRM, and sought comment 
on several different issues concerning revocation.
    Specifically, the Commission sought comment on the scope of 
revocation of existing authorizations the Commission should consider, 
whether there might be situations that would warrant revocation in 
certain circumstances and, if so, how the Commission should identify 
particular covered equipment for which continued authorization poses an 
unacceptable risk to national security. Further, considering the 
potential risk to national security, it asked whether the Commission 
should consider revoking all existing authorizations of covered 
equipment and, if so, how such revocations could be implemented. The 
Commission also asked to what extent revocation of any particular 
equipment should depend on establishing a reimbursement program. It 
also inquired how supply chain issues or consumer-related concerns 
should figure into the Commission's considerations, and what 
information and data might be useful to such a consideration. The 
Commission requested comment on an appropriate transition period in the 
event that the Commission were to decide to revoke any existing 
authorizations of covered equipment. In addition, the Commission sought 
comment on what process to use for revocation of existing 
authorizations, and whether it should adopt different or expedited 
procedures than provided for under Sec.  2.939 of the Commission's 
rules. Further, the Commission asked about the best enforcement 
mechanisms of any revocation, such as an enforcement policy to address 
violations related to the continued marketing, sale, or operation of 
covered equipment for which authorization was revoked. The Commission 
asked what educational and outreach efforts may be needed to inform the 
public of any revocations of covered equipment authorizations.
    The Commission also requested comment on possible alternative 
approaches to full revocation of existing authorizations. It sought 
comment on what it termed a ``partial'' revocation by which the 
continued importation and marketing of previously authorized covered 
equipment would be prohibited without impacting the continued use of 
such equipment. The Commission noted that such an approach could 
eliminate user device replacement costs while also promoting national 
security concerns related to the continued importation and marketing of 
this equipment.
    Commenters, including CTA, CTIA, TIA, Competitive Carriers 
Association, and NCTA generally oppose any

[[Page 53233]]

widespread revocation of existing authorizations of covered equipment 
that would require removal and replacement of equipment in use, while 
other commenters, including ITI, ZTE, Hikvision, and Dahua, contend 
that any revocation of existing authorizations is precluded by the 
Secure Equipment Act or otherwise would violate due process. Some 
commenters are supportive of a broad revocation of covered equipment 
authorizations. Finally, some commenters state that, apart from 
retroactive revocation of existing authorizations (including 
prohibiting continued use of equipment) or revocation of authorizations 
of specific equipment based on extraordinary circumstances, the 
Commission could consider some form of prospective approach to 
revocation of covered equipment that would prohibit the future 
marketing or sale of currently authorized covered equipment.
    Discussion. To promote the goal of mitigating the national security 
risks associated with previously authorized covered equipment in our 
nation's infrastructure and communications supply chain, the Commission 
adopts a procedure whereby the Commission can limit previously granted 
authorizations of covered equipment to prohibit the continued 
importation and marketing, without prohibiting the continued use of 
such devices. This is a simplified, prospective approach along the 
general lines of the prospective ``partial'' revocation proposal on 
which the Commission sought comment in the EA Security R&O and FNPRM 
that would not affect consumers' continued use or operation of devices 
they already possess. Absent a process by which the Commission can 
restrict the continued importation and marketing of covered equipment, 
it is concerned that already-authorized covered equipment devices would 
continue to flow into our nation and into the infrastructure and 
communications supply chain, which could contribute to further 
unacceptable risks. These devices have been determined to pose ``an 
unacceptable risk to the national security of the United States or the 
security and safety of United States persons'' alongside all other 
covered equipment. 47 U.S.C. 1601(b)(1). The Commission further 
concludes that it is insufficient to rely solely on the obsolescence of 
particular equipment models to abate the inflow of more covered 
equipment. Years-old covered devices are still widely sold in the U.S., 
suggesting obsolescence is not a quick process. Older models of covered 
equipment poses an unacceptable risk today when imported or marketed in 
the United States, not only when such equipment is new to the market. 
Waiting many years for this equipment to become obsolete would not 
address the present ``unacceptable risks. The Commission agrees with 
the Heritage Foundation that certain previously authorized devices that 
are now considered covered equipment ``likely remains marketable in the 
United States'' and ``may present continuing national security 
threats.'' Furthermore, as FDD noted, such devices, embedded within 
American communications networks, ``can still undergo firmware updates, 
conduct remote communication, and transmit data back to their 
manufacturers.''
    In the EA Security R&O and FNPRM, the Commission concluded that it 
has the requisite authority under the Act to review any existing 
authorization for covered equipment, and to determine the necessity for 
revoking such authorization, and that the Commission can undertake such 
revocation pursuant to current rules. Under its current rules in Sec.  
2.939(a), the Commission has already established procedures to revoke 
an equipment authorization because of conditions coming to the 
attention of the Commission which would warrant it in refusing to grant 
an original application. 47 CFR 2.939(a)(4). In the case of previously 
authorized covered equipment, the implementation of the Covered List 
and the resulting prohibition on authorization of equipment identified 
on the Covered List create conditions that would warrant the Commission 
in refusing to grant an original application for any covered equipment. 
47 CFR 1.50002, 2.903. The Commission does not today alter the existing 
process to revoke covered equipment, as proposed in the EA Security R&O 
and FNPRM, which in most cases involve the process generally afforded 
radio licenses. 47 CFR 2.939(b). Instead, the Commission adopts a new 
process well-tailored to address unacceptable national security risks 
without disrupting continued use or operation of devices.
    The Commission revises the rules to adopt a procedure to limit the 
scope of an existing authorization of covered equipment to prohibit 
continued importation or marketing of such equipment, without revoking 
the underlying authorization. The Commission has in various proceedings 
adopted prohibitions on the manufacture and importation of equipment 
where doing so served the public interest. Section 302 of the Act 
authorizes the Commission--consistent with the public interest, 
convenience, and necessity--to promulgate regulations applicable to the 
manufacture, import, sale, offer for sale, shipment, and use of 
radiofrequency devices and to prohibit the manufacture, import, sale, 
offer for sale, shipment, or use of such devices that fail to comply 
with those regulations. 47 U.S.C. 302a(b). Consistent with existing 
regulatory procedures to revoke an equipment authorization, the 
Commission finds, through this rulemaking proceeding, it has the 
requisite authority to evaluate, craft, and implement this process to 
limit the scope of an existing authorization of covered equipment to 
prohibit continued importation and marketing of such equipment, and to 
establish a procedure to apply this limitation as appropriate. This 
action is consistent with ``the public interest'' insofar as it 
protects American communications networks from devices specifically 
determined to ``pose an unacceptable risk to the national security of 
the United States or the security and safety of United States 
persons.'' 47 U.S.C. 1601(b).
    While commenters generally oppose widespread revocation of existing 
authorizations of covered equipment, several commenters recommend that, 
instead of widespread revocation of existing authorizations, or 
revoking particular authorizations because of ``extraordinary'' 
circumstances, the Commission should take a prospective approach to 
addressing existing authorizations along the lines suggested in the EA 
Security R&O and FNPRM, under which the Commission would only consider 
whether to prohibit in some manner the future importation and marketing 
of previously authorized covered equipment while allowing the continued 
operation of equipment already in use. This allows the Commission to 
avoid the ``[e]conomic harms associated with removing and replacing 
Covered List equipment.'' The Commission agrees, and adopts such an 
approach in this Second Report and Order--limiting equipment 
authorizations to prohibit importation and marketing, while allowing 
for continued operation of the relevant devices.
    The Commission revises Sec.  2.939 of its rules by adopting a 
mechanism to limit the continued importation and marketing of such 
previously authorized covered equipment. The Commission delegates 
authority to OET and PSHSB to apply such prohibitions pursuant to the 
framework and process described here. The Commission revises Sec. Sec.  
2.803 and 2.1204 to clarify that equipment that has been subject to 
such a

[[Page 53234]]

limitation cannot be marketed or imported.
    For such previously authorized covered equipment, OET and PSHSB 
shall provide, through public notice, a brief analysis of the relevant 
factors that would justify limitation on the authorization of 
previously authorized covered equipment prohibiting the importation and 
marketing of such. In each such public notice, OET and PSHSB will 
specify the class, type, or other description sufficient to identify 
the devices, including reference to all devices included in a specific 
Covered List entry, targeted for potential limitations on importation 
and marketing. The Commission directs OET and PSHSB to include in the 
analysis, and seek comment on, any relevant public interest factors, 
such as economic and supply chain considerations. This analysis will 
primarily rely upon the details of the relevant specific 
determination(s) used to inform a given entry on the Covered List. In 
the public interest analysis, OET and PSHSB must give particular weight 
to the fact that the relevant equipment was determined to pose ``an 
unacceptable risk to the national security of the United States or the 
safety and security of United States persons.'' 47 U.S.C. 1601(b)(1). 
After all, as the Supreme Court has noted in another context, ``[i]t is 
obvious and unarguable that no governmental interest is more compelling 
than the security of the Nation,'' and the Commission has a long 
history of relying on national security determinations to inform its 
public interest analysis. See Haig v. Agee, 453 U.S. 280, 307 (1981).
    Nonetheless, in certain instances, OET and PSHSB could conclude 
that other factors outweigh the national security risks. The most 
relevant sources of information for these other public interest factors 
are the given specific determinations, and accompanying analyses or 
rules, themselves. For example, OET and PSHSB recently sought public 
input on updating the Covered List to include certain equipment related 
to connected vehicles pursuant to a Commerce Department determination. 
In the same rule in which the Commerce Department made its specific 
determinations regarding ``unacceptable risks,'' the Commerce 
Department also delayed the effectiveness of its own restrictions, 
explaining that ``determining the scope of the prohibitions required a 
balancing of the need to address the undue or unacceptable risk posed 
by foreign adversary involvement in the connected vehicles supply chain 
with the impact on the public and industry.'' Department of Commerce, 
Bureau of Industry and Security, Securing the Information and 
Communications Technology and Services Supply Chain: Connected 
Vehicles, 90 FR 5360, 5363 (Jan. 16, 2025). While such balancing 
cannot, under the Secure Equipment Act, affect the Commission's updates 
to the Covered List and prohibition on granting new equipment 
authorizations to covered equipment, the Commission may consider such 
countervailing economic concerns when implementing the prohibitions for 
already-authorized devices outlined in this rule.
    While the specific determination must be the centerpiece of OET and 
PSHSB's analysis, they also will fully consider evidence in the 
Commission's record regarding whether to adopt a limitation on an 
existing authorization with regard to continued importation or 
marketing of the equipment. The public notice must provide an 
opportunity for public comment for a minimum of 30 days and may provide 
an opportunity for reply comments if OET and PSHSB find it warranted. 
After the end of the comment period(s), OET and PSHSB will review all 
relevant information, request additional information if needed, and 
make their determination as to whether to implement the prohibition on 
importation and marketing, describing what equipment is subject to the 
limitation, and providing the reasons for such. So as to promote 
regulatory certainty and the continued confidence of the public in the 
Commission's efforts to secure the communications equipment supply 
chain, OET and PSHSB should take reasonable steps to conclude these 
proceedings expeditiously after the end of the relevant comment period.
    The Commission directs OET and PSHSB to, as soon as practicable, 
institute proceedings to determine whether to apply these prohibitions 
to some or all of the equipment currently on the Covered List. The 
Commission also directs OET and PSHSB to, simultaneous with any future 
addition of equipment to the Covered List or as soon as practicable 
thereafter, issue a Public Notice requesting public comment on whether 
to apply these prohibitions to such equipment.
    For any devices for which an existing equipment authorization is 
limited to prohibit continued importation and marketing (which includes 
sale), the relevant responsible parties would be obligated to ensure 
compliance with such prohibition. 47 CFR 2.803(a). For equipment 
certifications, the responsible party is the party to whom the grant of 
certification is issued, also referred to as the ``grantee.'' 47 CFR 
2.909(a). As for SDoC authorizations of covered equipment, the 
responsible party could be the manufacturer, the assembler, the 
importer, retailers, original equipment manufacturers, or the party 
performing modifications to the equipment. 47 CFR 2.909(b). OET and 
PSHSB should include in the initial public notice proposed timelines by 
which the responsible parties must cease all importation and marketing 
activities and specifically seek comment on such, thereby encouraging 
dialogue not only with the responsible parties but also with the 
relevant manufacturers, importers, distributors, retailers, and other 
interested entities. Such timeline considerations should include, in 
addition to the underlying national security concerns, factors such as 
the quantity of devices that have already been imported into the U.S. 
and are available for or being held for marketing or sale, new or 
recently updated device models that are en route to the U.S. or pending 
shipment, and devices that are subject to executed distribution, 
marketing, or sales agreements but have not yet entered the supply 
chain although they are contemplated for such.
    The Commission finds that this process will help to ensure that OET 
and PSHSB are fully considering the ramifications of the implementation 
of the proposed prohibition, not only with regard to the relevant 
grantee or responsible party, but also the public at large. The 
Commission is confident that this process will thereby effectuate an 
outcome that remains consistent with the original specific 
determination regarding the equipment pursuant to the Secure Networks 
Act and the Secure Equipment Act while balancing the public interest 
factors regarding the supply chain and consumer interests. Because this 
limitation on existing authorizations would not result in the 
revocation of an existing authorization of covered equipment, the 
continued use of such equipment that is already in the hands of users 
would remain authorized. The Commission thereby eliminates several 
complexities and reduces the challenges that commenters suggested would 
arise if the only manner to prohibit the importation and marketing of 
already-authorized covered equipment was to engage in revocations that 
also prohibit the use or operation of such covered equipment.

Broad Scope of the Prohibition on Authorization of Equipment Identified 
on the Covered List

    Interpreting whether equipment is ``produced by'' a specified 
entity. To help implement the prohibition on

[[Page 53235]]

authorization of any covered equipment, applicants seeking equipment 
certification are required to make certain attestations (in the form of 
written and signed certifications) about the equipment for which they 
seek authorization--these include certifying that the equipment is not 
covered equipment and stating whether the applicant is an entity 
identified on the Covered List (either a named entity or a subsidiary 
or affiliate of the named entity). Congress, through the Secure 
Networks Act, directed the Commission to add to the Covered List 
equipment defined in 2019 NDAA Sec.  889, all of which is described as 
``produced by'' certain entities: Huawei Technology Company, ZTE 
Corporation, Hytera Communications Corporation, Hangzhou Hikvision 
Digital Technology Company, Dahua Technology Company, and their 
affiliates and subsidiaries. Accordingly, for purposes of their 
attestations, applicants necessarily must determine whether the 
equipment is ``produced by'' these entities. Similarly, to ensure that 
no covered equipment is authorized through the SDoC process, 
responsible parties that obtain authorizations under SDoC procedures 
are required to attest that the equipment is not ``produced by'' any 
entity identified on the Covered List.
    FDD notes the potential ``ambiguity surrounding the term `produced 
by' in the context of covered equipment.'' FDD expresses concern that 
the term might not include certain complex forms of foreign adversary 
control and encourages the Commission to formally adopt a broad 
definition of the term to ensure that the Commission addresses 
``instances in which covered vendors serve as original equipment 
manufacturers or design contractors for companies not listed on the 
Covered List.'' The Commission made clear in the EA Security R&O and 
FNPRM that, considering the national security concerns implicated in 
this proceeding, it was taking a ``broad and inclusive'' approach to 
interpreting the scope of what constitutes covered equipment. The 
Commission also expressed concern regarding authorization of re-branded 
or re-labeled (``white labeled'') covered equipment produced by 
entities identified on the Covered List, and it made clear that re-
branding or ``white labeling'' of any covered equipment does not change 
the status of whether the equipment is covered equipment.
    Consistent with the approach in the EA Security R&O and FNPRM, when 
carrying out their responsibilities associated with the prohibition on 
authorization of covered equipment under Sec.  2.903(a), or any of the 
required attestations related to covered equipment, applicants, 
responsible parties, and entities named in their reporting obligations 
should take a broad view of the term ``produced by.'' This is 
consistent with Congress's intent to guard against a broad array of 
equipment through 2019 NDAA Sec.  889 and the Secure Networks Act. 
Although the Commission declines to adopt a comprehensive definition of 
``produced by'' as FDD suggests, it clarifies here that in determining 
whether a device is ``produced by'' a particular entity, a broad 
interpretation likely includes substantial responsibility for or 
control over any major stage of the process by which a device comes 
into existence. Accordingly, ``produced by'' is not limited to the 
manufacture or assembly of a device. For example, a device would 
generally be considered to have been ``produced by'' Huawei if Huawei 
designed, manufactured, assembled, or developed the device. 
Furthermore, the Commission ordinarily assumes that any entity 
submitting an application for certification or serving as the 
responsible party for SDoC would be considered among those producing 
the device. It is entirely possible that a device would be understood 
as ``produced by'' more than one entity. Determining whether a device 
is produced by a particular entity could be based on multiple factors 
or the totality of circumstances, particularly when considering the 
role played by multiple entities to bring a device into existence. The 
Commission notes that this analysis would not necessarily apply to 
future listings of equipment on the Covered List. Such listings may use 
different language that indicates an intent to capture a larger or 
smaller set of communications equipment.
    Modification of equipment, including permissive changes. In the EA 
Security R&O and FNPRM, the Commission adopted revisions to Sec.  2.932 
regarding modifications to equipment (e.g., changes in the design, 
circuitry, or construction of the device) and Sec.  2.1043 concerning 
changes to certified equipment, such as ``permissive changes.'' The 
Commission noted that a modification to authorized equipment could 
result in the later identification of that equipment as covered and 
determined that it could not allow the continued authorization of 
modified equipment if, at the time of such modification, the equipment 
is covered equipment. The Commission adopted requirements, similar to 
the revised provisions of Sec.  2.911, that all applications or 
requests to modify already certified equipment include a written and 
signed certification that the equipment is not prohibited from 
receiving an equipment authorization pursuant to Sec.  2.903. 47 CFR 
2.1043(b)(2)(i)(B), (b)(3)(i)(B). It also required an affirmative or 
negative statement as to whether the applicant is identified on the 
Covered List, as well as the written and signed certifications required 
under Sec.  2.911(d)(6) regarding an agent for service of process 
within the United States. 47 CFR 2.1043(b)(2)(i)(C), (b)(3)(i)(C). The 
Commission adopted the same provisions for requests for Class II and 
III permissive changes pursuant to Sec.  2.1043. The Commission found 
these revisions sufficient to prevent modified equipment from 
maintaining authorization when such modifications occur at a time after 
which such equipment has been identified as posing a risk and thereby 
appearing on the Covered List.
    The Commission now clarifies that its intent adopting these 
provisions was to prohibit modification, including permissive changes, 
to previously authorized covered equipment or equipment that would 
become covered as a result of such modification or permissive change. 
This clarification is consistent with Congress's direction to the 
Commission in the Secure Equipment Act to ``clarify that it will no 
longer review or approve any application for equipment authorization 
for'' covered equipment. Any application for authorization of covered 
equipment is thereby prohibited under Sec.  2.903, including 
applications for permissive changes. For permissive changes that do not 
require an application and thereby are not reviewed by the Commission, 
the prohibition still applies because such changes are approved by the 
Commission if they meet the requirements of that type of change as 
provided in the rules (i.e., they are ``approved by rule''). The 
Commission further modifies the rule revisions of Sec. Sec.  2.932 and 
2.1043 adopted in the EA Security R&O and FNPRM to clarify this 
prohibition.

Benefits and Costs

    The Commission finds the targeted measures of this Second Report 
and Order will advance national security objectives in an efficient 
manner without incurring substantial costs. The measures on the 
prohibition of modular transmitters and on the broad scope of the 
prohibition on authorization of equipment produced by entities 
identified on the Covered List are clarifications of the measures from 
the EA Security R&O and FNPRM. As such,

[[Page 53236]]

these represent minimal changes that simply ensure realization of the 
original benefits and costs of the EA Security R&O and FNPRM. The 
measures on limitation of existing authorization of covered equipment 
will involve additional work in compliance from affected entities. As 
previously stated, the Commission finds that these measures are 
necessary because obsolescence is insufficient to completely address 
issues with already authorized covered equipment. However, the 
Commission does believe that obsolescence will mitigate compliance 
costs due to the relatively short equipment life cycles. By delegating 
authority to OET and PSHSB to limit the scope of the marketing and 
importation prohibition, the Commission is ensuring that any costs to 
affected entities are specific enough to meet critical national 
security needs but are still narrow. Moreover, the Commission 
emphasizes that it is currently not requiring manufacturers to replace 
equipment in the hands of consumers. In doing so, the Commission is 
tailoring its rules in such a way as to make sure that the public 
benefits outweigh any costs that the prohibition will impose.

Ordering Clauses

    Accordingly, it is ordered, pursuant to the authority found in 
sections 4(i), 301, 302, 303, 403, and 503 of the Communications Act of 
1934, as amended, 47 U.S.C. 154(i), 301, 302a, 303, 403, 503, and the 
Secure Equipment Act of 2021, Public Law 117-55, 135 Stat. 423, 47 
U.S.C. 1601 note, that this Second Report and Order is hereby adopted.
    It is further ordered that the Commission's Office of the 
Secretary, shall send a copy of this Second Report and Order, including 
the Final Regulatory Flexibility Analyses, to the Chief Counsel of the 
Small Business Administration Office of Advocacy.

List of Subjects in 47 CFR Part 2

    Administrative practice and procedures, Communications, 
Communications equipment, Reporting and recordkeeping requirements, 
Telecommunications, and Wiretapping and electronic surveillance.

Federal Communications Commission.
Marlene Dortch,
Secretary.

Final Rules

    For the reasons discussed in the preamble, the Federal 
Communications Commission amends 47 CFR part 2 as follows:

PART 2--FREQUENCY ALLOCATIONS AND RADIO TREATY MATTERS; GENERAL 
RULES AND REGULATIONS

0
1. The authority citation for part 2 continues to read as follows:

    Authority:  47 U.S.C. 154, 302a, 303, and 336 unless otherwise 
noted.


0
2. Amend Sec.  2.803 by revising the introductory text of paragraph (b) 
to read as follows:


Sec.  2.803  Marketing of radio frequency devices prior to equipment 
authorization.

* * * * *
    (b) General rule. No person may market a radio frequency device 
unless the radio frequency device is authorized pursuant to a valid FCC 
equipment authorization that has not been limited through the 
procedures described in Sec.  2.939(e) of this chapter, and:
* * * * *


0
3. Amend Sec.  2.903 by:
0
a. Revising paragraph (a);
0
b. Redesignating paragraphs (b) through (d) as paragraphs (d) through 
(f); and
0
c. Adding new paragraphs (b) and (c).
    The revisions and additions read as follows:


Sec.  2.903  Prohibition on authorization of equipment on the Covered 
List.

    (a) All equipment on the Covered List, as established pursuant to 
Sec.  1.50002 of this chapter, is prohibited from obtaining an 
equipment authorization under this subpart. This includes equipment 
that:
    (1) Has been certified as a modular transmitter; or
    (2) Meets the modular transmitter requirements of Sec.  15.212 of 
this chapter and could be certified as a modular transmitter.
    (b) All equipment that incorporates equipment meeting the 
descriptions in paragraph (a)(1) or (2) of this section is prohibited 
from obtaining an equipment authorization under this subpart.
    (c) The prohibitions in paragraphs (a) and (b) of this section 
apply to:
    (1) Equipment that would otherwise be subject to certification 
procedures;
    (2) Equipment that would otherwise be subject to Supplier's 
Declaration of Conformity procedures; and
    (3) Equipment that would otherwise be exempt from equipment 
authorization.
* * * * *


0
4. Amend Sec.  2.932 by revising paragraphs (b) and (c) to read as 
follows:


Sec.  2.932  Modification of equipment.

* * * * *
    (b) Except for equipment prohibited from authorization pursuant to 
Sec.  2.903, permissive changes may be made in certificated equipment, 
and equipment that was authorized under the former type acceptance 
procedure, pursuant to Sec.  2.1043.
    (c) Permissive changes may be made in equipment that was authorized 
under the former notification procedures unless such equipment meets 
one of the criteria in paragraphs (c)(1) or (2) of this section. The 
grantee must submit information documenting continued compliance with 
the pertinent requirements upon request.
    (1) The equipment is currently subject to authorization under the 
certification procedure; or
    (2) The equipment is prohibited from authorization pursuant to 
Sec.  2.903.
* * * * *


0
5. Amend Sec.  2.933 by revising paragraph (b)(5) to read as follows:


Sec.  2.933  Change in identification of equipment.

* * * * *
    (b) * * *
    (5) The photographs required by Sec.  2.1033(b)(10) or (c)(14) 
showing the exterior appearance of the equipment, including the 
operating controls available to the user and the identification label. 
Photographs of the construction, the component placement on the 
chassis, and the chassis assembly are not required to be submitted 
unless specifically requested.
* * * * *


0
6. Amend Sec.  2.939 by:
0
a. Revising the section heading;
0
b. Revising the introductory text of paragraph (a); and
0
c. Adding paragraph (e).
    The revisions and additions read as follows:


Sec.  2.939  Revocation, withdrawal, or limitation of equipment 
authorization.

    (a) The Commission may revoke, or place limitations pursuant to 
paragraph (e) of this section on, any equipment authorization:
* * * * *
    (e) The Office of Engineering and Technology (OET) and the Public 
Safety and Homeland Security Bureau (PSHSB) may place limitations on an 
existing authorization for covered equipment authorizations to prohibit 
continued importation or marketing, pursuant to the following 
procedures:
    (1) OET and PSHSB will issue a public notice announcing the intent 
to limit the scope of equipment authorizations to prohibit the further 
importation or marketing of specified devices identified by class, 
type, or other description sufficient to identify the devices.

[[Page 53237]]

    (2) The public notice will include an assessment of the impact of 
the proposed prohibition with consideration of public interest factors, 
including: the unacceptable risks the equipment was found to pose, the 
economic and supply chain impacts, and any other criteria as specified 
by the Commission. The public notice should give particular weight to 
the specific determination(s), and any accompanying rules or analyses, 
through which the relevant equipment was added to the Covered List.
    (3) The public notice will provide for a public comment period of 
no less than 30 days.
    (4) OET and PSHSB will review the submissions, may request 
additional information as may be appropriate, and must make their 
determination as to whether to place limitations on the existing 
authorization to prohibit the further importation or marketing of the 
relevant devices, providing the reasons for such decision.


0
7. Amend Sec.  2.1043 by revising the introductory text of paragraph 
(b) to read as follows:


Sec.  2.1043  Changes in certificated equipment.

* * * * *
    (b) Except for equipment prohibited from authorization pursuant to 
Sec.  2.903, three classes of permissive change may be made in 
certificated equipment without requiring a new application for and 
grant of certification. Any of these classes of changes must not result 
in a change in identification.
* * * * *


0
8. Amend Sec.  2.1204 by revising paragraph (a)(1) to read as follows:


Sec.  2.1204  Import conditions.

* * * * *
    (a) * * *
    (1) The radio frequency device is authorized pursuant to a valid 
FCC equipment authorization that has not been limited through the 
procedures described in Sec.  2.939(e).
* * * * *
[FR Doc. 2025-21001 Filed 11-24-25; 8:45 am]
BILLING CODE 6712-01-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>
View on FederalRegister.gov →Plain-text source
Indexed from Federal Register on November 25, 2025.

This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.