The US government just banned consumer routers made outside the US
In December, the Federal Communications Commission banned the importation into the United States of all future drones manufactured in foreign countries unless or until their manufacturer was granted an exemption. Today, the FCC did exactly the same thing for consumer networking equipment, citing “an unacceptable risk to the national security of the United States and to the safety and security of American citizens.”
If you already have a Wi-Fi or wired router, you can continue to use it – and companies that have already obtained an FCC radio authorization for a specific product manufactured abroad can continue to import that product.
But since the vast majority, if not all, consumer routers are manufactured outside of the United States, the vast majority of future consumer routers are now banned. By adding all foreign-made consumer routers to its covered list, the FCC says it will no longer allow their radios, effectively banning the importation of new devices into the country.
Now, router makers must A) obtain “conditional approval” that allows them to continue getting new products allowed into the United States while they work to convince the government that they will open manufacturing in the United States, or B) make a decision not to sell future products in the United States, as drone maker DJI has already done.
As with the ban on foreign drones, the FCC has a national security ruling that it says justifies these actions, which states that “allowing foreign-produced routers to dominate the U.S. market creates unacceptable risks to the economy, national security, and cybersecurity” and that “foreign-produced routers were directly involved in the Volt, Flax, and Salt Typhoon cyberattacks that targeted critical U.S. communications, energy, transportation, and water infrastructure.”
“Given the critical importance of routers to the proper functioning of our nation’s economy and defense, the United States can no longer depend on foreign countries for router manufacturing,” another passage reads.
It is true that many router vulnerabilities have emerged over the years, making them a prime target for hackers and botnets. It is also true that a company founded in China, TP-Link, dominates the American consumer market; US authorities had previously considered a specific ban on TP-Link due to this dominance and national security concerns. (TP-Link has attempted to distance itself from China, spinning off the Chinese entity in 2022, establishing a global headquarters in California in 2024, and suing Netgear in 2025 for suggesting that TP-Link had been infiltrated by the Chinese government.)
It’s unclear how simply moving production of routers domestically could make them more secure. In the Volt Typhoon hack, Chinese state-sponsored hackers primarily targeted Cisco and Netgear routers, routers designed by U.S. companies, according to the Justice Department. These US companies had stopped providing security updates for the specific routers targeted because they had discontinued these products.
Although the FCC’s list of products covered gives the impression that the United States prohibits all “Routers produced in a foreign country” is defined a little more narrowly than that. It specifically prohibits “consumer routers” as defined in NIST internal report 8425A, which refers to those “intended for residential use and capable of being installed by the customer.”
March 23 update: Clarification of how TP-Link distanced itself from China.
