The FCC has added all foreign-produced consumer routers to its Covered List, effectively blocking authorization of new models for sale in the US over national security concerns.
The move follows a government-wide determination that such routers pose significant supply chain and cybersecurity risks.
The decision was announced on March 23, 2026, by the Federal Communications Commission’s Public Safety and Homeland Security Bureau after receiving a formal National Security Determination from a White House-convened interagency body. This group, composed of multiple US national security agencies, concluded that routers manufactured abroad present “unacceptable risks” due to their potential exploitation in cyberattacks and their role in critical infrastructure networks.
According to the FCC’s fact sheet, the risks stem from both supply chain exposure and active exploitation by threat actors. Investigations cited incidents in which attackers exploited vulnerabilities in home and small-office routers to conduct espionage, disrupt connectivity, and facilitate intellectual property theft. Notably, compromised routers were linked to large-scale campaigns such as Volt, Flax, and Salt Typhoon, which targeted US communications, energy, and transportation infrastructure.
The FCC, an independent US regulatory agency overseeing communications infrastructure and equipment authorization, maintains the Covered List under the Secure and Trusted Communications Networks Act. Equipment placed on this list is deemed a national security threat and cannot receive FCC authorization, a requirement for importation, marketing, or sale in the United States.
Under the new rules, all newly developed consumer-grade routers produced outside the US are ineligible for FCC equipment authorization, effectively barring them from entering the US market. However, the restriction applies only to new models. Devices already authorized can continue to be sold and used, and consumers are not required to replace existing routers.
FCC Chairman Brendan Carr confirmed the move, stating that the action aims to “safeguard Americans and the communications networks we rely on.”
To mitigate market disruption, the policy introduces a “Conditional Approval” pathway. Router manufacturers can apply to the Department of War (DoW) or the Department of Homeland Security (DHS) for case-by-case clearance by demonstrating secure supply chains, transparent ownership structures, and plans to shift manufacturing of critical components to the United States. Approved devices would remain eligible for FCC certification despite being produced abroad.
The FCC also issued a temporary waiver that allows previously authorized routers, including those now classified as “covered,” to continue receiving software and firmware updates until at least March 1, 2027. This measure is intended to prevent security degradation in existing devices by allowing vulnerability patches and compatibility updates to proceed uninterrupted.
For manufacturers, the impact is immediate and significant. Foreign-based router vendors must either pursue Conditional Approval or risk losing access to one of the world’s largest consumer networking markets for future products. The requirement to disclose supply chains, firmware origins, and ownership structures could also increase regulatory scrutiny and compliance costs.
For US consumers, the short-term effects are minimal. Existing routers remain functional and supported, but future product availability may shift toward domestically produced or government-approved devices. Over time, this could lead to reduced brand diversity or higher prices, but also potentially improved baseline security standards.
Users are advised to keep router firmware up to date, disable remote administration features unless necessary, and replace unsupported devices that no longer receive security patches, regardless of origin, to reduce exposure to known exploits.
Leave a Reply