The US Commerce Department has proposed banning TP-Link routers following a sweeping interagency assessment that concluded the devices pose a national security risk due to ongoing ties with China.
The proposal, which has received backing from key agencies including the Departments of Homeland Security, Defense, and Justice, stems from a months-long investigation led by Commerce officials. According to internal communications reviewed by The Washington Post, the agencies found that TP-Link Systems Inc., the US-based arm of the Chinese-founded networking giant, remains under potential Chinese government influence despite claiming corporate independence.
The ban, if enacted, would rank among the most extensive in consumer tech history, impacting millions of US households. TP-Link Systems, based in Irvine, California, controls more than one-third of the US retail router market, with some estimates placing its share above 50%. Many of its devices are supplied via major retailers and ISPs, making them a foundational layer of American digital infrastructure.
TP-Link Systems was formed through a corporate spin-off from TP-Link Technologies Co., headquartered in Shenzhen, China. While the US entity claims operational autonomy and asserts it is not subject to Chinese jurisdiction, federal officials remain unconvinced. They cited concerns about TP-Link's continued ownership of engineering and manufacturing assets in China, proximity to former parent company facilities, and the company's ability to push firmware updates, potentially creating a pathway for exploitation by Chinese intelligence.
Founded in 1996, TP-Link Technologies is one of the world's largest manufacturers of consumer networking equipment, selling over 160 million devices annually in more than 170 countries. Its routers are used not only in homes and small offices but also on US military bases, raising the stakes of any potential compromise.
National security concerns around TP-Link began escalating in 2024 when bipartisan members of Congress, including House Select Committee Chair John Moolenaar (R-MI) and Ranking Member Raja Krishnamoorthi (D-IL), urged Commerce to investigate the company. Their concerns centered on China's national security laws, which compel firms to cooperate with state surveillance, and on the company's vulnerability record, citing high-severity flaws often left unpatched for months.
Microsoft later reported that compromised TP-Link routers were extensively used in covert espionage operations linked to Chinese state-sponsored groups, including activity as part of the Volt Typhoon campaign. Although TP-Link Systems was not directly implicated, the presence of its devices in these campaigns heightened fears of their exploitability.
TP-Link pushed back strongly against the allegations. Company spokesperson Ricca Silverio stated that the US arm is independent, employs 500 people domestically, and operates development processes without oversight from Beijing.
Still, the Commerce Department reportedly concluded that mitigation measures, such as relocating development or increasing transparency, would not be sufficient, putting TP-Link on a path toward formal notification, which would trigger a 30-day response window followed by a potential final decision from Commerce within another 30 days.
Meanwhile, the Department of Justice is separately evaluating potential criminal antitrust charges against TP-Link. As we reported in April, prosecutors are scrutinizing whether the company sold routers at a loss to crowd out US competitors, a rare and difficult-to-prosecute form of predatory pricing.
The Commerce Department previously banned sales of Russian antivirus firm Kaspersky Lab's software, citing similar fears about data access and influence by foreign intelligence agencies.
If the ban proceeds, it would likely apply to home and small office networking devices, though the full scope remains undefined. The outcome could also set a precedent for how the US handles foreign-linked tech companies with deep market penetration and perceived national security risks.
Leave a Reply