On October 29, 2025, the Federal Communications Commission (“FCC”) released its Second Report and Order (the “R&O”) and Second Further Notice of Proposed Rulemaking (“FNPRM”) concerning changes to its equipment authorization rules.  The R&O and FNPRM continue the FCC’s ongoing efforts to update the agency’s equipment authorization rules to “protect the security of America’s communication networks.”  Below, we summarize a few key takeaways of the R&O and FNPRM.

R&O Key Takeaways

• Modular Transmitters: The FCC clarified that its prohibition on authorizing “covered equipment” (i.e., equipment manufactured by an entity on the FCC’s “Covered List”) applies to “modular transmitters,” which are self-contained radiofrequency transmitters typically embedded in other devices.  The FCC explained that “authorizing equipment that includes such a modular transmitter would effectively be authorizing the transmitter.”  Thus, the FCC’s rules will now prohibit authorization of any modular transmitter that is “covered equipment,” regardless of any prior authorizations of the transmitter.

• Restrictions on Previously Authorized Equipment:  The FCC adopted a procedure that delegates authority to the Office of Engineering and Technology (“OET”) and the Public Safety and Homeland Security Bureau (“PSHSB”) to place limitations on previously granted authorizations of covered equipment.  OET and PSHSB, among other things, are authorized to issue a public notice detailing their intent to prohibit the continued marketing of certain covered equipment.  However, the FCC clarified that this procedure, when undertaken, will not revoke the underlying authorizations.

• Clarification of “Produced By” and Modification Rules:  The FCC clarified that determining whether a device is “produced by” a particular entity should be interpreted broadly to include entities with “substantial responsibility for or control over any major stage of the process by which a device comes into existence.”  In addition, the R&O makes clear that modifications, including “permissive changes,” cannot be used to modify authorized equipment that would become covered equipment as a result of the change.

FNPRM Key Takeaways

• Definition of “Critical Infrastructure:”  The FCC sought comment on revising the definition of “critical infrastructure” given a D.C. Circuit’s recent opinion finding that the definition was “unjustifiably broad.”  The FNPRM proposes defining “critical infrastructure” as “[s]ystems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems would have a debilitating impact on security, national economic security, national public health or safety, or a combination of those matters.”  The FCC sought comment on this proposed definition.

• Equipment Modifications by a Covered Entity:  The FCC proposed requiring the submission of a certification for any equipment for which an entity identified on the Covered List seeks modification or a permissive change.  The FCC sought comment on this proposal, including the process the FCC should consider implementing to facilitate this requirement and the potential supply chain impacts such a process may create.

• Review of Marketing-Related Prohibitions:  The FCC sought input on measures to improve enforcement against the unauthorized marketing of equipment subject to the agency’s authorization rules.  This includes clarifying what activities constitute “marketing” and the entity that is responsible for complying with the relevant rules.  The FCC also sought comment on additional measures that it could adopt to “safeguard consumers and communications networks from the risks posed by covered equipment.”

Interested parties may submit comments in response to the FNPRM within 30 days of it being published in the Federal Register.