Protecting Against National Security Threats to the Communications Supply Chain Through the Equipment Authorization Program

FEDERAL COMMUNICATIONS COMMISSION <CFR>47 CFR Part 2</CFR> <DEPDOC>[ET Docket No. 21-232; FCC 25-71; FR ID 318981]</DEPDOC> <SUBJECT>Protecting Against National Security Threats to the Communications Supply Chain Through the Equipment Authorization Program</SUBJECT> <HD SOURCE="HED">AGENCY:</HD> Federal Communications Commission. <HD SOURCE="HED">ACTION:</HD> Proposed rule. <SUM> <HD SOURCE="HED">SUMMARY:</HD> In this document, the Federal Communications Commission (Commission or FCC) aims to further its actions in strengthening prohibitions on authorization of covered equipment and to clarify the rules and enforcement of such. The Commission seeks additional comment on modular transmitters and component parts in relation to covered equipment. The Commission addresses the partial court remand of the decision in its November 2022 EA Security R&O by proposing a definition of “critical infrastructure” as used on the Covered List and seeking comment on the implementation of that definition. The Commission also seeks comment on whether any modification to an authorized device by an entity identified on the Covered List should require a new application for certification. Finally, the Commission seeks comment on clarifying the scope of activities that constitute marketing of equipment and on measures to strengthen enforcement of marketing prohibitions. </SUM> <EFFDATE> <HD SOURCE="HED">DATES:</HD> Comments are due on or before January 5, 2026 and reply comments are due on or before February 2, 2026. </EFFDATE> <HD SOURCE="HED">ADDRESSES:</HD> You may submit comments, identified by ET Docket No. 21-232, by any of the following methods: • <E T="03">Electronic Filers:</E> Comments may be filed electronically using the internet by accessing the ECFS: <E T="03">https://www.fcc.gov/ecfs.</E> • <E T="03">Paper Filers:</E> Parties who choose to file by paper must file an original and one copy of each filing. • Filings can be sent by hand or messenger delivery, by commercial courier, or by the U.S. Postal Service. <E T="03">All filings must be addressed to the Secretary, Federal Communications Commission.</E> • Hand-delivered or messenger-delivered paper filings for the Commission's Secretary are accepted between 8:00 a.m. and 4:00 p.m. by the FCC's mailing contractor at 9050 Junction Drive, Annapolis Junction, MD 20701. All hand deliveries must be held together with rubber bands or fasteners. Any envelopes and boxes must be disposed of before entering the building. • Commercial courier deliveries (any deliveries not by the U.S. Postal Service) must be sent to 9050 Junction Drive, Annapolis Junction, MD 20701. • Filings sent by U.S. Postal Service First-Class Mail, Priority Mail, and Priority Mail Express must be sent to 45 L Street NE, Washington, DC 20554. • <E T="03">People with Disabilities:</E> To request materials in accessible formats for people with disabilities (braille, large print, electronic files, audio format), send an email to <E T="03">fcc504@fcc.gov</E> or call the Consumer & Governmental Affairs Bureau at 202-418-0530. <FURINF> <HD SOURCE="HED">FOR FURTHER INFORMATION CONTACT:</HD> Jamie Coleman of the Office of Engineering and Technology, at <E T="03">Jamie.Coleman@fcc.gov</E> or 202-418-2705. </FURINF> <SUPLINF> <HD SOURCE="HED">SUPPLEMENTARY INFORMATION:</HD> This is a summary of the Commission's Second Further Notice of Proposed Rulemaking ( <E T="03">Second FNPRM</E> ), in ET Docket No. 21-232, FCC 25-71, adopted on October 28, 2025, and released on October 29, 2025. The full text of this document is available for public inspection and can be downloaded at <E T="03">https://docs.fcc.gov/public/attachments/FCC-25-71A1.pdf.</E> Alternative formats are available for people with disabilities (Braille, large print, electronic files, audio format) by sending an email to <E T="03">fcc504@fcc.gov</E> or calling the Commission's Consumer and Governmental Affairs Bureau at (202) 418-0530 (voice), (202) 418-0432 (TTY). <E T="03">Regulatory Flexibility Act.</E> The Regulatory Flexibility Act of 1980, as amended (RFA), requires that an agency prepare a regulatory flexibility analysis for notice-and-comment rulemaking, unless the agency certifies that “the rule will not, if promulgated, have a significant economic impact on a substantial number of small entities.” Accordingly, the Commission has prepared an Initial Regulatory Flexibility Analysis (IRFA) concerning the possible impact of the rule and policy changes contained in the <E T="03">Second FNPRM</E> on small entities. The IRFA is set forth in Appendix D of the Report and Order and Further Notice of Proposed Rulemaking. <E T="03">Paperwork Reduction Act.</E> This document contains proposed new or modified information collection requirements subject to the Paperwork Reduction Act of 1995 (PRA), Public Law 104-13. The Commission, as part of its continuing effort to reduce paperwork burdens, will be inviting the general public and the Office of Management and Budget (OMB) to comment on any information collection requirements contained in this document. In addition, pursuant to the Small Business Paperwork Relief Act of 2002, Public Law 107-198, see 44 U.S.C. 3506(c)(4), the Commission will seek specific comment on how we might “further reduce the information collection burden for small business concerns with fewer than 25 employees.” <E T="03">Providing Accountability Through Transparency Act.</E> Consistent with the Providing Accountability Through Transparency Act, Public Law 118-9, a summary of the <E T="03">NPRM</E> will be available on <E T="03">https://www.fcc.gov/proposed-rulemakings.</E> <HD SOURCE="HD1">Synopsis</HD> <HD SOURCE="HD1">Introduction</HD> In November 2022, as part of the Commission's ongoing efforts to protect the security of America's communications networks and equipment supply chains, the Commission adopted the Equipment Authorization Security Report and Order, Order, and Further Notice of Proposed Rulemaking, ET Docket No. 21-232 and EA Docket 21-233 (2022) (EA Security R&O and FNPRM). In that item, the Commission adopted rules as part of its equipment authorization program to prohibit authorization of communications equipment that has been determined to “pose an unacceptable risk to the national security of the United States or the security and safety of United States persons” (covered equipment), which the Commission publishes in its Covered List. The rules constituted significant changes to the prior equipment authorization program. The Commission recognized that these revisions were only first steps and that further revisions should be considered to better ensure effective implementation of this prohibition. In the FNPRM portion of the item, the Commission sought comment on taking additional steps in the equipment authorization program to protect our nation's communications networks and supply chains. Building on the record received, Commission experience implementing the prohibition, and other recent Commission actions aimed at protecting our nation's communications networks and supply chain, the Commission adopted a Second Report and Order (Second R&O) and this Second Further Notice of Proposed Rulemaking ( <E T="03">Second FNPRM</E> ) to take important next steps in modifying the equipment authorization program. <HD SOURCE="HD1">Background</HD> Enacted in March 2020, the Secure Networks Act requires the Commission to publish a list of equipment and services that pose “an unacceptable risk to the national security of the United States or the security and safety of United States persons” based solely on specific determinations made by certain enumerated sources (Covered List). In June 2021, the Commission initiated this proceeding in Protecting Against National Security Threats to the Communications Supply Chain through the Equipment Authorization Program; Protecting Against National Security Threats to the Communications Supply Chain through the Equipment Authorization Program, ET Docket No. 21-232 & EA Docket No. 21-233, Notice of Proposed Rulemaking and Notice of Inquiry (2021) (EA Security NPRM). The Commission noted that this proceeding—which involves revising the Commission's equipment authorization program—is part of the Commission's overall efforts in carrying out its important role in protecting the security of America's equipment supply chains, and also is part of the ongoing efforts of Congress, the Executive Branch, and the Commission to identify and eliminate potential security vulnerabilities in communications networks and supply chains. In the EA Security R&O and FNPRM, the Commission established several new rules to prohibit authorization of equipment identified on the Commission's Covered List developed pursuant to the Secure Networks Act. In particular, the Commission adopted several revisions to its part 2 rules concerning equipment authorization requirements, processes, and guidance that involve significant changes to the equipment authorization program. These changes include new requirements placed on applicants seeking equipment authorizations as well as “responsible parties” associated with equipment authorizations and entities that are identified on the Covered List. These rules also place significant new responsibilities on telecommunication certification bodies (TCBs), private third-party organizations recognized by the Commission and to which the Commission has delegated particular responsibilities pursuant to section 302 of the Communications Act. TCBs are now tasked with reviewing equipment authorization applications and certifying that the subject equipment complies with all applicable Commission requirements, both technical (such as based on information submitted by test labs) and non-technical (such as those prohibiting authorization of covered equipment) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Preview showing 10k of 67k characters. Full document text is stored and available for version comparison. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━