The Federal Communications Commission yesterday announced it will no longer approve consumer-grade routers made outside of the US, citing a President Trump directive on reducing the use of foreign technology for national security reasons. The action will prevent foreign-made routers from being imported into or sold in the US.
Routers already approved for sale in the US can continue to be sold, and consumers can keep using any router they’ve previously obtained, the FCC said. But the FCC will not approve new device models made at least partly outside the US unless the Department of Defense or Department of Homeland Security determines that the router does not pose national security risks.
The prohibition applies to both US and foreign companies that produce routers outside the US. Foreign production includes “any major stage of the process through which the device is made, including manufacturing, assembly, design, and development.”
“This action means that new models of foreign-produced routers will no longer be eligible for marketing or sale in the US,” FCC Chairman Brendan Carr wrote on X. “The determination included an exemption for routers that the Department of War (DoW) or the Department of Homeland Security (DHS) have granted ‘Conditional Approval’ after finding that such device or devices do not pose such unacceptable risks.”
Router makers seeking conditional approvals must submit, among other things, a “justification on why any foreign manufactured router is not currently manufactured in the United States, including why these foreign sources were selected and whether alternatives exist,” and a “detailed, time-bound plan to establish or expand manufacturing in the United States.”
The FCC said it acted after receiving a national security determination from an interagency group of security experts. “Recently, malicious state and non-state sponsored cyber attackers have increasingly leveraged the vulnerabilities in small and home office routers produced abroad to carry out direct attacks against American civilians in their homes,” the determination said.
Covered List now covers all foreign routers
The FCC granted a waiver to previously authorized routers allowing them to receive security patches and other “software and firmware updates to ensure the continued functionality of the devices,” until March 1, 2027. The FCC said it may extend that timeframe to allow software updates for longer.
The FCC implemented the prohibition on new routers by updating its Covered List to include all consumer-grade routers made in foreign countries, except those that receive a conditional approval. Routers for this purpose are defined as “consumer-grade networking devices that are primarily intended for residential use and can be installed by the customer,” and which “forward data packets, most commonly Internet Protocol (IP) packets, between networked systems.”
Wi-Fi routers with vulnerabilities are targets for criminal hackers building botnets. The FCC said that “compromised routers can enable in-depth network surveillance, data exfiltration, botnet attacks, and unauthorized access to US government or American businesses’ networks. The United States must have secure and trusted routers. However, currently a majority of the routers in American homes and businesses are produced outside of the United States. Allowing routers produced abroad to dominate the US market creates unacceptable economic, national security, and cybersecurity risks.”
The FCC’s Covered List already included a wide range of technology and services provided by Chinese device-makers Huawei and ZTE, the Russian security company Kaspersky Lab, several Chinese telecom companies, and other companies. The Carr FCC decided on a sweeping approach for routers instead of targeting specific manufacturers that have faced scrutiny, such as TP-Link, which was founded in China but relocated to the US in 2024.
TP-Link was already facing the possibility of a US ban, although the Trump administration reportedly delayed the proposed TP-Link ban ahead of a planned meeting between Trump and China President Xi Jinping. In a statement provided to Ars today, TP-Link said the FCC action “appears to affect virtually all new consumer-grade routers being sold in the United States,” because “nearly every manufacturer in this sector produces hardware abroad or relies on a global supply chain.” TP-Link said it welcomes the industry-wide scrutiny and that it is confident in the security of its supply chain.
Carr rescinded Biden-era security mandate
To justify the changes, the FCC said that “malicious actors have exploited security gaps in foreign-made routers to attack American households, disrupt networks, enable espionage, and facilitate intellectual property theft. Foreign-made routers were also involved in the Volt, Flax, and Salt Typhoon cyberattacks targeting vital US infrastructure.”
Chinese hacking group Salt Typhoon infiltrated the networks of major US telecom companies, but yesterday’s FCC action only affects consumer-grade routers mainly used in homes. In November 2025, the Carr FCC rescinded a Biden-era ruling that required telecom providers to secure their networks, alleging that the previous administration’s action was illegal and did not effectively address the threat.
Carr, who has made it clear he takes direction from Trump despite arguing during the Biden era that the FCC should operate independently from the White House, attributed the FCC’s latest move to Trump’s leadership. “I welcome this Executive Branch national security determination, and I am pleased that the FCC has now added foreign-produced routers, which were found to pose an unacceptable national security risk, to the FCC’s Covered List,” Carr said. “Following President Trump’s leadership, the FCC will continue [to] do our part in making sure that US cyberspace, critical infrastructure, and supply chains are safe and secure.”
The FCC said it was acting on Trump’s 2025 National Security Strategy’s directive that “the United States must never be dependent on any outside power for core components—from raw materials to parts to finished products—necessary to the nation’s defense or economy.”
Router makers can seek conditional approvals under the same process used for the FCC ban on foreign-made drones. For drones, conditional approvals have been granted to US-based companies SiFly Aviation and Verge Aero, the Norwegian company ScoutDI, and Israeli company Mobilicom. Chinese drone-maker DJI sued the FCC over the ban.
TP-Link and Netgear say they aren’t worried
The FCC said the national security determination on routers was made after “the White House convened an executive branch interagency body with appropriate national security expertise, comprising agencies that included appropriate national security agencies.” The members “determined jointly and severally that routers produced in a foreign country, regardless of the nationality of the producer, pose an unacceptable risk to the national security of the United States and to the safety and security of US persons,” the FCC said.
“Routers in the United States must have trusted supply chains so we are not providing foreign actors with a built-in backdoor to American homes, businesses, critical infrastructure, and emergency services,” the FCC also said.
TP-Link’s statement to Ars said that “placing all manufacturers and their supply chains under the same scrutiny is a positive step in the direction of making the router industry more secure.” Now that it is a US-based company, TP-Link said it is “committed to making further investments in America and has already been planning to establish US-based manufacturing to complement our existing company-owned facilities in Vietnam.”
Netgear provided a statement to Ars today. “We commend the administration and the FCC for their action toward a safer digital future for Americans,” Netgear said. “Home routers and mesh systems are critical to national security and consumer protection, and today’s decision is a step forward. As a US-founded and headquartered company with a legacy of American innovation, Netgear has long invested in security‑first design, transparent practices, and adherence to government regulations, and we will continue to do so.”
We contacted numerous other router makers about the FCC action and will update this article if we receive new comments.
