[Federal Register Volume 90, Number 225 (Tuesday, November 25, 2025)] [Rules and Regulations] [Pages 53227-53237] From the Federal Register Online via the Government Publishing Office [www.gpo.gov] [FR Doc No: 2025-21001] ======================================================================= ----------------------------------------------------------------------- FEDERAL COMMUNICATIONS COMMISSION 47 CFR Part 2 [ET Docket No. 21-232; FCC 25-71; FR ID 318540] Protecting Against National Security Threats to the Communications Supply Chain Through the Equipment Authorization Program AGENCY: Federal Communications Commission. ACTION: Final rule. ----------------------------------------------------------------------- SUMMARY: In this document, the Federal Communications Commission (Commission or FCC) clarifies that rules prohibiting authorization of covered equipment include modular transmitters and adopts a prohibition on authorization of devices that include modular transmitters that are covered equipment. The Commission also adopts a procedure to limit previously granted authorizations of covered equipment to prohibit the continued importation and marketing of such equipment. It further discusses the broad scope of the prohibition on authorization of equipment identified on the Covered List by clarifying the term ``produced by'' as used in the Commission's rules concerning covered equipment and clarifying the prohibition on modification to previously authorized covered equipment. DATES: Effective December 26, 2025. FOR FURTHER INFORMATION CONTACT: Jamie Coleman of the Office of Engineering and Technology, at [email protected] or 202-418-2705. SUPPLEMENTARY INFORMATION: This is a summary of the Commission's Second Report and Order, in ET Docket No. 21-232, FCC 25-71, adopted on October 28, 2025, and released on October 29, 2025. The full text of this document is available for public inspection and can be downloaded at https://docs.fcc.gov/public/attachments/FCC-25-71A1.pdf. Alternative formats are available for people with disabilities (Braille, large [[Page 53228]] print, electronic files, audio format) by sending an email to [email protected] or calling the Commission's Consumer and Governmental Affairs Bureau at (202) 418-0530 (voice), (202) 418-0432 (TTY). Regulatory Flexibility Act. The Regulatory Flexibility Act of 1980, as amended (RFA), requires that an agency prepare a regulatory flexibility analysis for notice-and-comment rulemaking, unless the agency certifies that ``the rule will not, if promulgated, have a significant economic impact on a substantial number of small entities.'' Accordingly, the Commission has prepared a Final Regulatory Flexibility Analysis (FRFA) concerning the possible impact of the rule and policy changes contained in the Second Report and Order on small entities. The FRFA is set forth in Appendix C of the Second Report and Order. Paperwork Reduction Act. This document contains proposed new or modified information collection requirements subject to the Paperwork Reduction Act of 1995 (PRA), Public Law 104-13. The Commission, as part of its continuing effort to reduce paperwork burdens, will be inviting the general public and the Office of Management and Budget (OMB) to comment on any information collection requirements contained in this document. In addition, pursuant to the Small Business Paperwork Relief Act of 2002, Public Law 107-198, see 44 U.S.C. 3506(c)(4), the Commission will seek specific comment on how it might ``further reduce the information collection burden for small business concerns with fewer than 25 employees.'' Congressional Review Act. The Commission has determined, and the Administrator of the Office of Information and Regulatory Affairs, Office of Management and Budget, concurs, that this rule is ``non- major'' under the Congressional Review Act, 5 U.S.C. 804(2). The Commission will send a copy of the Second Report and Order and Further Notice of Proposed Rulemaking to Congress and the Government Accountability Office pursuant to 5 U.S.C. 801(a)(1)(A). Synopsis In November 2022, as part of the Commission's ongoing efforts to protect the security of America's communications networks and equipment supply chains, the Commission adopted the Equipment Authorization Security Report and Order, Order, and Further Notice of Proposed Rulemaking, ET Docket No. 21-232 and EA Docket 21-233 (EA Security R&O and FNPRM). In that item, the Commission adopted rules as part of its equipment authorization program to prohibit authorization of communications equipment that has been determined to ``pose an unacceptable risk to the national security of the United States or the security and safety of United States persons'' (covered equipment), which the Commission publishes in its Covered List. The rules constituted significant changes to the prior equipment authorization program. The Commission recognized that these revisions were only first steps and that further revisions should be considered to better ensure effective implementation of this prohibition. In the FNPRM portion of the item, the Commission sought comment on taking additional steps in the equipment authorization program to protect our nation's communications networks and supply chains. Building on the record received, Commission experience implementing the prohibition, and other recent Commission actions aimed at protecting our nation's communications networks and supply chain, the Commission adopted this Second Report and Order to take important next steps in modifying the equipment authorization program. Background Enacted in March 2020, the Secure Networks Act requires the Commission to publish a list of equipment and services that pose ``an unacceptable risk to the national security of the United States or the security and safety of United States persons'' based solely on specific determinations made by certain enumerated sources (Covered List). In June 2021, the Commission initiated this proceeding in Protecting Against National Security Threats to the Communications Supply Chain through the Equipment Authorization Program; Protecting Against National Security Threats to the Communications Supply Chain through the Equipment Authorization Program, ET Docket No. 21-232 & EA Docket No. 21-233, Notice of Proposed Rulemaking and Notice of Inquiry (2021) (EA Security NPRM). The Commission noted that this proceeding--which involves revising the Commission's equipment authorization program--is part of the Commission's overall efforts in carrying out its important role in protecting the security of America's equipment supply chains, and also is part of the ongoing efforts of Congress, the Executive Branch, and the Commission to identify and eliminate potential security vulnerabilities in communications networks and supply chains. In the EA Security R&O and FNPRM, the Commission established several new rules to prohibit authorization of equipment identified on the Commission's Covered List developed pursuant to the Secure Networks Act. In particular, the Commission adopted several revisions to its part 2 rules concerning equipment authorization requirements, processes, and guidance that involve significant changes to the equipment authorization program. These changes include new requirements placed on applicants seeking equipment authorizations as well as ``responsible parties'' associated with equipment authorizations and entities that are identified on the Covered List. These rules also place significant new responsibilities on telecommunication certification bodies (TCBs), private third-party organizations recognized by the Commission and to which the Commission has delegated particular responsibilities pursuant to section 302 of the Communications Act. TCBs are now tasked with reviewing equipment authorization applications and certifying that the subject equipment complies with all applicable Commission requirements, both technical (such as based on information submitted by test labs) and non-technical (such as those prohibiting authorization of covered equipment). These rules require that, going forward, no communications equipment produced by entities identified on the Covered List can obtain an equipment authorization unless the authorization is pursuant to the certification process, which would require filing an application with supporting data that TCBs review. Commission rules no longer permit authorization of any such equipment through the Supplier's Declaration of Conformity (SDoC) procedures, which does not require an application filing, nor can such equipment now qualify for any exemption from the need for an equipment authorization. To help implement the prohibition on authorization of any covered equipment, applicants seeking such authorization are required to make certain attestations (in the form of certifications) about the equipment for which they seek authorization-these include attesting that the equipment is not covered and indicating whether the applicant is an entity identified on the Covered List. To further help with implementation of the prohibition, the Commission adopted a requirement that each of the entities named on the Covered List file a report with the Commission identifying its [[Page 53229]] associated but unnamed entities (e.g., its subsidiaries and affiliates). TCBs, pursuant to their responsibilities as part of the Commission's equipment authorization program, review the applications and must ensure that only devices that meet all of the Commission's applicable technical and non-technical requirements are ultimately granted authorization, and that none of these grants are for covered equipment. To help TCBs perform their responsibilities, and to provide guidance to TCBs, applicants, and other interested parties, the Commission provides guidance on what constitutes covered equipment, with delegated authority to the Office of Engineering and Technology (OET) and the Public Safety and Homeland Security Bureau (PSHSB) to update that guidance as appropriate. The Commission has also adopted streamlined revocation procedures for authorizations of equipment in cases in which an applicant submitted false statements or representations in the newly required attestations relating to the equipment for which they had sought authorization. In adopting the EA Security R&O and FNPRM, the Commission decided not to require, at that time, that the applicant make attestations that address individual component parts contained within the applicant's equipment and it did not revoke previously granted authorizations of covered equipment. The Commission determined that both of these matters, along with several other issues, would receive further consideration. The Commission sought comment on whether the presence of certain component parts would result in the device being covered equipment prohibited from authorization and, if so, how the prohibition should be implemented in the Commission's equipment authorization program. It also sought comment on the role that applicants and responsible parties would play were the Commission to prohibit authorization of devices that include certain component parts. In addition, it sought comment on the extent to which the Commission should revoke any previous authorizations of covered equipment and, if so, based on which considerations and procedures, and the scope such revocations should take, as well as the extent to which it should take into account supply chain considerations. It also sought comment on whether to require all applicants seeking equipment certification to have a U.S.-based responsible party to help ensure compliance with the Commission's equipment authorization program rules. Finally, the Commission sought comment on various other issues concerning implementation of the prohibition on authorization of covered equipment, such as applicants' provision of additional information on equipment; additional activities that TCBs should conduct in light of the goals of this proceeding; the review of authorizations after grant by TCBs through post-market surveillance; and enforcement of the Commission's newly-adopted rules. Recent developments concerning the equipment authorization program. In 2023, Hikvision USA, Inc. and Dahua Technology USA, Inc. petitioned the U.S. Court of Appeals for the District of Columbia Circuit to review aspects of the Commission's EA Security R&O and FNPRM that affected them. Hikvision USA, Inc. v. Federal Communications Commission, 97 F.4th 938 (D.C. Cir. 2024). On April 2, 2024, the court issued a partial remand concerning one part of the Commission's decision. Specifically, the court vacated those portions of the Commission's decision defining ``critical infrastructure'' for purposes of understanding when video surveillance and telecommunications equipment produced by Hytera Communications Corporation (Hytera), Hangzhou Hikvision Digital Technology Company (Hikvision), and Dahua Technology Company (Dahua) (or their respective subsidiaries and affiliates) is used ``for the purpose of . . . physical security surveillance of critical infrastructure,'' statutory language drawn from Congress's proscription regarding such equipment as set forth in section 889(f)(3) of the National Defense Authorization Act of 2019 (NDAA). The court found that the Commission's definition of ``critical infrastructure'' was ``unjustifiably broad,'' and remanded those portions of the Equipment Authorization Security R&O to the Commission to ``comport its definition and justification for it'' with the NDAA statutory provision. In May 2025, the Commission adopted Promoting the Integrity and Security of Telecommunications Certification Bodies, Measurement Facilities, and the Equipment Authorization Program, ET Docket No. 24- 136 (2025) (EA Integrity R&O and FNPRM), in which it took steps, and proposed further steps, to promote the integrity and security of TCBs, measurement facilities (test labs), and laboratory accreditation bodies, which play an integral role in the Commission's equipment authorization program. Specifically, it adopted a prohibition on FCC recognition of any TCB, test lab, or laboratory accreditation body owned by, controlled by, or subject to the direction of a prohibited entity (as defined by the EA Integrity R&O and FNPRM). These entities are barred from participating in the Commission's equipment authorization program, including both the equipment certification process and SDoC process. To help ensure that the Commission has the necessary information to enforce this prohibition, the Commission expanded its reporting and certification requirements for all recognized TCBs, test labs, and laboratory accreditation bodies to certify to the Commission that they are not owned by, controlled by, or subject to the direction of a prohibited entity and to report all equity or voting interests of 5% or greater by any entity. It also adopted amendments to the rules to state that the Commission will not recognize--and will revoke any existing recognition of--any TCB, test lab, or laboratory accreditation body that fails to provide, or that provides a false or inaccurate, certification; or that fails to provide, or provides false or inaccurate, information regarding equity or voting interests of 5% or greater. In addition, it also clarified that Commission rules apply equally to all TCBs, test labs, and laboratory accreditation bodies regardless of the existence of MRAs or the physical location of the relevant facility. In the EA Integrity R&O and FNPRM, the Commission proposed and sought comment on further measures to safeguard the integrity of the equipment authorization program. Namely, it sought comment on whether to extend the prohibitions to also include entities subject to the jurisdiction of a foreign adversary and whether to expand the group of prohibited entities to include several additional lists from federal agencies or statutes. It also sought further comment on ways the Commission can facilitate and encourage more equipment authorization testing to occur at test labs located within the United States or United States allied countries. Finally, it sought further comment on post-market surveillance procedures to ensure compliance relating to prohibitions on authorization of covered equipment. Report and Order In the Second Report and Order, the Commission clarifies that rules prohibiting authorization of covered equipment include modular transmitters and adopts a prohibition on authorization of devices that include modular transmitters that are covered equipment. The Commission also adopts a procedure to limit previously granted authorizations of covered equipment to prohibit the continued importation and marketing of such [[Page 53230]] equipment. The Commission further discusses the broad scope of the prohibition on authorization of equipment identified on the Covered List by clarifying the term ``produced by'' as used in the rules concerning covered equipment and clarifying the prohibition on modification to previously authorized covered equipment. Prohibition on Modular Transmitters on the Covered List In general, the Commission permits authorization of transmitters as standalone devices that can then be incorporated into a host device that may either rely on the authorization of that modular transmitter or require its own additional authorization. Because modular transmitters are not required to obtain their own authorization as standalone devices, they can also be incorporated as a component in a host device that requires its own authorization. In this Second Report and Order, the Commission clarifies that the existing rules prohibiting the authorization of covered equipment include modular transmitters. The Commission also now further prohibits the authorization of any device that includes a modular transmitter when that modular transmitter is itself covered equipment. Under the existing attestation requirement, applicants and responsible parties will be required to attest that the subject equipment for which authorization is sought does not include such modular transmitters. The Commission finds that these rule modifications advance both FCC national security objectives and the congressional directive to prevent the authorization of equipment that poses an unacceptable risk to national security. Background. In the EA Security NPRM adopted in June 2021, the Commission proposed to require that applicants, when seeking equipment authorization, ``attest that no equipment (including component part) is comprised of any `covered' equipment,'' as identified on the Covered List. Many commenters opposed including an attestation requirement that considered component parts. In the subsequently adopted EA Security R&O and FNPRM, the Commission required that each applicant attest that the equipment for which it seeks authorization is not covered equipment, but it declined at that time, based on the state of the record and the need for further consideration, to require that the applicant attestation address individual component parts contained within the applicant's equipment. In declining to address component parts at that time, the Commission noted that it was seeking further comment on potentially including certain component parts within the scope of covered equipment. In seeking comment, the Commission ``endeavor[ed] to ensure that equipment [ ] that include[s] component parts that pose an unacceptable risk to national security also be prohibited from authorization.'' Accordingly, the Commission, noting many of the concerns that commenters raised, sought comment on whether certain component parts, if included in equipment, would result in that equipment being covered equipment prohibited from authorization, and, if so, how the prohibition on the inclusion of any such component parts in equipment could be implemented in the Commission's equipment authorization program. In particular, the Commission sought comment on whether it should attempt to identify components based on a risk assessment (e.g., examining whether the equipment contains components that are produced by entities identified on the Covered List and that process and retain data, or that only process data). The Commission recognized that if it prohibited certain component parts, it would need to provide guidance on which components would be prohibited. The Commission focused much discussion on seeking comment on prohibiting authorization of equipment that incorporates as component parts certain types of modules produced by entities on the Covered List, whether authorized under the Commission's certification procedures or under the SDoC procedures. As explained, the Commission permits specific types of modules-modular transmitters-to be authorized as ``standalone'' equipment under existing rules (provided the equipment meets all applicable Commission requirements). A modular transmitter is a completely self-contained transmitter that only requires an input signal and power source to make it functional. 47 CFR 15.212. Commission rules provide that when an authorized modular transmitter is incorporated as a component part into another product, host, or device (e.g., composite systems, personal computers), no further equipment authorization is required insofar as the final product, host, or device conforms to the terms of the module's authorization. Considering these existing rules, the Commission further noted that telecommunications or video surveillance equipment could contain, as component parts, one or more such modular transmitters produced by entities identified on the Covered List, or could be assembled as a composite system and contain such equipment. The Commission specifically asked whether applicants (under certification procedures) and responsible parties (under SDoC procedures) should be required to use the Commission's equipment certification procedures to obtain an equipment authorization if the equipment or composite system includes, as a component part, a modular transmitter produced by an entity identified on the Covered List. Further, the Commission inquired whether it should apply this equipment certification requirement to any equipment that incorporates, as a component part, a previously authorized modular transmitter produced by these entities (i.e., a modular transmitter authorized prior to adoption of the Commission's rules prohibiting authorization of covered equipment). It also asked about potential additional costs in time and money that such approaches would impose on device developers. Similarly, the Commission inquired whether composite systems should be treated in the same general manner as modular transmitters. Relatedly, the Commission asked whether it should deem as covered equipment (and thus prohibited from authorization) any equipment that includes a component part that could be authorized as equipment on a standalone basis but for the fact that the standalone equipment would be prohibited from authorization as covered equipment. Further, the Commission asked for comment on the potential impact that prohibiting authorization of particular component parts (those that would be deemed covered equipment) would have on both equipment security and the economy. Specifically, it sought comment and data on the effect of prohibiting particular component parts on the U.S. market (including quantity and market share of modules or other component parts that might be prohibited in products intended for sale in the U.S. market), the availability and costs of substitute modules, devices, and component parts from suppliers that are not identified on the Covered List, and the average lifespan/product cycle of affected final products. It also inquired about the different impacts on both equipment security and the economy that would be expected depending on the breadth of the scope of a component part(s) prohibition. In addition, the Commission generally sought comment on supply chain considerations, including whether the Commission should take into account [[Page 53231]] how any prohibition of modular transmitters, if implemented immediately without advance notice or opportunity for the development of alternative sources of equipment, could have a deleterious effect on the public interest. The Commission received many comments on potentially including as covered equipment certain component parts produced by entities identified on the Covered List. Commenters include equipment and vendor associations, industry associations, U.S. equipment producers, consultants, producers of covered equipment, small businesses, and think tanks. Discussion. Consistent with the potential approach on modules discussed in the EA Security R&O and FNPRM, the Commission concludes that any ``modular transmitter'' (as defined in 47 CFR 15.212) that is covered equipment is prohibited from authorization under the rules. Furthermore, it concludes that authorizing equipment that includes such a modular transmitter would effectively be authorizing the transmitter. As such, the Commission prohibits from authorization any modular transmitter that is covered equipment, and any product, host, or device that incorporates a modular transmitter that is covered equipment, regardless of any previous authorization of the modular transmitter. This includes any transmitter identified on the Covered List that otherwise could be authorized as a module or on a standalone basis regardless of whether it is authorized. The Commission believes this particular approach is necessary to ensure that modular transmitters that pose an unacceptable risk to national security or the safety and security of U.S. persons cannot be imported or marketed in the United States either as standalone devices or as incorporated into another device. And it believes that this approach ensures that it is addressing the national security threats that Congress intended for the Commission to address in the Secure Equipment Act, when Congress directed the Commission to not ``approve any application for equipment authorization for [covered] equipment.'' Section 15.212 provides for a standalone authorization of modular transmitters under the Commission's certification procedures. 47 CFR 15.212. The Commission concludes that modular transmitters, as defined in Sec. 15.212, constitute communications equipment insofar as they are used in fixed or mobile broadband networks and provide high-speed, switched, broadband telecommunications capability that enables users to originate and receive high-quality voice, data, graphics, and video telecommunications using any technology with connection speeds of at least 200 kbps in either direction. To the extent that a modular transmitter falls within the scope of what constitutes covered communications equipment under Commission rules, the modular transmitter is itself covered equipment and thereby prohibited from authorization under the rules. 47 CFR 2.903(a), 1.50001(d). Many modular transmitters are designed to be incorporated into equipment to enable that equipment to have certain critical or essential functionalities associated with the provision of fixed or mobile services. While such transmitters could be independently authorized, they are not required to be. Given the conclusion that Commission rules prohibit from authorization standalone transmitters that fall within the scope of what constitutes covered equipment, the Commission correspondingly prohibits from authorization equipment that includes, as a component part, a transmitter that meets the requirements for a modular transmitter, even if the transmitter is not independently authorized as a module. The Commission notes that cellular IoT devices would fall within the scope of modular transmitters under Commission rules. This approach is consistent with the Commission's suggested approach in the EA Security R&O and FNPRM to prohibit authorization of any equipment that includes a component part that could be authorized on a standalone basis but for the fact that the standalone equipment would be prohibited from authorization. Because this communications equipment is covered equipment, preventing authorization of equipment that includes this covered equipment is necessary and appropriate, and consistent with the Commission's authority under the Act, the Secure Networks Act, and the Secure Equipment Act to prohibit authorization of equipment that poses an unacceptable risk to national security, and covered equipment more specifically. That is, the Commission concludes that granting an authorization for equipment that includes a modular transmitter that is covered equipment would, in effect, be granting an authorization to equipment that, by inclusion of this covered modular transmitter, would pose an unacceptable risk to national security and would undermine Congress's goals in the Secure Equipment Act when it directed the Commission to cease authorizing covered equipment. The Commission agrees with the Heritage Foundation that such equipment can ``present[ ] risks to national security that are equally severe as risks from finished products.'' Authorizing devices containing one or more covered modular transmitters is tantamount to authorizing the modular transmitter(s). It makes little sense for the Commission to prohibit certain modular transmitters from obtaining independent authorization, but to allow authorization for devices containing exactly those modular transmitters. In this sense, the Commission agrees with the Hudson Institute that continued authorization of devices that contain these modular transmitters ``undermine the intent of'' the Secure Networks Act and the Secure Equipment Act. The Commission therefore modifies its rules to explicitly prohibit authorization of any modular transmitter that is covered equipment, and any product, host, or device that incorporates a modular transmitter that is covered equipment, regardless of whether the Commission previously authorized that modular transmitter. Modular transmitters, as defined in Sec. 15.212 of the Commission's rules, that can be authorized under the rules as standalone devices (each consisting of a completely self-contained transmitter device) and incorporated into other devices, include ``single-modular transmitters,'' ``split-modular transmitters,'' and ``limited modular transmitters.'' The Commission also includes in its prohibition modular transmitters that operate pursuant to licensed radio services rules. The Commission concludes that this prohibition furthers the objectives of the equipment security rules, as well as the congressional directive to prohibit authorization of equipment that poses an unacceptable risk to national security. In adopting rules to prohibit use of modular transmitters in equipment for which authorization is sought, the Commission is in effect prohibiting composite systems that include modular transmitters that are covered equipment. The Commission rejects the contention of some commenters either that the Commission may not have the requisite legal authority to prohibit use of any component parts or that only the enumerated sources identified in the Secure Networks Act should make determinations on whether component parts constitute covered equipment. First, the only component parts that the Commission is prohibiting with the rules announced in this item are those [[Page 53232]] that are themselves covered equipment, which have already been determined to pose ``an unacceptable risk to the national security of the United States or the security and safety of United States persons.'' 47 U.S.C. 1601(b); 47 CFR 1.50002(b)(1). While the Commission lacks independent authority to add new equipment to the Covered List without the specific determination of an enumerated source or direction from Congress, it concludes that the Commission has the requisite RF equipment expertise to reach the conclusion that whatever unacceptable risks are posed by modular transmitters are posed regardless of whether those modular transmitters are initially approved as standalone devices or incorporated within a product, host, or device, as modular transmitters are generally intended to be. In issuing this prohibition, the Commission is not making impermissible national security determinations. The Commission is rather using its decades-long technical expertise concerning RF equipment and familiarity with its equipment authorization process to close a loophole that would undermine both the Secure Equipment Act's directives and Congress's and the Executive Branch's determinations as to national security risks. Second, the Secure Equipment Act directed the Commission to ``adopt rules in the [EA Security NPRM proceeding].'' Congress thus directed the Commission to adopt final rules in a proceeding which had proposed to require that applicants ``attest that no equipment (including component parts) is comprised of any `covered' equipment, as identified on the [Covered List].'' Had Congress (incongruously) intended for the Commission to not authorize certain covered equipment but to authorize devices containing covered equipment, Congress could have prohibited the Commission from addressing components parts, as proposed. Congress chose not to. Third, even in the absence of the Secure Equipment Act, the Commission concludes that the Commission possesses sufficient legal authority under the Act to implement the prohibitions contained in this section. As explained in the EA Security R&O and FNPRM, section 302 of the Act authorizes the Commission to make regulations ``consistent with the public interest, convenience, and necessity . . . governing the interference potential of [radio frequency] devices.'' This public interest regulatory authority implicates other statutory responsibilities, including the missions for which the Commission was created--promoting national defense and the safety of life and property; interests clearly furthered by prohibiting the importation and marketing of devices that pose ``unacceptable risks to the national security of the United States or the safety and security of United States persons.'' 47 U.S.C. 1601. Other statutory authorities confirm this. See, e.g., 47 U.S.C. 303(g), 303(e), 303(r), 154(i). If there was any doubt that the Commission possessed this pre-existing authority, Congress confirmed it with the Secure Equipment Act. The Secure Equipment Act's direction of Congress to adopt rules in the EA Security NPRM ratified the Commission's tentative legal conclusions and decisively established the Commission's legal authority to enact the proposals in the EA Security NPRM, one of which was to require attestation as to component parts. Limitation on Existing Authorization of Covered Equipment The Commission sets forth a process to place limitations on previously granted authorizations of covered equipment to prohibit the continued importation and marketing of such equipment. Through this approach, the Commission aims to effectively address the established national security risks posed by previously authorized covered equipment while minimizing the impact on users. The goal is to mitigate potential national security risks associated with covered equipment that was authorized prior to adoption of the EA Security R&O and FNPRM in November 2022. Background. In the EA Security R&O and FNPRM, the Commission adopted a prohibition on the authorization, going forward, of covered equipment, and concluded that it has the requisite legal authority under the Act, confirmed by the Secure Equipment Act, to revoke existing authorizations, but it did not at that time revoke any existing authorizations. The Commission also adopted streamlined revocation procedures for equipment authorizations granted after adoption of the prohibition if the applicant included a false statement or representation that the equipment for which it had sought and obtained a grant is not ``covered'' equipment. The Commission sought further comment on the issues raised in the EA Security NPRM concerning revocation of covered equipment authorizations granted prior to the Commission's adoption of a prohibition on authorization of such equipment. It sought to expand the record that developed in response to the EA Security NPRM, particularly in light of the actions taken and guidance provided in the EA Security R&O and FNPRM, and sought comment on several different issues concerning revocation. Specifically, the Commission sought comment on the scope of revocation of existing authorizations the Commission should consider, whether there might be situations that would warrant revocation in certain circumstances and, if so, how the Commission should identify particular covered equipment for which continued authorization poses an unacceptable risk to national security. Further, considering the potential risk to national security, it asked whether the Commission should consider revoking all existing authorizations of covered equipment and, if so, how such revocations could be implemented. The Commission also asked to what extent revocation of any particular equipment should depend on establishing a reimbursement program. It also inquired how supply chain issues or consumer-related concerns should figure into the Commission's considerations, and what information and data might be useful to such a consideration. The Commission requested comment on an appropriate transition period in the event that the Commission were to decide to revoke any existing authorizations of covered equipment. In addition, the Commission sought comment on what process to use for revocation of existing authorizations, and whether it should adopt different or expedited procedures than provided for under Sec. 2.939 of the Commission's rules. Further, the Commission asked about the best enforcement mechanisms of any revocation, such as an enforcement policy to address violations related to the continued marketing, sale, or operation of covered equipment for which authorization was revoked. The Commission asked what educational and outreach efforts may be needed to inform the public of any revocations of covered equipment authorizations. The Commission also requested comment on possible alternative approaches to full revocation of existing authorizations. It sought comment on what it termed a ``partial'' revocation by which the continued importation and marketing of previously authorized covered equipment would be prohibited without impacting the continued use of such equipment. The Commission noted that such an approach could eliminate user device replacement costs while also promoting national security concerns related to the continued importation and marketing of this equipment. Commenters, including CTA, CTIA, TIA, Competitive Carriers Association, and NCTA generally oppose any [[Page 53233]] widespread revocation of existing authorizations of covered equipment that would require removal and replacement of equipment in use, while other commenters, including ITI, ZTE, Hikvision, and Dahua, contend that any revocation of existing authorizations is precluded by the Secure Equipment Act or otherwise would violate due process. Some commenters are supportive of a broad revocation of covered equipment authorizations. Finally, some commenters state that, apart from retroactive revocation of existing authorizations (including prohibiting continued use of equipment) or revocation of authorizations of specific equipment based on extraordinary circumstances, the Commission could consider some form of prospective approach to revocation of covered equipment that would prohibit the future marketing or sale of currently authorized covered equipment. Discussion. To promote the goal of mitigating the national security risks associated with previously authorized covered equipment in our nation's infrastructure and communications supply chain, the Commission adopts a procedure whereby the Commission can limit previously granted authorizations of covered equipment to prohibit the continued importation and marketing, without prohibiting the continued use of such devices. This is a simplified, prospective approach along the general lines of the prospective ``partial'' revocation proposal on which the Commission sought comment in the EA Security R&O and FNPRM that would not affect consumers' continued use or operation of devices they already possess. Absent a process by which the Commission can restrict the continued importation and marketing of covered equipment, it is concerned that already-authorized covered equipment devices would continue to flow into our nation and into the infrastructure and communications supply chain, which could contribute to further unacceptable risks. These devices have been determined to pose ``an unacceptable risk to the national security of the United States or the security and safety of United States persons'' alongside all other covered equipment. 47 U.S.C. 1601(b)(1). The Commission further concludes that it is insufficient to rely solely on the obsolescence of particular equipment models to abate the inflow of more covered equipment. Years-old covered devices are still widely sold in the U.S., suggesting obsolescence is not a quick process. Older models of covered equipment poses an unacceptable risk today when imported or marketed in the United States, not only when such equipment is new to the market. Waiting many years for this equipment to become obsolete would not address the present ``unacceptable risks. The Commission agrees with the Heritage Foundation that certain previously authorized devices that are now considered covered equipment ``likely remains marketable in the United States'' and ``may present continuing national security threats.'' Furthermore, as FDD noted, such devices, embedded within American communications networks, ``can still undergo firmware updates, conduct remote communication, and transmit data back to their manufacturers.'' In the EA Security R&O and FNPRM, the Commission concluded that it has the requisite authority under the Act to review any existing authorization for covered equipment, and to determine the necessity for revoking such authorization, and that the Commission can undertake such revocation pursuant to current rules. Under its current rules in Sec. 2.939(a), the Commission has already established procedures to revoke an equipment authorization because of conditions coming to the attention of the Commission which would warrant it in refusing to grant an original application. 47 CFR 2.939(a)(4). In the case of previously authorized covered equipment, the implementation of the Covered List and the resulting prohibition on authorization of equipment identified on the Covered List create conditions that would warrant the Commission in refusing to grant an original application for any covered equipment. 47 CFR 1.50002, 2.903. The Commission does not today alter the existing process to revoke covered equipment, as proposed in the EA Security R&O and FNPRM, which in most cases involve the process generally afforded radio licenses. 47 CFR 2.939(b). Instead, the Commission adopts a new process well-tailored to address unacceptable national security risks without disrupting continued use or operation of devices. The Commission revises the rules to adopt a procedure to limit the scope of an existing authorization of covered equipment to prohibit continued importation or marketing of such equipment, without revoking the underlying authorization. The Commission has in various proceedings adopted prohibitions on the manufacture and importation of equipment where doing so served the public interest. Section 302 of the Act authorizes the Commission--consistent with the public interest, convenience, and necessity--to promulgate regulations applicable to the manufacture, import, sale, offer for sale, shipment, and use of radiofrequency devices and to prohibit the manufacture, import, sale, offer for sale, shipment, or use of such devices that fail to comply with those regulations. 47 U.S.C. 302a(b). Consistent with existing regulatory procedures to revoke an equipment authorization, the Commission finds, through this rulemaking proceeding, it has the requisite authority to evaluate, craft, and implement this process to limit the scope of an existing authorization of covered equipment to prohibit continued importation and marketing of such equipment, and to establish a procedure to apply this limitation as appropriate. This action is consistent with ``the public interest'' insofar as it protects American communications networks from devices specifically determined to ``pose an unacceptable risk to the national security of the United States or the security and safety of United States persons.'' 47 U.S.C. 1601(b). While commenters generally oppose widespread revocation of existing authorizations of covered equipment, several commenters recommend that, instead of widespread revocation of existing authorizations, or revoking particular authorizations because of ``extraordinary'' circumstances, the Commission should take a prospective approach to addressing existing authorizations along the lines suggested in the EA Security R&O and FNPRM, under which the Commission would only consider whether to prohibit in some manner the future importation and marketing of previously authorized covered equipment while allowing the continued operation of equipment already in use. This allows the Commission to avoid the ``[e]conomic harms associated with removing and replacing Covered List equipment.'' The Commission agrees, and adopts such an approach in this Second Report and Order--limiting equipment authorizations to prohibit importation and marketing, while allowing for continued operation of the relevant devices. The Commission revises Sec. 2.939 of its rules by adopting a mechanism to limit the continued importation and marketing of such previously authorized covered equipment. The Commission delegates authority to OET and PSHSB to apply such prohibitions pursuant to the framework and process described here. The Commission revises Sec. Sec. 2.803 and 2.1204 to clarify that equipment that has been subject to such a [[Page 53234]] limitation cannot be marketed or imported. For such previously authorized covered equipment, OET and PSHSB shall provide, through public notice, a brief analysis of the relevant factors that would justify limitation on the authorization of previously authorized covered equipment prohibiting the importation and marketing of such. In each such public notice, OET and PSHSB will specify the class, type, or other description sufficient to identify the devices, including reference to all devices included in a specific Covered List entry, targeted for potential limitations on importation and marketing. The Commission directs OET and PSHSB to include in the analysis, and seek comment on, any relevant public interest factors, such as economic and supply chain considerations. This analysis will primarily rely upon the details of the relevant specific determination(s) used to inform a given entry on the Covered List. In the public interest analysis, OET and PSHSB must give particular weight to the fact that the relevant equipment was determined to pose ``an unacceptable risk to the national security of the United States or the safety and security of United States persons.'' 47 U.S.C. 1601(b)(1). After all, as the Supreme Court has noted in another context, ``[i]t is obvious and unarguable that no governmental interest is more compelling than the security of the Nation,'' and the Commission has a long history of relying on national security determinations to inform its public interest analysis. See Haig v. Agee, 453 U.S. 280, 307 (1981). Nonetheless, in certain instances, OET and PSHSB could conclude that other factors outweigh the national security risks. The most relevant sources of information for these other public interest factors are the given specific determinations, and accompanying analyses or rules, themselves. For example, OET and PSHSB recently sought public input on updating the Covered List to include certain equipment related to connected vehicles pursuant to a Commerce Department determination. In the same rule in which the Commerce Department made its specific determinations regarding ``unacceptable risks,'' the Commerce Department also delayed the effectiveness of its own restrictions, explaining that ``determining the scope of the prohibitions required a balancing of the need to address the undue or unacceptable risk posed by foreign adversary involvement in the connected vehicles supply chain with the impact on the public and industry.'' Department of Commerce, Bureau of Industry and Security, Securing the Information and Communications Technology and Services Supply Chain: Connected Vehicles, 90 FR 5360, 5363 (Jan. 16, 2025). While such balancing cannot, under the Secure Equipment Act, affect the Commission's updates to the Covered List and prohibition on granting new equipment authorizations to covered equipment, the Commission may consider such countervailing economic concerns when implementing the prohibitions for already-authorized devices outlined in this rule. While the specific determination must be the centerpiece of OET and PSHSB's analysis, they also will fully consider evidence in the Commission's record regarding whether to adopt a limitation on an existing authorization with regard to continued importation or marketing of the equipment. The public notice must provide an opportunity for public comment for a minimum of 30 days and may provide an opportunity for reply comments if OET and PSHSB find it warranted. After the end of the comment period(s), OET and PSHSB will review all relevant information, request additional information if needed, and make their determination as to whether to implement the prohibition on importation and marketing, describing what equipment is subject to the limitation, and providing the reasons for such. So as to promote regulatory certainty and the continued confidence of the public in the Commission's efforts to secure the communications equipment supply chain, OET and PSHSB should take reasonable steps to conclude these proceedings expeditiously after the end of the relevant comment period. The Commission directs OET and PSHSB to, as soon as practicable, institute proceedings to determine whether to apply these prohibitions to some or all of the equipment currently on the Covered List. The Commission also directs OET and PSHSB to, simultaneous with any future addition of equipment to the Covered List or as soon as practicable thereafter, issue a Public Notice requesting public comment on whether to apply these prohibitions to such equipment. For any devices for which an existing equipment authorization is limited to prohibit continued importation and marketing (which includes sale), the relevant responsible parties would be obligated to ensure compliance with such prohibition. 47 CFR 2.803(a). For equipment certifications, the responsible party is the party to whom the grant of certification is issued, also referred to as the ``grantee.'' 47 CFR 2.909(a). As for SDoC authorizations of covered equipment, the responsible party could be the manufacturer, the assembler, the importer, retailers, original equipment manufacturers, or the party performing modifications to the equipment. 47 CFR 2.909(b). OET and PSHSB should include in the initial public notice proposed timelines by which the responsible parties must cease all importation and marketing activities and specifically seek comment on such, thereby encouraging dialogue not only with the responsible parties but also with the relevant manufacturers, importers, distributors, retailers, and other interested entities. Such timeline considerations should include, in addition to the underlying national security concerns, factors such as the quantity of devices that have already been imported into the U.S. and are available for or being held for marketing or sale, new or recently updated device models that are en route to the U.S. or pending shipment, and devices that are subject to executed distribution, marketing, or sales agreements but have not yet entered the supply chain although they are contemplated for such. The Commission finds that this process will help to ensure that OET and PSHSB are fully considering the ramifications of the implementation of the proposed prohibition, not only with regard to the relevant grantee or responsible party, but also the public at large. The Commission is confident that this process will thereby effectuate an outcome that remains consistent with the original specific determination regarding the equipment pursuant to the Secure Networks Act and the Secure Equipment Act while balancing the public interest factors regarding the supply chain and consumer interests. Because this limitation on existing authorizations would not result in the revocation of an existing authorization of covered equipment, the continued use of such equipment that is already in the hands of users would remain authorized. The Commission thereby eliminates several complexities and reduces the challenges that commenters suggested would arise if the only manner to prohibit the importation and marketing of already-authorized covered equipment was to engage in revocations that also prohibit the use or operation of such covered equipment. Broad Scope of the Prohibition on Authorization of Equipment Identified on the Covered List Interpreting whether equipment is ``produced by'' a specified entity. To help implement the prohibition on [[Page 53235]] authorization of any covered equipment, applicants seeking equipment certification are required to make certain attestations (in the form of written and signed certifications) about the equipment for which they seek authorization--these include certifying that the equipment is not covered equipment and stating whether the applicant is an entity identified on the Covered List (either a named entity or a subsidiary or affiliate of the named entity). Congress, through the Secure Networks Act, directed the Commission to add to the Covered List equipment defined in 2019 NDAA Sec. 889, all of which is described as ``produced by'' certain entities: Huawei Technology Company, ZTE Corporation, Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, Dahua Technology Company, and their affiliates and subsidiaries. Accordingly, for purposes of their attestations, applicants necessarily must determine whether the equipment is ``produced by'' these entities. Similarly, to ensure that no covered equipment is authorized through the SDoC process, responsible parties that obtain authorizations under SDoC procedures are required to attest that the equipment is not ``produced by'' any entity identified on the Covered List. FDD notes the potential ``ambiguity surrounding the term `produced by' in the context of covered equipment.'' FDD expresses concern that the term might not include certain complex forms of foreign adversary control and encourages the Commission to formally adopt a broad definition of the term to ensure that the Commission addresses ``instances in which covered vendors serve as original equipment manufacturers or design contractors for companies not listed on the Covered List.'' The Commission made clear in the EA Security R&O and FNPRM that, considering the national security concerns implicated in this proceeding, it was taking a ``broad and inclusive'' approach to interpreting the scope of what constitutes covered equipment. The Commission also expressed concern regarding authorization of re-branded or re-labeled (``white labeled'') covered equipment produced by entities identified on the Covered List, and it made clear that re- branding or ``white labeling'' of any covered equipment does not change the status of whether the equipment is covered equipment. Consistent with the approach in the EA Security R&O and FNPRM, when carrying out their responsibilities associated with the prohibition on authorization of covered equipment under Sec. 2.903(a), or any of the required attestations related to covered equipment, applicants, responsible parties, and entities named in their reporting obligations should take a broad view of the term ``produced by.'' This is consistent with Congress's intent to guard against a broad array of equipment through 2019 NDAA Sec. 889 and the Secure Networks Act. Although the Commission declines to adopt a comprehensive definition of ``produced by'' as FDD suggests, it clarifies here that in determining whether a device is ``produced by'' a particular entity, a broad interpretation likely includes substantial responsibility for or control over any major stage of the process by which a device comes into existence. Accordingly, ``produced by'' is not limited to the manufacture or assembly of a device. For example, a device would generally be considered to have been ``produced by'' Huawei if Huawei designed, manufactured, assembled, or developed the device. Furthermore, the Commission ordinarily assumes that any entity submitting an application for certification or serving as the responsible party for SDoC would be considered among those producing the device. It is entirely possible that a device would be understood as ``produced by'' more than one entity. Determining whether a device is produced by a particular entity could be based on multiple factors or the totality of circumstances, particularly when considering the role played by multiple entities to bring a device into existence. The Commission notes that this analysis would not necessarily apply to future listings of equipment on the Covered List. Such listings may use different language that indicates an intent to capture a larger or smaller set of communications equipment. Modification of equipment, including permissive changes. In the EA Security R&O and FNPRM, the Commission adopted revisions to Sec. 2.932 regarding modifications to equipment (e.g., changes in the design, circuitry, or construction of the device) and Sec. 2.1043 concerning changes to certified equipment, such as ``permissive changes.'' The Commission noted that a modification to authorized equipment could result in the later identification of that equipment as covered and determined that it could not allow the continued authorization of modified equipment if, at the time of such modification, the equipment is covered equipment. The Commission adopted requirements, similar to the revised provisions of Sec. 2.911, that all applications or requests to modify already certified equipment include a written and signed certification that the equipment is not prohibited from receiving an equipment authorization pursuant to Sec. 2.903. 47 CFR 2.1043(b)(2)(i)(B), (b)(3)(i)(B). It also required an affirmative or negative statement as to whether the applicant is identified on the Covered List, as well as the written and signed certifications required under Sec. 2.911(d)(6) regarding an agent for service of process within the United States. 47 CFR 2.1043(b)(2)(i)(C), (b)(3)(i)(C). The Commission adopted the same provisions for requests for Class II and III permissive changes pursuant to Sec. 2.1043. The Commission found these revisions sufficient to prevent modified equipment from maintaining authorization when such modifications occur at a time after which such equipment has been identified as posing a risk and thereby appearing on the Covered List. The Commission now clarifies that its intent adopting these provisions was to prohibit modification, including permissive changes, to previously authorized covered equipment or equipment that would become covered as a result of such modification or permissive change. This clarification is consistent with Congress's direction to the Commission in the Secure Equipment Act to ``clarify that it will no longer review or approve any application for equipment authorization for'' covered equipment. Any application for authorization of covered equipment is thereby prohibited under Sec. 2.903, including applications for permissive changes. For permissive changes that do not require an application and thereby are not reviewed by the Commission, the prohibition still applies because such changes are approved by the Commission if they meet the requirements of that type of change as provided in the rules (i.e., they are ``approved by rule''). The Commission further modifies the rule revisions of Sec. Sec. 2.932 and 2.1043 adopted in the EA Security R&O and FNPRM to clarify this prohibition. Benefits and Costs The Commission finds the targeted measures of this Second Report and Order will advance national security objectives in an efficient manner without incurring substantial costs. The measures on the prohibition of modular transmitters and on the broad scope of the prohibition on authorization of equipment produced by entities identified on the Covered List are clarifications of the measures from the EA Security R&O and FNPRM. As such, [[Page 53236]] these represent minimal changes that simply ensure realization of the original benefits and costs of the EA Security R&O and FNPRM. The measures on limitation of existing authorization of covered equipment will involve additional work in compliance from affected entities. As previously stated, the Commission finds that these measures are necessary because obsolescence is insufficient to completely address issues with already authorized covered equipment. However, the Commission does believe that obsolescence will mitigate compliance costs due to the relatively short equipment life cycles. By delegating authority to OET and PSHSB to limit the scope of the marketing and importation prohibition, the Commission is ensuring that any costs to affected entities are specific enough to meet critical national security needs but are still narrow. Moreover, the Commission emphasizes that it is currently not requiring manufacturers to replace equipment in the hands of consumers. In doing so, the Commission is tailoring its rules in such a way as to make sure that the public benefits outweigh any costs that the prohibition will impose. Ordering Clauses Accordingly, it is ordered, pursuant to the authority found in sections 4(i), 301, 302, 303, 403, and 503 of the Communications Act of 1934, as amended, 47 U.S.C. 154(i), 301, 302a, 303, 403, 503, and the Secure Equipment Act of 2021, Public Law 117-55, 135 Stat. 423, 47 U.S.C. 1601 note, that this Second Report and Order is hereby adopted. It is further ordered that the Commission's Office of the Secretary, shall send a copy of this Second Report and Order, including the Final Regulatory Flexibility Analyses, to the Chief Counsel of the Small Business Administration Office of Advocacy. List of Subjects in 47 CFR Part 2 Administrative practice and procedures, Communications, Communications equipment, Reporting and recordkeeping requirements, Telecommunications, and Wiretapping and electronic surveillance. Federal Communications Commission. Marlene Dortch, Secretary. Final Rules For the reasons discussed in the preamble, the Federal Communications Commission amends 47 CFR part 2 as follows: PART 2--FREQUENCY ALLOCATIONS AND RADIO TREATY MATTERS; GENERAL RULES AND REGULATIONS 0 1. The authority citation for part 2 continues to read as follows: Authority: 47 U.S.C. 154, 302a, 303, and 336 unless otherwise noted. 0 2. Amend Sec. 2.803 by revising the introductory text of paragraph (b) to read as follows: Sec. 2.803 Marketing of radio frequency devices prior to equipment authorization. * * * * * (b) General rule. No person may market a radio frequency device unless the radio frequency device is authorized pursuant to a valid FCC equipment authorization that has not been limited through the procedures described in Sec. 2.939(e) of this chapter, and: * * * * * 0 3. Amend Sec. 2.903 by: 0 a. Revising paragraph (a); 0 b. Redesignating paragraphs (b) through (d) as paragraphs (d) through (f); and 0 c. Adding new paragraphs (b) and (c). The revisions and additions read as follows: Sec. 2.903 Prohibition on authorization of equipment on the Covered List. (a) All equipment on the Covered List, as established pursuant to Sec. 1.50002 of this chapter, is prohibited from obtaining an equipment authorization under this subpart. This includes equipment that: (1) Has been certified as a modular transmitter; or (2) Meets the modular transmitter requirements of Sec. 15.212 of this chapter and could be certified as a modular transmitter. (b) All equipment that incorporates equipment meeting the descriptions in paragraph (a)(1) or (2) of this section is prohibited from obtaining an equipment authorization under this subpart. (c) The prohibitions in paragraphs (a) and (b) of this section apply to: (1) Equipment that would otherwise be subject to certification procedures; (2) Equipment that would otherwise be subject to Supplier's Declaration of Conformity procedures; and (3) Equipment that would otherwise be exempt from equipment authorization. * * * * * 0 4. Amend Sec. 2.932 by revising paragraphs (b) and (c) to read as follows: Sec. 2.932 Modification of equipment. * * * * * (b) Except for equipment prohibited from authorization pursuant to Sec. 2.903, permissive changes may be made in certificated equipment, and equipment that was authorized under the former type acceptance procedure, pursuant to Sec. 2.1043. (c) Permissive changes may be made in equipment that was authorized under the former notification procedures unless such equipment meets one of the criteria in paragraphs (c)(1) or (2) of this section. The grantee must submit information documenting continued compliance with the pertinent requirements upon request. (1) The equipment is currently subject to authorization under the certification procedure; or (2) The equipment is prohibited from authorization pursuant to Sec. 2.903. * * * * * 0 5. Amend Sec. 2.933 by revising paragraph (b)(5) to read as follows: Sec. 2.933 Change in identification of equipment. * * * * * (b) * * * (5) The photographs required by Sec. 2.1033(b)(10) or (c)(14) showing the exterior appearance of the equipment, including the operating controls available to the user and the identification label. Photographs of the construction, the component placement on the chassis, and the chassis assembly are not required to be submitted unless specifically requested. * * * * * 0 6. Amend Sec. 2.939 by: 0 a. Revising the section heading; 0 b. Revising the introductory text of paragraph (a); and 0 c. Adding paragraph (e). The revisions and additions read as follows: Sec. 2.939 Revocation, withdrawal, or limitation of equipment authorization. (a) The Commission may revoke, or place limitations pursuant to paragraph (e) of this section on, any equipment authorization: * * * * * (e) The Office of Engineering and Technology (OET) and the Public Safety and Homeland Security Bureau (PSHSB) may place limitations on an existing authorization for covered equipment authorizations to prohibit continued importation or marketing, pursuant to the following procedures: (1) OET and PSHSB will issue a public notice announcing the intent to limit the scope of equipment authorizations to prohibit the further importation or marketing of specified devices identified by class, type, or other description sufficient to identify the devices. [[Page 53237]] (2) The public notice will include an assessment of the impact of the proposed prohibition with consideration of public interest factors, including: the unacceptable risks the equipment was found to pose, the economic and supply chain impacts, and any other criteria as specified by the Commission. The public notice should give particular weight to the specific determination(s), and any accompanying rules or analyses, through which the relevant equipment was added to the Covered List. (3) The public notice will provide for a public comment period of no less than 30 days. (4) OET and PSHSB will review the submissions, may request additional information as may be appropriate, and must make their determination as to whether to place limitations on the existing authorization to prohibit the further importation or marketing of the relevant devices, providing the reasons for such decision. 0 7. Amend Sec. 2.1043 by revising the introductory text of paragraph (b) to read as follows: Sec. 2.1043 Changes in certificated equipment. * * * * * (b) Except for equipment prohibited from authorization pursuant to Sec. 2.903, three classes of permissive change may be made in certificated equipment without requiring a new application for and grant of certification. Any of these classes of changes must not result in a change in identification. * * * * * 0 8. Amend Sec. 2.1204 by revising paragraph (a)(1) to read as follows: Sec. 2.1204 Import conditions. * * * * * (a) * * * (1) The radio frequency device is authorized pursuant to a valid FCC equipment authorization that has not been limited through the procedures described in Sec. 2.939(e). * * * * * [FR Doc. 2025-21001 Filed 11-24-25; 8:45 am] BILLING CODE 6712-01-P