Federal Communications Commission Washington, DC 20554 January 13, 2026 DA 26-48 SMALL ENTITY COMPLIANCE GUIDE Amendment of the Commission’s Rules Regarding Protecting Against National Security Threats to the Communications Supply Chain through the Equipment Authorization Program FCC 25-71 ET Docket No. 21-232 Released October 29, 2025 In accordance with Section 212 of the Small Business Regulatory Enforcement Fairness Act of 1996, this Small Entity Compliance Guide (Guide) is intended to help small entities—small businesses, small organizations (non-profits), and small governmental jurisdictions—comply with the rules adopted in the above-referenced Federal Communications Commission (FCC or Commission) rulemaking dockets. This Guide is not intended to replace or supersede these rules, but to facilitate compliance with the rules. Although we have attempted to cover all parts of the rules that might be especially important to small entities, the coverage may not be exhaustive. This Guide cannot anticipate all situations in which the rules apply. Furthermore, the Commission retains the discretion to adopt case-by-case approaches, where appropriate, that may differ from this Guide. Any decision regarding a particular small entity will be based on the statute and any relevant rules. In any civil or administrative action against a small entity for a violation of rules, the content of the Guide may be considered as evidence of the reasonableness or appropriateness of proposed fines, penalties or damages. Interested parties are free to file comments regarding this Guide in the above referenced docket and the appropriateness of its application to a particular situation. The Commission will then consider whether the recommendations or interpretations in the Guide are appropriate in that situation. The Commission may decide to revise this Guide without public notice to reflect changes in its approach to implementing a rule, or it may clarify or update the text of the Guide. Please direct comments and recommendations, or requests for further assistance, to the FCC’s Consumer Center: 1-888-CALL-FCC (1-888-225-5322) Videophone: 1-844-4-FCC-ASL (1-844-432-2275) Fax: 1-866-418-0232 TABLE OF CONTENTS I. OBJECTIVES OF THE PROCEEDING 1 II. COMPLIANCE REQUIREMENTS 1 A. Modular Transmitters 1 B. Host Devices Incorporating Modular Transmitters 1 C. Prohibitions on Continued Importation and Marketing of Previously Granted Authorizations of Covered Equipment 1 D. Broad Scope of Prohibitions on Equipment “Produced By” an Entity on the Covered List 2 E. Prohibitions on Modifications, Including Permissive Changes 2 III. RECORDKEEPING AND REPORTING REQUIREMENTS 2 IV. IMPLEMENTATION DATE 2 V. INTERNET LINKS 2 I. OBJECTIVES OF THE PROCEEDING The Second Report and Order clarifies and strengthens existing prohibitions on authorizations of communications equipment determined to pose an unacceptable risk to the national security of the United States or the security and safety of United States persons. Protecting Against National Security Threats to the Communications Supply Chain through the Equipment Authorization Program, ET Docket No. 21-232, Second Report and Order and Second Further Notice of Proposed Rulemaking, FCC 25-71 (Second Report and Order). Such equipment, also known as covered equipment, is identified on the Commission’s Covered List. 47 U.S.C. § 1601; 47 CFR § 1.50002, 1.50003; List of Equipment and Services Covered by Section 2 of the Secure Networks Act, fcc.gov, https://www.fcc.gov/supplychain/coveredlist. The rule clarifications and revisions in the Second Report and Order will further strengthen the security of the equipment authorization program and advance the Commission’s goal of strengthening national security. II. COMPLIANCE REQUIREMENTS The Second Report and Order continues the Commission’s implementation of the Secure Equipment Act of 2021 and Section 302 of the Communications Act with revisions to the equipment authorization program requirements. Pub. L. 117-55, 135 Stat. 423. The new and revised requirements are summarized below: A. Modular Transmitters (47 CFR § 2.903(a)(1)-(2), (c)) The revised rules clarify that covered equipment on the Covered List include equipment that has been, or could be, certified as a modular transmitter that meets the requirements of section 15.212 of the Commission’s rules. 47 CFR § 15.212. The revised rules explicitly prohibit authorization of modular transmitters that are covered equipment. B. Host Devices Incorporating Modular Transmitters (47 CFR § 2.903(b), (c)) Modular transmitters may be authorized as standalone devices or incorporated into host devices. A host device may have a separate authorization apart from the modular transmitter, or may rely on the authorization of the incorporated modular transmitter without seeking a new authorization. The revised rules explicitly prohibit authorization of any product, host, or device that incorporates a modular transmitter that is covered equipment, regardless of whether that modular transmitter was previously authorized. C. Prohibitions on Continued Importation and Marketing of Previously Granted Authorizations of Covered Equipment (47 CFR § 2.803, 2.939(e), 2.1204) The revised rules set forth a procedure by which the Commission may limit the scope of a previously granted authorizations of covered equipment. The Commission could prohibit future importation and marketing of such equipment without revoking the underlying authorization and prohibiting continued use. The revised rules also clarify that equipment subject to such a limitation may not be marketed or imported. D. Broad Scope of Prohibitions on Equipment “Produced By” an Entity on the Covered List As directed by Congress, the Covered List includes equipment described as “produced by” certain entities: Huawei Technology Company, ZTE Corporation, Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, Dahua Technology Company, and their affiliates and subsidiaries. The Second Report and Order clarifies that “produced by” is not limited to the manufacture or assembly of a device. In determining whether a device is “produced by” a particular entity, a broad interpretation likely includes substantial responsibility for or control over any major stage of the process by which a device comes into existence. For example, a device would generally be considered to have been “produced by” Huawei if Huawei designed, manufactured, assembled, or developed the device. E. Prohibitions on Modifications, Including Permissive Changes (47 CFR §§ 2.932 and 2.1043) The revised rules explicitly prohibit modifications, including permissive changes, to previously authorized covered equipment, or equipment that would become covered as a result of such modification or change. III. RECORDKEEPING AND REPORTING REQUIREMENTS The Commission’s actions in the Second Report and Order create new or modified recordkeeping or reporting requirements to reflect modified cross-references in section 2.933(b)(5). IV. IMPLEMENTATION DATE The rules in the Second Report and Order shall become effective on December 26, 2025. V. INTERNET LINKS A copy of the Second Report and Order, Protecting Against National Security Threats to the Communications Supply Chain through the Equipment Authorization Program, is available at: https://docs.fcc.gov/public/attachments/FCC-25-71A1.pdf. A copy of the Federal Register Summary of the Second Report and Order, Protecting Against National Security Threats to the Communications Supply Chain through the Equipment Authorization Program is available at: https://www.federalregister.gov/d/2025-21001. The Covered List is available on the Commission’s website at: https://www.fcc.gov/supplychain/coveredlist. 2