The head says it. Earlier this week, in an unexpected move, the Federal Communications Commission (FCC) announced it would ban all new consumer-grade routers manufactured abroad for national security reasons.
In a way, this new development is a surprising end to the years-long saga in which the US government mulled banning TP-Link routers for the same reasons.
FCC router bans: The specifics
Routers are essential and ubiquitous equipment—each home or office network needs one. Generally, whoever controls the router owns the traffic passing through it and can dictate what happens behind the scenes, beyond what you can see on your screens.
On this front, the FCC shared a National Security Determination regarding the unacceptable risks posed by routers produced in foreign countries that, among other things, read:
“Recently, malicious state and non-state sponsored cyber attackers have increasingly leveraged the vulnerabilities in small and home office routers produced abroad to carry out direct attacks against American civilians in their homes. From disrupting network connectivity to enabling local networking espionage and intellectual property theft, foreign-produced routers present unacceptable risks to Americans. Additionally, routers produced abroad were directly implicated in the Volt, Flax, and Salt Typhoon cyberattacks, which targeted critical American communications, energy, transportation, and water infrastructure. Routers in the United States must have trusted supply chains so we are not providing foreign actors with a built-in backdoor to American homes, businesses, critical infrastructure, and emergency services.”
And that’s the premise behind this FCC router ban, which took effect on March 23, 2026. Specifically, starting that day, any routers produced in a foreign country will automatically be added to the existing ban list (called Covered List), which includes all previously banned networking hardware.
According to the announcement, “new devices on the Covered List, such as foreign-made consumer-grade routers, are prohibited from receiving FCC authorization and are therefore prohibited from being imported for use or sale in the US”.
This new development is surprising because it’s far beyond the FCC’s previous intention to ban just TP-Link routers. Most importantly, virtually all routers I’ve worked with are made outside the US—primarily in China, Taiwan, or Vietnam.
The only US-made routers I’m aware of (and have limited experience with) are those from StarLink, as they carry no country-of-origin marking required for US imports.
So the question is, does this band mean US consumers can no longer buy new routers? Not necessarily.
Exceptions and Conditional Approval
The ban applies only to new routers that have not yet been authorized or even manufactured. The FCC states clearly in its ban announcement:
- The (updated) Covered List does not prohibit the import, sale, or use of any existing device models the FCC previously authorized.
- This action does not affect any previously purchased consumer-grade routers.
Consumers can continue to use any router they have already lawfully purchased or acquired. - Producers of consumer-grade routers that receive Conditional Approval from the Department of War (DoW) or the Department of Homeland Security (DHS) can continue to receive FCC equipment authorizations.
Considering that there are already plenty of routers, including those supporting the latest Wi-Fi 7 standard, that have been authorized, this ban has no immediate effect on the consumer-grade networking market.
However, going forward, new routers, especially those supporting the upcoming Wi-Fi 8, will need to be manufactured in the US or granted Conditional Approval, which is determined on a case-by-case basis via an application process.
Reactions from hardware vendors
I contacted a few popular networking vendors about the new ban, and none, so far, seem overly concerned.
TP-Link Systems Inc., the popular Chinese-yet-not-so-Chinese hardware vendor, once the heart of the whole router-ban saga, seems to take solace in the fact that the new FCC router ban put all hardware vendors under the same scrutiny. Its spokesperson offered this statement:
“This action from the FCC appears to affect virtually all new consumer-grade routers seeking authorization to be sold in the United States. Because nearly every manufacturer in this sector produces hardware abroad or relies on a global supply chain, this new requirement will set a bar for the entire industry. Placing all manufacturers and their supply chains under the same scrutiny is a positive step in the direction of making the router industry more secure.
We are confident in the security of our supply chain. TP-Link has been committed to making further investments in America and has already been planning to establish U.S.-based manufacturing to complement our existing company-owned facilities in Vietnam. TP-Link is well-positioned — in fact, possibly better positioned than any of its competitors — to succeed under the new guidelines and maintain its position as the leading U.S. vendor of secure network devices.”
NETGEAR, TP-Link’s perceived biggest US competitor, also appears to cheer the FCC on making the new ban via this statement, offered by its spokesperson:
“We commend the Administration and the FCC for their action toward a safer digital future for Americans. Home routers and mesh systems are critical to national security and consumer protection, and today’s decision is a step forward. As a U.S.-founded and headquartered company with a legacy of American innovation, NETGEAR has long invested in security‑first design, transparent practices, and adherence to government regulations, and we will continue to do so.“
The final thoughts
As mentioned, the role of routers in online security is real, and, therefore, so are their risks. In electronics, supply chain security risks are also very real: among other things, a third party can add extra components without the manufacturer’s knowledge, as demonstrated by the extreme example of the 2024 Lebanon electronic device attacks.
So, the new FCC router ban makes sense, at least on the surface. How effective it is at keeping Americans safe depends on the process by which a foreign-made router is granted Conditional Approval.
In the meantime, there’s no need for US consumers to fret, considering the plethora of routers already available in the US for them to bring home today. And these top-five options will help.
laughs in tplink. every router i own from tplink is already eod of life with no new firmware. cuz tplink abandons their products quick. with that said im sure their will be big push back from companies that are usa facing but nothing is actually made here.
While the threat is valid and should be dealt with, this seems like a half-baked and poorly thought out solution to the problem.
It doesn’t address a point that you’ve brought up many times before – requiring an account with a third party to access all or part of a device’s functions. When we make those accounts, not only are we trusting the company not to misuse or mishandle our info, we’re giving them the keys to the kingdom.
The other issue I had is that the term router is very vaguely defined. IANAL, but I think it could also apply to switches (particularly L3) and access points to.
This could also, theoretically, ban products from countries friendly to the US, some of which we have very deep relationships with like the UK, Canada, Australia and New Zealand. I find it strange that there aren’t tiered levels of trust where more scrutiny may be given to products from some countries vis others.
I think we’ll find this may be a “road to he** is paved with good intentions” but it will cause more problems than it solves. Especially with the sudden implementation date. It’ll have to be modified at some point as I don’t see the manufacturing of these devices being brought back to the US overnight, if ever. There needs to be a more middle of the road approach to this.
Good points, Tosan. It can also be a way for currupted officials to start a “pay to play” scheme. We’ll see.
Sure hope that doesn’t happen, but I guess anything is possible these days.
I’m just thinking of how these vendors refresh products, like adding more 10 gig ports, for example. There’s been talk of some new Ubiquiti Dream Machines coming out that will be more capable, and it sounds like these upgraded/refreshed versions will be banned even though very similar products that are already on the market will be grandfathered. Just doesn’t make sense.
As you said, I could see it making more sense for WiFi 8, but just re-implementing current tech that’s already been approved? *smh*