In a significant policy shift this December, the Federal Communications Commission (FCC) has extended its import restrictions, previously applied to foreign-manufactured drones, to consumer networking equipment. This new directive effectively halts the import of such equipment unless manufacturers secure an exemption, citing substantial national security concerns.

Existing users of Wi-Fi or wired routers need not worry; they can continue to operate their current devices. Moreover, companies with FCC authorization for a specific foreign-made product can still import those items. However, this decision casts a shadow over the future of consumer routers, as the vast majority are produced outside the United States.

By including foreign-made consumer routers on its Covered List, the FCC has essentially blocked any new radio authorizations for these devices, thereby preventing their entry into the U.S. market. This places manufacturers at a crossroads: they must either secure a “conditional approval” to keep importing under the promise of relocating production to the U.S., or, like DJI in the drone sector, decide to forgo future sales in the American market.

The FCC’s actions are buttressed by a National Security Determination that underscores the risks of foreign-produced routers dominating the U.S. market. The agency claims that reliance on such routers exposes the nation to unacceptable economic and cybersecurity threats. This determination is backed by incidents like the Volt, Flax, and Salt Typhoon cyberattacks, which targeted crucial American infrastructure sectors such as communications, energy, transportation, and water.

The FCC’s stance is clear: the secure functioning of the nation’s economy and defense infrastructure cannot hinge on foreign router manufacturing. This move signals a push towards bolstering domestic production capabilities, ensuring that the technological backbone of the United States remains secure from external vulnerabilities.

“Given the criticality of routers to the successful functioning of our nation’s economy and defense, the United States can no longer depend on foreign nations for router manufacturing,” reads another passage.

It is true that a great many router vulnerabilities have surfaced over the years, which make them a popular target for hackers and botnets. It is also true that one China-founded company, TP-Link, is dominant in the US consumer market; US authorities had previously considered a specific TP-Link ban due to that dominance and national security concerns. (TP-Link has been attempting to distance itself from China, splitting off from the Chinese entity in 2022, establishing a global headquarters in California in 2024, and suing Netgear in 2025 for suggesting that TP-Link had been infiltrated by the Chinese government.)

It is not clear how simply moving production of routers domestically would make them safer. In the Volt Typhoon hack, Chinese state-sponsored hackers primarily targeted Cisco and Netgear routers, routers designed by US companies, according to the Department of Justice. They were vulnerable because those US companies had stopped providing security updates to the specific targeted routers, which had been discontinued by those companies.

While the FCC’s Covered List makes it sound like the US is banning all “routers produced in a foreign country,” it’s defined a bit more narrowly than that. It’s specifically banning “consumer-grade routers” as defined in NIST Internal Report 8425A, which refers to ones “intended for residential use and can be installed by the customer.”

“Virtually all routers are made outside the United States, including those produced by U.S.-based companies like TP-Link, which manufactures its products in Vietnam,” reads part of a statement from TP-Link via third-party spokesperson Ricca Silverio. “It appears that the entire router industry will be impacted by the FCC’s announcement concerning new devices not previously authorized by the FCC.”

Update, March 23rd: Clarified how TP-Link has distanced itself from China, and added company statement.