US bans new foreign-made consumer internet routers

This move places household routers, ubiquitous devices essential for connecting computers, smartphones, smart TVs, and myriad other internet-enabled gadgets in homes and businesses, on par with foreign-made drones, which were similarly restricted at the end of last year. The FCC’s decision stems from mounting national security concerns, explicitly citing the vulnerabilities inherent in foreign-manufactured networking equipment.

"Malicious actors have exploited security gaps in foreign-made routers to attack American households, disrupt networks, enable espionage, and facilitate intellectual property theft," the FCC stated in its official announcement. This declaration underscores a growing apprehension within U.S. government agencies regarding the potential for nation-state adversaries to compromise critical network gateways at the residential and small business level, which can serve as entry points for broader, more sophisticated attacks.

While current owners of foreign-made routers will not be forced to replace their existing hardware, the ban applies rigorously to all "new device models." This means any new router product line or significant update manufactured outside the U.S. will be subject to stringent review before it can be imported, marketed, or sold within the country. The policy aims to stem the flow of potentially compromised equipment into the American market, rather than to retroactively disable or confiscate devices already in use.

The ban is the culmination of increasing alarm over the past year regarding routers as prime targets for cyber exploitation. For instance, TP-Link, a Chinese-made router brand and a top seller on Amazon, became a focal point of U.S. political anxiety following a series of reported cyberattacks. While the specifics of these incidents were not always publicly detailed, the underlying concern was that vulnerabilities, whether intentional backdoors or unaddressed security flaws, could be leveraged by foreign governments for malicious purposes.

Under the new regulations, any company manufacturing routers outside the U.S. must now apply for conditional approval from the FCC. This complex process will necessitate the disclosure of the firm’s foreign investors or any significant foreign influence, as well as a concrete plan to shift the manufacturing of these routers to the United States. This requirement highlights a broader U.S. strategy to de-risk its supply chains and promote domestic production of critical technology components, moving beyond simple import restrictions to incentivize onshoring.

The FCC’s framework does allow for certain exceptions. Routers may be exempted from the list if they are deemed acceptable by the Department of Defense (DoD) or the Department of Homeland Security (DHS). However, as of the announcement, neither agency has yet added any specific routers to its list of equipment exceptions, indicating a high bar for such waivers and a broad initial scope for the ban.

This latest FCC action closely follows a decision made just prior by various government agencies involved in national security, which collectively determined that internet routers manufactured overseas "posed unacceptable risks" to the U.S. These risks encompass a wide array of potential harms, including far-reaching impacts to the American supply chain, where a single compromised component could ripple through multiple sectors, and the devastating possibility of a large-scale cybersecurity attack capable of disrupting critical national infrastructure or causing direct harm to citizens.

The FCC explicitly referenced three significant cyberattacks – known as Volt, Flax, and Salt Typhoon – which occurred between 2024 and 2025, as key motivators for this decision. These attacks, reportedly aimed at U.S. infrastructure, were found by U.S. government investigations to have involved malicious access to routers and were attributed to actors operating within, or on behalf of, the Chinese government. Such incidents underscore the real-world implications of compromised networking hardware, which can facilitate state-sponsored espionage, sabotage, and pre-positioning for future cyber warfare.

The economic implications of this ban are substantial. The vast majority of consumer internet routers currently sold in the U.S. are assembled or manufactured outside of the country, predominantly in Taiwan or mainland China. This includes products from well-known American brands like Netgear, which, despite being a U.S. company, manufactures all of its products abroad. These companies will now face significant logistical and financial challenges in redesigning their supply chains, potentially leading to increased costs for consumers and a temporary reduction in product availability or choice.

The requirement to disclose foreign investment and influence, coupled with the mandate to present a plan for U.S.-based manufacturing, represents a formidable hurdle for many international companies. It could effectively block numerous foreign manufacturers from the U.S. market unless they undertake costly and complex restructuring. This could foster a more localized manufacturing ecosystem but at the potential expense of global supply chain efficiencies and competitive pricing.

One notable exception to the general absence of U.S.-made routers is the newer Starlink WiFi router. Developed by SpaceX, Elon Musk’s aerospace company, Starlink routers are proudly manufactured in Texas. This example highlights the potential for existing or emerging domestic production capabilities to fill the void created by the ban, though it remains to be seen how quickly and comprehensively U.S.-based manufacturing can scale to meet the country’s immense demand for consumer networking equipment.

The ban reflects a hardening stance by the U.S. government on technological independence and supply chain security, particularly concerning products from geopolitical rivals. It builds upon a series of actions aimed at limiting the influence of foreign technology in sensitive areas, ranging from telecommunications infrastructure (e.g., Huawei) to social media platforms (e.g., TikTok). The underlying philosophy is that devices serving as gateways to personal data and national networks must be verifiable and trustworthy, free from the potential for foreign government control or manipulation.

For consumers, the immediate impact may be limited, but the long-term effects could include higher prices for routers, a narrower selection of brands, and potentially slower adoption of cutting-edge networking technologies if the domestic manufacturing base struggles to innovate at the pace of global competitors. However, proponents of the ban argue that these trade-offs are necessary to secure national networks and protect sensitive user data from pervasive and sophisticated cyber threats. The move signifies a significant recalibration of the balance between globalized commerce and national security in the digital age.