FCC Targets ‘Covered List’ Firms in Telecom Authorization Overhaul
Key Highlights
- The FCC voted to end automatic telecom operating authority for entities on its national security Covered List, closing what Chairman Carr calls an "End Run" around existing rules.
- SIA's Jake Parker says video surveillance companies on the Covered List are not telecom service providers and would not be directly affected by the rule as written.
- A separate Bureau-level proceeding may carry more immediate consequences, potentially rendering all products from Covered List entities unlawful to import, market or sell in the U.S.
The Federal Communications Commission (FCC) voted Thursday to launch a rulemaking proceeding that would prohibit entities on its Covered List from receiving automatic authorization to provide domestic interstate telecommunications services in the United States.
The Covered List is a catalog of communications equipment and services that the FCC’s Public Safety and Homeland Security Bureau publishes and maintains under agency rules. Items land on the list when they are deemed to pose an unacceptable risk to U.S. national security or the safety of American citizens, under criteria established in the Secure and Trusted Communications Networks Act of 2019.
The action builds on years of FCC efforts to counter threats from foreign adversaries. Between 2019 and 2023, the commission denied or revoked the international telecommunications authority of five separate entities and added their services to the Covered List following findings that they posed unacceptable national security risks.
Yet, in Thursday’s announcement, FCC Chairman Brendan Carr stated those measures left a gap, with many of those same entities continuing to operate in the U.S. by providing services that fall outside the legal definition of international telecommunications authority.
“For years, I have referred to this evasion as an ‘End Run’ around our Covered List rules,” Carr said.
At issue is a blanket authorization process established under section 214 of the Communications Act of 1934. Since 1999, the FCC has granted that authorization automatically to most domestic carriers seeking to offer service in the U.S. The Notice of Proposed Rulemaking (NPRM) adopted Thursday would end that automatic approval for all entities appearing on the Covered List.
The commission is also seeking public comment on whether additional entities beyond those on the Covered List should be excluded from blanket operating authority under section 214. A separate question in the proceeding asks what process should govern revoking operating authority for Covered List entities already providing telecommunications services under existing blanket authorizations.
The FCC is further considering whether to prohibit telecommunications carriers from interconnecting with entities on the Covered List unless they have first applied for and received commission authorization. The proceeding also invites broader input on any additional measures the agency should consider to protect national security as it relates to section 214 authorizations.
Commissioner Olivia Trusty, who voted to approve the measure, stated the threats facing U.S. communications networks today are more severe than in any recent era and that existing policies must be reexamined to ensure frameworks built to promote economic growth are not turned against national and economic security. She said the rulemaking advances a more targeted, risk-based approach to oversight.
“Striking the right balance requires the Commission to focus its oversight where risks are greatest,” Trusty said, adding that she appreciated Chairman Carr’s work to ensure the proceeding addresses entry authority not only for common carriers but also for companies seeking to provide unlicensed wireless service.
Security industry watches for broader implications
For the security industry, the immediate practical impact of the rulemaking as written may be limited. Jake Parker, Senior Director of Government Relations at the Security Industry Association (SIA), tells SecurityInfoWatch that the draft NPRM as released would concern only telecommunications carriers providing interstate service under section 214, and that video surveillance companies on the Covered List, such as Hikvision and Dahua, are not telecom service providers and would not meet that definition.
However, Parker said a separate element of the proceeding warrants close attention. The FCC is also seeking comment on restricting interconnection "with entities that installed equipment on the Covered List in their networks," which he said raises the possibility that, if later proposed and adopted, such a restriction "could impact the use of services directly supplied by these entities," including potentially cloud-based services.
"This remains to be seen, as the draft NPRM has not been finalized and published in the federal register and would depend on the proposed rule issued later," Parker said.
Parker pointed to a separate Bureau-level proceeding as potentially having a more immediate impact on the security industry. That proceeding would revoke FCC device authorization for equipment authorized before rules implementing the Secure Equipment Act of 2021 took effect, potentially rendering all products from Covered List entities unlawful to import, market or sell. Parker noted, however, that the proceeding explicitly would not affect continued use or operation of already-purchased communications equipment.
Hikvision and Dahua have largely retreated from the U.S. and Canadian markets in recent years. Dahua wound down its U.S. operations entirely, dissolving its American subsidiary following the sale of its North American business in 2024. In 2023, Hikvision sued the FCC and the U.S. government, seeking to overturn the agency's security ban on the Chinese company's future equipment authorizations.
As for timing, Parker said the NPRM will likely be published in the federal register within the next month, after which it will be open for public comment for 30 days, with reply comments typically due 15 days after that.
"Timeline for issuance of a final rule depends on the agency and time needed to address and adjudicate comments received, but likely within the year," he said.
About the Author
Rodney Bosch
Editor-in-Chief/SecurityInfoWatch.com
Rodney Bosch is the Editor-in-Chief of SecurityInfoWatch.com. He has covered the security industry since 2006 for multiple major security publications. Reach him at [email protected].