The US government just banned consumer routers made outside the US

In December, the Federal Communications Commission banned all future drones made in foreign countries from being imported into the United States, unless or until their maker gets an exemption. Now, the FCC has done the exact same for consumer networking gear, citing “an unacceptable risk to the national security of the United States and to the safety and security of U.S. persons.”

If you already have a Wi-Fi or wired router, you can keep on using it — and companies that have already gotten FCC radio authorization for a specific foreign-made product can continue to import that product.

But since the vast majority — if not all — consumer routers are manufactured outside the United States, the vast majority of future consumer routers are now banned. By adding all foreign-made consumer routers to its Covered List, the FCC is saying it will no longer authorize their radios, which de facto bans new devices from import into the country.

Now, router makers need to A) secure a “conditional approval” that lets them keep getting new products cleared for US entry while they work to convince the government that they’ll open up manufacturing in the US, or B) make the decision to skip selling future products in the US, like dronemaker DJI already did.

Like with the foreign drone ban, the FCC has a National Security Determination that it says justifies these actions, one which claims that “Allowing routers produced abroad to dominate the U.S. market creates unacceptable economic, national security, and cybersecurity risks,” and that “routers produced abroad were directly implicated in the Volt, Flax, and Salt Typhoon cyberattacks which targeted critical American communications, energy, transportation, and water infrastructure.”

“Given the criticality of routers to the successful functioning of our nation’s economy and defense, the United States can no longer depend on foreign nations for router manufacturing,” reads another passage.

It is true that a great many router vulnerabilities have surfaced over the years, which make them a popular target for hackers and botnets. It is also true that one China-founded company, TP-Link, is dominant in the US consumer market; US authorities had previously considered a specific TP-Link ban due to that dominance and national security concerns. (TP-Link has been attempting to distance itself from China, splitting off from the Chinese entity in 2022, establishing a global headquarters in California in 2024, and suing Netgear in 2025 for suggesting that TP-Link had been infiltrated by the Chinese government.)

It is not clear how simply moving production of routers domestically would make them safer. In the Volt Typhoon hack, Chinese state-sponsored hackers primarily targeted Cisco and Netgear routers, routers designed by US companies, according to the Department of Justice. They were vulnerable because those US companies had stopped providing security updates to the specific targeted routers, which had been discontinued by those companies.

While the FCC’s Covered List makes it sound like the US is banning all “routers produced in a foreign country,” it’s defined a bit more narrowly than that. It’s specifically banning “consumer-grade routers” as defined in NIST Internal Report 8425A, which refers to ones “intended for residential use and can be installed by the customer.”

“Virtually all routers are made outside the United States, including those produced by U.S.-based companies like TP-Link, which manufactures its products in Vietnam,” reads part of a statement from TP-Link via third-party spokesperson Ricca Silverio. “It appears that the entire router industry will be impacted by the FCC’s announcement concerning new devices not previously authorized by the FCC.”

Update, March 23rd: Clarified how TP-Link has distanced itself from China, and added company statement.