FCC Bans New Foreign-Made Consumer Routers Over National Security Concerns

The Federal Communications Commission updated its Covered List on March 23, 2026 to include all consumer-grade routers produced in foreign countries. The practical consequence is sweeping: new models of devices on the Covered List are prohibited from receiving FCC authorization and are therefore prohibited from being imported or sold in the U.S.

According to the FCC, the move follows a determination by a "White House-convened Executive Branch interagency body with appropriate national security expertise," in line with President Trump's National Security Strategy that the U.S. must not be dependent on any other country for core components necessary to the nation's defense or economy. The FCC stated that "malicious actors have exploited security gaps in foreign-made routers to attack American households, disrupt networks, enable espionage, and facilitate intellectual property theft," and that foreign-made routers were also involved in the Volt, Flax, and Salt Typhoon cyberattacks targeting vital U.S. infrastructure.

FCC Chair Brendan Carr welcomed the action. "I welcome this Executive Branch national security determination, and I am pleased that the FCC has now added foreign-produced routers, which were found to pose an unacceptable national security risk, to the FCC's Covered List," Carr stated.

The ban's breadth is extraordinary given the current state of the market. Virtually every major router brand, including Netgear, Linksys, Asus, D-Link, and TP-Link, builds its hardware overseas, and no major consumer router is currently manufactured in the United States. Ryan McConechy, Principal Security Architect at Barrier Networks, highlighted the central paradox: "This announcement from the FCC raises many unanswered questions, a notable one being the fact that essentially no consumer-grade routers are manufactured domestically in the US."

Although TP-Link was widely used in recent cyberattacks, cybersecurity experts told CNET that this was because of its ubiquity in the market, and that the exploited vulnerabilities were also present on routers made by American companies. In fact, the U.S. government itself said that the Salt Typhoon attacks often targeted Cisco hardware.

For consumers who already own foreign-made routers, there is no immediate disruption. Being added to the Covered List does not prohibit the import, sale, or use of any existing device models the FCC previously authorized, and the Covered List does not restrict the continued use by consumers of previously-purchased devices. However, that window may be finite. Once authorized inventory sells through, consumers could face shortages and price increases as American companies restructure supply chains, build domestic manufacturing capacity, and seek U.S. approval for new models.

Router manufacturers can pursue a path back to market. Manufacturers that produce devices abroad can apply for Conditional Approval, which buys them time while they develop a plan to move manufacturing to the U.S. The application process requires disclosure of foreign investors or foreign influence. As of the announcement, no consumer router brands had received Conditional Approval on the FCC's website.

The determination included an exemption for routers that the Department of Homeland Security have granted "Conditional Approval" after finding that such devices do not pose unacceptable risks. The Cybersecurity and Infrastructure Security Agency encourages organizations to use the Covered List for risk management analysis in their regulatory compliance efforts.

This is not the first time the FCC has issued a directive with a blanket effect on a specific type of device. In late December 2025, the agency made a similar move on foreign-made drones, effectively banning DJI and other imported brands from registering new models in the U.S. The router market, however, is far larger in scale, and the absence of any domestic manufacturing pipeline means the industry faces a restructuring challenge with no clear timeline for resolution.