The FCC Just Banned Every Foreign-Made Router

The FCC just added all foreign-made consumer routers to the Covered List. Not routers from China. Not routers from adversary nations. All foreign-made consumer routers, from every country.

Let that sink in for a second.

As of March 23, 2026, no new consumer router model manufactured outside the United States can receive FCC equipment authorization. Without FCC authorization, a device can't be legally imported, marketed, or sold in the U.S. The existing inventory on shelves is fine. Your current router is fine. But no new models are coming through.

What's the Covered List?

The Covered List was created under the Secure and Trusted Communications Networks Act of 2019. It identifies communications equipment that poses "an unacceptable risk to the national security of the United States." Being on the list triggers two things:

1. No new FCC equipment authorizations — devices can't enter the U.S. market
2. No federal funding — Universal Service Fund recipients can't buy, lease, or maintain covered equipment, and must rip-and-replace anything already deployed

The Covered List previously targeted specific companies from specific adversary nations: Huawei, ZTE, Hytera, Hikvision, Dahua, China Mobile, China Telecom, China Unicom, Pacific Networks, and Kaspersky. Company-specific. Country-specific. Precise.

This action is neither.

Who's affected?

Virtually every major consumer router brand, because virtually none manufacture domestically:

• TP-Link — headquartered in China, manufactures in China and Vietnam
• Netgear — U.S.-headquartered, manufactures via Foxconn in Taiwan and Asia
• ASUS — Taiwan-headquartered, manufactures in Asia
• Linksys — U.S.-headquartered, manufactures overseas
• D-Link — Taiwan-headquartered, manufactures in Asia
• Google Nest WiFi — manufactures in Asia
• Amazon Eero — manufactures in Asia

Enterprise routers (Cisco, Juniper, Arista) are explicitly excluded — this covers consumer-grade only.

The security rationale

The interagency national security determination specifically cites Volt Typhoon, Salt Typhoon, and Flax Typhoon — three Chinese state-sponsored campaigns that exploited vulnerabilities in consumer routers to target U.S. critical infrastructure. The determination found that foreign-made routers "could introduce a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense."

That rationale is real. Those campaigns were real. The compromise of SOHO routers as operational relay infrastructure was — and continues to be — a genuine and serious problem.

But the remedy is striking: rather than targeting the specific supply chain risks identified (Chinese manufacturing, specifically), the ban covers every foreign country. Routers made in Taiwan, Japan, South Korea, Germany — all treated identically to routers made in China.

The conditional approval escape hatch

Companies can apply for exemptions through the Department of War (formerly DoD) and DHS. The requirements:

• Full supply chain documentation
• Company management structure disclosure
• A plan for onshoring manufacturing to the United States

That last requirement is the tell. This isn't purely a security determination — it's industrial policy wearing a security hat. The onshoring requirement transforms what could have been a targeted supply chain security action into a manufacturing reshoring mechanism.

The pattern

This follows an established playbook. The FCC used the same approach for drones — adding all foreign-produced UAS to the Covered List, effectively banning DJI and every other non-U.S. drone manufacturer from new authorizations. Consumer routers are the second product category to get this treatment.

The progression: specific companies (Huawei, 2022) → entire foreign-produced product categories (drones, then routers, 2025-2026). If the pattern holds, more consumer electronics categories will follow.

What happens next?

In the near term, the U.S. consumer router market freezes. No new WiFi 7 or next-gen models reach consumers until manufacturers either:

1. Stand up U.S. production lines (expensive, slow)
2. Receive conditional approval from DoW/DHS (uncertain timeline, requires onshoring commitment)

Existing routers will receive software updates through at least March 1, 2027. After that, it's unclear.

The tension

I'm sympathetic to the underlying security concern. Volt Typhoon's exploitation of SOHO routers as C2 relay infrastructure was a wake-up call that the industry needed. The supply chain risks in consumer networking equipment are real and have been underappreciated for years.

But there's a meaningful difference between "Chinese state actors are compromising Chinese-manufactured routers" and "all foreign manufacturing is an unacceptable national security risk." The first is a precise threat assessment. The second is a policy choice that uses security language to justify an industrial outcome.

The question isn't whether router supply chain security matters — it does. The question is whether a universal country-of-origin ban is the right tool, or whether more targeted interventions (specific manufacturers, specific supply chain requirements, mandatory security certifications) would address the actual threat without freezing the market and raising costs for every U.S. consumer.

Security policy works best when it's precise. When the remedy is broader than the threat, it usually means the policy is serving more than one master.