FCC Enacts Three New National Security Measures Targeting Foreign Adversary Control In U.S. Communications

The Federal Communications Commission has implemented a sweeping enhancement of its security protocols designed to counter foreign adversary penetration within America's telecommunications infrastructure. During its May 22, 2025 Open Meeting, the Commission advanced three distinct regulatory initiatives aimed at restricting foreign control mechanisms across U.S. communications networks and equipment, representing a significant escalation in the agency's strategic approach to protecting critical communications assets from potential threats posed by hostile foreign entities.

These coordinated measures demonstrate the FCC's evolving commitment to fortifying the nation's telecommunications ecosystem against sophisticated foreign influence campaigns while establishing more robust oversight mechanisms to identify and neutralize potential security vulnerabilities embedded within the communications supply chain. The actions taken represent the most significant expansion of FCC national security regulation since the implementation of the "Rip and Replace" program and will substantially impact telecommunications carriers, equipment manufacturers, VoIP providers, and related service providers across the industry.

Key Actions:

1. "Bad Labs" Report and Order – Prohibiting foreign adversary control of testing and certification bodies
2. Foreign Adversary Control NPRM – Proposing comprehensive ownership disclosure requirements for all FCC licensees
3. Connected Car Public Notice – Seeking to expand the Covered List to include automotive communications technology

I. "Bad Labs" Report and Order: Securing the Equipment Authorization Process

The FCC adopted rules to prohibit certain entities from owning and controlling telecommunications certification bodies (TCBs), measurement facilities, and laboratory accreditation bodies. Under the FCC's rules, TCBs and testing facilities play an important role in preventing the introduction of devices into the United States that could interfere with other devices or cause health risks to the public.

The FCC will define "prohibited entities" as those identified on the Covered List, along with those entities identified by other federal agencies as posing national security threats. This includes:

• Companies on the FCC's existing Covered List (Huawei, ZTE, Hytera, Hikvision, Dahua)
• Entities on the DOD's Chinese military company list and the executive branch's list of "foreign adversaries"
• Future additions to these federal watch lists

The new rules will go into effect thirty days after publication in the Federal Register, except for the data collection and certification requirements that need development and separate approval.

II. Foreign Adversary Control NPRM: Comprehensive Ownership Disclosure Framework

This NPRM proposes to adopt a new, uniform certification and reporting regime that would substantially broaden the reach of FCC reporting to include the following holders of FCC licenses, authorizations, and approvals:

Covered Entities Include:

• Wireless licensees and lessees (FCC Rule Parts 22, 24, 26, 27, 30, 80, 87, 88, 90, 95, 96, 97, 101), excluding those licensed by rule, and spectrum auction applicants
• Holders of domestic Section 214 authorizations (which are granted by blanket rule) and international Section 214 authorizations
• Voice over Internet Protocol (VoIP) providers with numbering authorizations
• Entities holding other various authorizations, including frequency coordinators, holders of Data Network Identification Codes (DNIC) and International Signaling Point Codes (ISPC), and recognized operating agencies under the International Telecommunication Convention

Key Definitions and Thresholds:

• Foreign Adversary Definition: Define a "foreign adversary" as "any foreign government or foreign non-government person determined by the Secretary [of Commerce] to have engaged in a long-term pattern or serious instances of conduct significantly adverse to the national security of the United States or security and safety of United States persons."
• Reporting Scope: The phrase "person owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary" would have the same four-part definition as in Department of Commerce regulations (15 CFR § 791.2).

The NPRM also seeks comment on whether to also include Eligible Telecommunications Carriers (ETC) that provide services subsidized by the Universal Service Fund, potentially extending these requirements to rural carriers and other USF beneficiaries.

III. Connected Car Technology Expansion

The FCC released a public notice on May 23, 2025, seeking comment on a proposal to incorporate new communications equipment and services on the Covered List relating to connected cars. The FCC is seeking expedited comments – due on June 9, 2025 – on whether to expand the class of equipment and services on the Covered List.

Proposed Additions to Covered List: (1) automated driving systems (ADS) and completed connected vehicles designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of the People's Republic of China, including the Hong Kong Special Administrative Region and the Macau Special Administrative Region, (PRC), or the Russian Federation (Russia); and (2) vehicle connectivity systems (VCS) hardware designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of the PRC or Russia

This expansion would align FCC regulations with recent Bureau of Industry and Security rules addressing connected vehicle security risks.

IV. Strategic Context: Advancing the FCC's National Security Mission

The trio of actions adopted at the May 22nd Open Meeting represents a concrete implementation of the broader national security strategy established under the current administration's technology and telecommunications agenda. These measures directly advance the objectives outlined by the FCC's newly established Council on National Security, demonstrating how regulatory policy translates into operational safeguards against foreign adversary threats.

The FCC announced the formation of this Council on March 13, 2025, with Chairman Carr emphasizing that the body would harness the Commission's comprehensive "regulatory, investigatory, and enforcement authorities" to strengthen U.S. national security posture and counter foreign threats—particularly those emanating from adversarial activities linked to the People's Republic of China (PRC) and the Chinese Communist Party (CCP). The May 22nd actions exemplify this coordinated approach in practice.

Council Objectives Realized Through Recent Actions:

• Supply Chain Independence: Reducing the technology and telecommunications sectors' dependence on foreign adversaries for critical trade relationships and supply chain infrastructure
• Threat Mitigation: Systematically addressing vulnerabilities that enable "cyberattacks, espionage, and surveillance by foreign adversaries" through enhanced oversight and transparency requirements

The equipment authorization reforms, foreign ownership disclosure mandates, and satellite spectrum initiatives collectively operationalize these strategic priorities, creating multiple layers of protection while expanding domestic capabilities in critical communications infrastructure.

V. Potential Industry-Specific Implications

Wireless Carriers and CMRS Providers

• All spectrum licensees will likely face new ownership disclosure requirements
• Enhanced scrutiny of equipment procurement and network security practices
• Potential impact on foreign investment and partnership strategies

VoIP and IP-Enabled Service Providers

• Numbering authorization holders subject to new reporting requirements
• Integration with broader Section 214 foreign ownership reforms
• Enhanced due diligence requirements for international service arrangements

Equipment Manufacturers and Importers

• Immediate impact from TCB restrictions
• Long-term supply chain restructuring may be necessary
• Enhanced documentation requirements for equipment authorization processes

Cable and Satellite Operators

• Spectrum-based services subject to ownership disclosure requirements
• Equipment authorization processes affected by TCB restrictions
• International gateway and satellite services subject to enhanced scrutiny

VI. Immediate Action Items for Clients

Priority 1: Supply Chain Assessment:

• Conduct immediate review of testing, certification, and equipment authorization relationships
• Identify any dependencies on prohibited TCBs or testing facilities
• Develop alternative certification pathways for affected products

Priority 2: Ownership Analysis:

• Review corporate structure for any foreign adversary connections at 5% or greater ownership levels
• Assess control relationships that may trigger disclosure requirements
• Prepare for potential certification and reporting obligations

Priority 3: Risk Mitigation Planning:

• Conduct a risk assessment to identify any potential foreign adversary control within your organization and take steps to mitigate these risks
• Develop contingency plans for supply chain disruptions
• Consider legal structure modifications to address potential regulatory concerns

VII. Recommendations and Next Steps

1. Immediate Assessment: Conduct comprehensive review of foreign ownership, control relationships, and supply chain dependencies
2. Legal Strategy: Develop compliance framework addressing both current requirements and proposed new obligations
3. Business Continuity: Identify and secure alternative vendors, testing facilities, and business relationships to ensure operational continuity
4. Regulatory Monitoring: Establish systems to track ongoing developments in this rapidly evolving regulatory landscape
5. Regulatory Engagement Opportunities:
   • Connected Car Comments For clients in automotive communications technology, the June 9, 2025 comment deadline provides an opportunity to shape the scope and implementation of proposed Covered List expansions.
   • Foreign Adversary NPRM Participation Comments on the NPRM will be due 30 days after publication in the Federal Register, which has not yet occurred. This proceeding will determine the specific certification and disclosure requirements that could affect thousands of FCC licensees.

The FCC's recent actions confirm that it will continue scrutinizing foreign actors' involvement and control in the US communications sector. These developments represent a fundamental shift toward more comprehensive national security oversight of telecommunications operations, requiring proactive compliance strategies and ongoing regulatory monitoring.

The breadth and pace of these changes demand immediate attention from all FCC-regulated entities. Companies that develop comprehensive compliance strategies now will be better positioned to navigate the evolving regulatory landscape while maintaining operational effectiveness and competitive positioning.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.