In December, the Federal Communications Commission banned all drones made in foreign countries from being imported into the United States in the future unless their manufacturer receives a waiver. Now, the FCC has done exactly the same for consumer networking gear, citing “an unacceptable risk to the national security of the United States and the safety of American persons.”
If you already have a Wi-Fi or wired router, you can continue to use it – and companies that have already received FCC radio authorization for a specific foreign-made product can continue to import that product.
But since the vast majority – if not all – consumer routers are manufactured outside the United States, the vast majority of future consumer routers are now banned. By adding all foreign-made consumer routers to its covered list, the FCC is saying it will no longer authorize their radios, which essentially bans the import of new devices into the country.
Now, router makers need to A) secure a “conditional approval” that allows them to keep approving new products for entry into the US while they work to convince the government they’ll open manufacturing in the US, or B) decide to stop selling future products in the US, as drone maker DJI already did.
Like the foreign drone ban, the FCC has a national security determination that it says justifies these actions, which claims that “allowing foreign-produced routers to dominate the U.S. market creates unacceptable economic, national security, and cybersecurity risks,” and that “foreign-produced routers were directly involved in the Volt, Flax, and Salt Typhoon cyberattacks, which targeted critical U.S. communications, energy, transportation, and water infrastructure.”
“Given the criticality of routers to the successful functioning of our nation’s economy and defense, the United States can no longer depend on foreign countries for router manufacturing,” another paragraph reads.
It’s true that a large number of router vulnerabilities have emerged over the years, making them a popular target for hackers and botnets. It is also true that TP-Link, a company founded in China, is dominant in the US consumer market; US officials had previously considered a specific TP-Link ban due to that dominance and national security concerns. (TP-Link is attempting to distance itself from China, spinning off a Chinese unit in 2022, setting up a global headquarters in California in 2024, and suing Netgear in 2025 for suggesting that TP-Link was infiltrated by the Chinese government.)
It is unclear how secure they will become by starting to produce routers domestically. According to the Justice Department, in the Volt Typhoon hack, Chinese state-sponsored hackers primarily targeted Cisco and Netgear routers, which were routers designed by American companies. Those US companies stopped providing security updates to specific targeted routers after they discontinued those products.
While the FCC’s covered list makes it seem like the US is banning All “Router manufactured in a foreign country,” is defined a little more narrowly than that. It is specifically banning “consumer-grade routers” as defined in NIST Internal Report 8425A, which refers to those “intended for residential use and that can be installed by the customer.”
Update, March 23: Clarified how TP-Link has distanced itself from China.
<a href