The U.S. router ban: Everything you need to know

The Federal Communications Commission on Monday added all foreign-made consumer routers to its covered list — the federal government’s blacklist of communications equipment considered a threat to national security. This decision effectively bans the sale of new WiFi routers manufactured outside the country.

The ban is sweeping because virtually all consumer routers currently on the market are made overseas. However, the FCC also stated that previously approved WiFi routers can still be operated and sold.

A communication from the FCC states that “the action does not impact a consumer’s continued use of previously acquired routers.” Likewise, this does not prevent retailers from continuing to sell, import, or otherwise market router models previously approved through the FCC’s equipment authorization process.

This is the same scenario we saw with the December 2025 drone ban, when the FCC blacklisted most consumer drones even though they remained easy to find.

As before, the national security rationale, according to the FCC, is that foreign-produced routers introduce vulnerabilities into the supply chain that can disrupt critical infrastructure. Additionally, the FCC says foreign routers have already been exploited in actual cyberattacks. The Volt, Flax and Salt Typhoon attacks – all of which targeted vital infrastructure in the United States – involved routers manufactured abroad, according to the FCC.

This Tweet is currently unavailable. It may be loading or has been deleted.

A quick look at Amazon and Best Buy shows that popular routers are still widely available, but the situation is confusing. Let’s break down what we know about the new rules.

So, which routers are banned?

Any equipment on the FCC’s covered list cannot receive a new authorization, which is required before a device can be imported, marketed, or sold in the United States. And the FCC ruling adds “all consumer routers produced in foreign countries” to that list.

Indeed, all brands of home routers will be affected by the ban. (The only domestically produced consumer routers that Mashable is aware of are made by Starlink for satellite internet.)

The FCC update applies to any router produced outside the United States – and the FCC’s definition of “product” is deliberately broad. It covers not only where a device is physically assembled, but also where it was designed, developed, or where a major step in its manufacturing process was completed. So a router designed in the United States by an American company but assembled in Taiwan would still be banned, for example.

An obvious target is TP-Link, the Chinese manufacturer that has been the subject of its own congressional scrutiny and government investigations. But the ban extends well beyond Chinese companies. It also includes Asus, which is Taiwanese; Netgear, which is headquartered in San Jose and manufactures overseas; Eero, which is owned by Amazon and produces in Vietnam; and Ubiquiti, another American company whose hardware is produced abroad. If the router exists in the physical world in 2026, there is a very good chance that it was manufactured somewhere other than the United States, and therefore is now covered.

TP-Link, for its part, was typically direct. In a statement to PCMag, the company acknowledged the obvious — that router manufacturing is a globally distributed industry, with its own products manufactured in Vietnam — and presented the decision as an industry-wide calculation rather than a targeted action. The company said it was confident in the security of its supply chain and welcomed what it described as an assessment of the entire sector.

Similarly, before DJI’s drone ban in December, the company told Mashable that the ban was simply an attempt to support American manufacturing, rather than a legitimate national security issue.

“This is about taking the largest drone manufacturer out of the market so that U.S. drone manufacturers don’t have to compete with them,” Adam Welsh, DJI’s head of global policy, said in an interview with Mashable in December.

Which routers can you still buy?

More than you might expect — for now. The key distinction in the FCC rules is between new device models and those previously authorized. Any router that already has an FCC Equipment Authorization can still be imported, sold, and used. Retailers can continue to move their existing inventory. Consumers can continue to purchase these models. The ban applies to new models seeking authorization in the future, not current stock on Best Buy’s shelves.

If you already have a router, nothing changes. The list of covered products does not require consumers to replace or stop using equipment they have already purchased.

However, if you need an upgrade, now is the time to do it. The FCC granted a limited waiver Monday, allowing all previously authorized routers to continue receiving software and firmware updates — security patches, bug fixes and compatibility updates — at least until March 1, 2027, when the agency says it will reevaluate.

The waiver exists because, without it, the covered list rules would have immediately stripped these routers of their eligibility for updates as soon as they were added to the list, even for devices already installed in people’s homes. The irony here is that the FCC ban is based entirely on the security risks of foreign-made routers, which, through their own mechanisms, will eventually disrupt security updates that prevent those same routers from becoming liabilities.

Is there a way back for manufacturers?

There is, but it’s a narrow door. The FCC rules include a “conditional approval” process, administered by the Department of Defense and the Department of Homeland Security, through which a router manufacturer can request an individual exemption if it can demonstrate that its product does not pose unacceptable risks.

The application process is extensive: Manufacturers must disclose their full company structure, ownership, any ties to a foreign government, a complete bill of materials, the country of origin of every component and software, and, most importantly, a detailed, time-bound plan for moving manufacturing to the United States. Conditional approvals last no more than 18 months and come with quarterly reporting requirements. There is no guarantee of approval and all decisions are final.