The Federal Communications Commission (FCC) has proposed adding certain connected vehicle technologies to its list of equipment and services covered By Section 2 of the Secure Networks Act – an unprecedented step that, if implemented, could create compliance challenges for the automotive industry and manufacturers of connected vehicle equipment.
On May 23, the FCC's Public Safety and Homeland Security Bureau (PSHSB) and Office of Engineering and Technology (OET) issued a Public Notice seeking comment on whether to revise the agency's Covered List to include certain connected vehicle hardware and/or software provided by Chinese- or Russian-controlled entities. The Public Notice comes after the U.S. Department of Commerce's (Commerce) Bureau of Industry and Security (BIS) adopted a Final Rule restricting transactions involving such hardware and/or software because they pose "undue or unacceptable risks to national security and U.S. persons[.]"
The Public Notice is significant, as it marks the first time that the FCC has considered adding categories of technology to the Covered List (as opposed to specific entities and their particular products). It comes amid increased activity by both the FCC and Commerce to address national security risks in the communications sector and a broader effort from the Trump Administration and Congress to address national security risks from Chinese-controlled entities in the supply chain of the defense industrial base and critical infrastructure. Input on the Public Notice is due June 27 (extended from June 9).
The Public Notice is one of several recent national security-focused actions at the FCC, including a Report and Order in the FCC's "Bad Labs" proceeding that restricts entities associated with foreign adversaries from participating as test labs or certification or accreditation bodies in the FCC's equipment authorization program, a Further Notice of Proposed Rulemaking in the Bad Labs proceeding proposing additional restrictions, and a Notice of Proposed Rulemaking proposing broad new certification and reporting requirements related to foreign adversary control of FCC-regulated entities. Below, we provide more detail on the Public Notice and its potential impacts on national security priorities at BIS and the FCC.
What Is the Covered List, and How Is the FCC Using It?
Section 2 of the Secure and Trusted Communications Networks Act of 2019 (Secure Networks Act) requires the FCC's Public Safety and Homeland Security Bureau (PSHSB) to maintain and update a list of communications equipment and services deemed to pose an "unacceptable risk" to national security based on certain determinations made by Commerce and other federal agencies. There are now 12 entities on the Covered List, all of which are affiliated with the People's Republic of China (PRC) or Russia.
Congress has specifically directed the FCC to use the Covered List to: (1) prohibit entities from using federal Universal Service funding for purchasing, renting, leasing, or maintaining equipment on the Covered List; and (2) prohibit the FCC's review or approval of radiofrequency equipment authorization applications that involve equipment on the Covered List.
As noted above, since passage of the Secure Networks Act, the FCC has expanded the applicability of the Covered List to prohibit listed entities from serving as labs and other relevant bodies in the FCC's equipment certification process. Additionally, the FCC has barred these entities from participating in the forthcoming U.S. Cyber Trust Mark program. The FCC is expected to further expand the applicability of the Covered List. Recent proposals include requiring various FCC licensees to make certifications as to whether they use Covered List equipment (or to certify that they do not use such equipment), expanding the equipment authorization ban to include component parts, and revoking pre-existing equipment authorizations held by Covered List entities.
BIS's Final Rule Includes Broad Prohibitions on Certain Connected Vehicle Hardware and Software
Executive Order 13873 (EO 13873) ), issued in May 2019, directs Commerce to develop and implement processes to counter risks to U.S. national security arising from transactions with "foreign adversaries" in information and communications technology and services (ICTS). Consistent with this directive, on January 14, 2025, BIS published the Final Rule, which restricts certain transactions involving hardware or software that "are designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of" the PRC or Russia, and that directly enable automated driving systems (ADS) and vehicle connectivity systems (VCS).
While these prohibitions are broad, BIS is expected to take various actions to allow otherwise-prohibited transactions that present low national security risks. In particular, the Final Rule allows BIS to issue both "general authorizations" and case-by-case "specific authorizations" for transactions that would otherwise be barred and permits entities to seek advisory opinions pertaining to whether a given transaction would be prohibited or restricted by the Final Rule. BIS also adopted a staggered implementation schedule: The prohibitions on covered transactions and associated compliance obligations are not effective until model year 2027 for prohibited software, model year 2030 for prohibited hardware, and January 1, 2029 for hardware not associated with a vehicle model year.
The Public Notice Seeks Input on Whether and How to Add the Final Rule's Prohibitions to the Covered List
The Public Notice seeks comment on whether the FCC should update the Covered List based on the Final Rule. In doing so, the Public Notice requests input with respect to several key considerations:
- The New Prohibition. Relying on the definitions adopted by BIS for the various technologies, the FCC proposes to add ADS, completed connected vehicles, and VCS systems in a new Covered List entry that largely mirrors the prohibition adopted in the BIS Final Rule. The entry would cover the relevant technologies when "designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of" the PRC or Russia. Notably, this would be the first time the Covered List would include a category of products but not identify the particular entities covered by the prohibition. The Public Notice does not address whether and how the FCC would incorporate any advisory opinions or general or specific authorizations issued by BIS.
- Timing and Authority to Update the Covered List. The Secure Networks Act authorizes the FCC to add to the Covered List based upon "a specific determination" by Commerce made pursuant to EO 13873. The FCC interprets BIS's findings – that foreign-controlled ADS and VCS pose an unacceptable national security risk – as specific determinations that necessitate a Covered List update. Nonetheless, because the Rule's transaction restrictions do not take effect for several years, the FCC seeks comment on whether BIS's delayed implementation should affect its own timing or approach. The Public Notice does not consider whether advisory opinions or general or specific authorizations issued by BIS would likewise be considered "specific determinations" that would require further action by the FCC.
- Equipment Authorizations. Currently, equipment manufactured by entities on the Covered List cannot receive FCC equipment authorizations. The FCC tentatively concludes that VCS hardware, or VCS hardware with integrated software, would likewise be subject to this bar – as VCS hardware, and VCS hardware with integrated software, qualify as radiofrequency devices subject to the equipment authorization process. In contrast, the FCC proposes that because ADS do not typically involve the use of radiofrequency devices, ADS would not be subject to this prohibition.
- Intended Use of VCS Hardware. Recognizing that VCS hardware can be used for other purposes, the FCC proposes adding to the Covered List only hardware "intended to be included within a completed connected vehicle." The Public Notice seeks input on how the FCC should determine whether any given hardware is "intended" for such use.
What's Next?
The Public Notice leaves open questions about whether and how the FCC will ultimately incorporate the BIS Final Rule's prohibitions into the Covered List. For example, how will entities ensure compliance with existing and future Covered List-related requirements if the Covered entities are not enumerated? How will the FCC determine if VCS hardware is "intended" for use in a vehicle?
What is clear is that if certain connected vehicle hardware and software is headed for the Covered List, any gaps between how Commerce and the FCC handle covered equipment could create complex compliance challenges for the automotive industry, manufacturers of connected vehicle equipment, and other stakeholders. The differing scope of the prohibition may mean that a connected vehicle that could be legally sold before BIS's transaction restriction goes into effect, or is authorized under a general or specific authorization from BIS, could be effectively barred by the FCC's blanket restriction on authorization for radiofrequency equipment that appears on the Covered List.
Commerce is also unlikely to stop at connected vehicles, as evidenced by the newly created Office of Information and Communications Technology and Services housed within BIS and focused on carrying out EO 13873 across the entire spectrum of ICTS. In addition to finalizing the connected vehicles rule, the office is currently working on a similar rule to prohibit transactions involving uncrewed aircraft systems (UAS). If the FCC decides that the connected vehicles rule involves a "specific determination," it will likely set a precedent for products subject to future ICTS rules to be added to the Covered List in the same fashion.
Stakeholders should closely monitor these developments at both the FCC and BIS as they plan for and manage supply chain risks. If you have any questions or would like further information regarding the implications of this Public Notice, please contact one of the authors or your Wiley TMT attorney.
Leah Porter, a Wiley 2025 Summer Associate, contributed to this alert.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
