US regulators have moved aggressively to tighten network security, with a sweeping foreign router ban now reshaping the consumer internet hardware market.
FCC expands security blacklist to consumer routers
The Federal Communications Commission has barred new foreign-made consumer internet routers from the US market, citing escalating national security threats. In an update on Monday to its list of equipment deemed insufficiently secure, the FCC added all consumer-grade routers manufactured outside the US, dramatically widening its existing hardware restrictions.
Moreover, the decision puts home and office routers on the same security footing as foreign-made drones, which were prohibited at the end of last year. Routers, used in homes and businesses to connect computers, phones, TVs and other devices, are now treated as critical infrastructure endpoints rather than simple household electronics.
The FCC warned that “malicious actors have exploited security gaps in foreign-made routers to attack American households, disrupt networks, enable espionage, and facilitate intellectual property theft.” However, the agency stressed that people can continue using foreign-made routers they already own, as the ban strictly targets all “new device models” entering the market.
Scope of the ban and security motivations
The policy shift stems from mounting concern over the last year that routers represent an easy-access point for cyber intrusions. TP-Link, a leading router brand made in China and a best-seller on Amazon, became the focus of US political scrutiny in 2024 after a series of cyberattacks raised alarms about consumer router security risks and foreign supply chains.
Under the foreign router ban, any new router assembled or manufactured outside the US must now receive explicit FCC approval before it can be imported, marketed, or sold domestically. That requirement applies even when a device is designed in the US but built abroad, closing a common loophole in previous technology restrictions.
The FCC also highlighted links between router vulnerabilities and three major cyber campaigns, identified as Volt Typhoon, Flax Typhoon, and Salt Typhoon, which targeted US infrastructure between 2024 and 2025. US government investigations concluded that actors within, or operating on behalf of, the Chinese government were responsible for those operations.
New approval regime and disclosure obligations
Any company manufacturing routers outside the US must now seek conditional authorization through a new router approval process FCC, before shipping products into the country. Moreover, applicants will have to disclose their foreign investors, external influence, and detailed supply-chain structures as part of the review.
In addition, firms must present a credible plan to shift router manufacturing to US facilities over time. That said, the FCC did not specify deadlines or hard targets for relocation, leaving room for phased transitions shaped by market and policy developments.
The FCC confirmed that certain routers could be exempted if the Department of Defense or the Department of Homeland Security determine they pose acceptable risks. However, as of now, neither agency has designated any specific models for inclusion on an exceptions list.
National security findings and cyber risk assessment
The FCC’s action follows a decision issued on Friday by US government bodies involved in national security, which found that internet routers built overseas “posed unacceptable risks” to the country. According to a government summary, these risks include potential disruptions to critical infrastructure and possible harm to people in the event of coordinated cyberattacks.
Furthermore, officials cited possible knock-on effects across the American technology supply chain, including manufacturing dependencies and opaque ownership structures. Those concerns mirror broader debates over china made router concerns and the strategic leverage embedded in global hardware production networks.
Investigators tied the aforementioned Volt, Flax, and Salt Typhoon campaigns directly to malicious access routes through compromised or poorly secured routers. As a result, policymakers are increasingly treating edge devices such as routers as frontline defenses, not peripheral components.
Impact on global manufacturing and US brands
The vast majority of internet routers today are assembled or manufactured outside the US, particularly in Taiwan and China. Consequently, the new rules are expected to affect a wide range of multinational electronics manufacturers and contract assemblers that supply the American retail and enterprise markets.
The ban also reaches US brands that rely on overseas production. Popular US router maker Netgear, for example, manufactures all of its products abroad, meaning its new models will now fall under the same import controls as foreign competitors. However, existing devices already owned by consumers and businesses remain unaffected.
One notable exception to the scarcity of US-made routers is the newer Starlink WiFi router, part of Elon Musk‘s company SpaceX. The company says its Starlink routers are manufactured in Texas, potentially positioning them as compliant alternatives as security-centric purchasing policies gain traction.
Outlook for policy, supply chains, and consumers
US officials argue that tighter oversight of router manufacturing and importing is essential to mitigate future large-scale cyber incidents. Moreover, the FCC’s coordination with defense and homeland security agencies suggests that internet hardware will remain a core battleground in technology and national security policy.
That said, it remains unclear how quickly manufacturers can reorient their production footprints or absorb additional compliance costs. Consumers may eventually face higher prices or fewer options, particularly in lower-cost segments, as companies adapt to the import restrictions on routers and reconfigure their supply chains.
In summary, the ban on new foreign-made consumer routers marks a significant shift in how Washington views everyday networking devices, intertwining cybersecurity, industrial policy, and geopolitical risk in a single regulatory move.
Source: https://en.cryptonomist.ch/2026/03/24/foreign-router-ban-fcc-controls/
