FCC imposes sweeping ban on foreign-made routers, affecting all new models

Covered List now covers all foreign routers

The FCC granted a waiver to previously authorized routers allowing them to receive security patches and other “software and firmware updates to ensure the continued functionality of the devices,” until March 1, 2027. The FCC said it may extend that timeframe to allow software updates for longer.

The FCC implemented the prohibition on new routers by updating its Covered List to include all consumer-grade routers made in foreign countries, except those that receive a conditional approval. Routers for this purpose are defined as “consumer-grade networking devices that are primarily intended for residential use and can be installed by the customer,” and which “forward data packets, most commonly Internet Protocol (IP) packets, between networked systems.”

Wi-Fi routers with vulnerabilities are targets for criminal hackers building botnets. The FCC said that “compromised routers can enable in-depth network surveillance, data exfiltration, botnet attacks, and unauthorized access to US government or American businesses’ networks. The United States must have secure and trusted routers. However, currently a majority of the routers in American homes and businesses are produced outside of the United States. Allowing routers produced abroad to dominate the US market creates unacceptable economic, national security, and cybersecurity risks.”

The FCC’s Covered List already included a wide range of technology and services provided by Chinese device-makers Huawei and ZTE, the Russian security company Kaspersky Lab, several Chinese telecom companies, and other companies. The Carr FCC decided on a sweeping approach for routers instead of targeting specific manufacturers that have faced scrutiny, such as TP-Link, which was founded in China but relocated to the US in 2024.

TP-Link was already facing the possibility of a US ban, although the Trump administration reportedly delayed the proposed TP-Link ban ahead of a planned meeting between Trump and China President Xi Jinping. In a statement provided to Ars today, TP-Link said the FCC action “appears to affect virtually all new consumer-grade routers being sold in the United States,” because “nearly every manufacturer in this sector produces hardware abroad or relies on a global supply chain.” TP-Link said it welcomes the industry-wide scrutiny and that it is confident in the security of its supply chain.