New consumer-grade internet routers will require special review and approval by the Federal Communications Commission (FCC), after a US government determination that some manufactured overseas pose an unacceptable national security risk.
The declaration does not impact any internet routers that are already in circulation. US consumers can continue to use any routers they have already purchased, and the wording appears to allow already existing device models to continue to be sold. The majority of the world’s internet routers are manufactured in either Taiwan or China, and the government has tied recent highly successful Chinese government hacking campaigns to compromise of numerous of these models.
Imported internet routers now require DoW or DHS approval
The internet routers have been added as a category to the FCC’s Covered List, which establishes communications equipment and services deemed to be an unacceptable national security risk. Some individual manufacturers, such as Huawei and ZTE, have already been added to this list.
The foreign-produced routers have been cited as a supply chain and critical infrastructure risk with the capability to cause severe economic and national defense disruptions. It refers back to the Trump administration’s 2025 National Security Strategy, which stated that the US must attempt to eliminate its dependence on outside powers for critical core components.
Shane Barney, Chief Information Security Officer (CISO), Keeper Security, expands on the risks these routers present: “Moves by regulators to restrict new authorisations for foreign-made routers reflect growing concern around supply chain integrity, but focusing solely on country of origin risks oversimplifying a much broader security challenge. In enterprise environments, routers and network devices are seen not just as connectivity tools, but as high-value control points that sit outside traditional security oversight.”
“That risk is often compounded through weak governance rather than manufacturing geography”, Barney adds. “Network infrastructure is frequently under-managed, lacks consistent patching and operates without integration into modern identity and access management frameworks. This creates an ideal foothold for attackers seeking persistent, low-visibility access into corporate environments.”
It is not impossible for foreign internet routers to be sold going forward, but manufacturers will have to follow an equipment authorization process that involves getting a Department of War (DoW) or Department of Homeland Security (DHS) conditional authorization. Any routers approved to date by the existing FCC equipment authorization process are still eligible to be sold and imported, and manufacturers can continue to issue updates to them.
The ban also applies to internet routers designed and sold by American companies, but manufactured abroad. That includes nearly all of the big brand names in the market save for Starlink, which have headquarters in the US but often have their manufacturing done somewhere in Asia other than China due to tariff costs. There is still some uncertainty about the legality of importing parts from these countries and assembling them in the US; the national security order leaves room for this so long as a modular transmitter otherwise forbidden by the Covered List is used, and the manufacturer must provide “sufficient evidence” that assembly actually took place inside the country. Starlink is already believed to use this model, sourcing parts from assorted East Asian countries and assembling its routers at its Texas facilities.
National security decree follows massive Chinese espionage campaign
Though many US manufacturers in this industry have diversified in recent years due to national security concerns and Trump-era tariffs, some (such as Asus) still have at least some of their production in China. Overall China is still a key part of the production of about 60% of US home internet routers.
This move is something new in terms of FCC actions under the powers granted to it by the Secure Equipment Act and Secure Networks Act of 2020. That measure came into effect toward the end of the first Trump term and was first used to issue bans against Huawei and ZTE during the Biden administration, which continued to apply it selectively against individual manufacturers and companies rather than regions. Actions by Chinese state-sponsored espionage groups since then are likely the primary driver of this new national security move, particularly the “Typhoon” campaigns that led to the compromise of all of the major mobile phone service providers and a number of ISPs.
Those campaigns did heavily target vulnerabilities in internet routers, but these tended to be unpatched documented vulnerabilities. There has not been widespread suspicion of Chinese government meddling in tech products save for TP-Link’s routers, which have drawn calls for investigation from some figures in the Commerce and War departments. TP-Link captured about 35% of the US market for routers in recent years due largely to intense competition on price, drawing some accusations that the company was intentionally eating costs to flood the market. Texas attorney general Ken Paxton was among the first to openly accuse the company of providing the Chinese government with backdoor access, filing a lawsuit in February.
Jacob Krell, Senior Director: Secure AI Solutions & Cybersecurity, Suzu Labs, notes that policymakers are clearly viewing this as a long-term national security risk: “Security leaders should treat this as a procurement signal. If the federal government has concluded that foreign manufactured network hardware can present unacceptable supply chain risk, organizations should be reviewing whether their own vendor diligence, firmware assurance, and hardware sourcing practices reflect that same reality. Every router, switch, and access point in the environment came from a supply chain. Knowing where that hardware was manufactured, who wrote the firmware, and what visibility exists into that process is no longer a theoretical exercise. The geopolitical environment is making these questions urgent, and this ruling is unlikely to be the last of its kind.”
It remains to be seen what impact the national security decree will have on the market for internet routers. There is substantial existing stock, but if conditional waivers are not approved quickly this may not take long to dwindle. It is possible that manufacturers that have already divested all production from China, such as Netgear, will see a quick approval process.
Damon Small, Board of Directors at Xcape, is skeptical about costs going up: “The FCC is finally treating home routers like the Trojan Horses they are, though I’m sure “Made in the USA” will magically add 40% to the MSRP and zero to the patch frequency.”
