FCC bans import of new consumer routers not made in the US over security threat — agency says foreign-made devices pose ‘unacceptable risk’ to US persons

The Federal Communications Commission (FCC), which certifies every radio-emitting device (including routers) in the U.S., has announced “the addition of routers produced in a foreign country to the Covered List,” which is composed of equipment and services that “pose an unacceptable risk to the national security of the United States or the security and safety of United States persons.” While this is not technically a blanket ban on the sale of imported routers in the U.S., the FCC Public Notice (PDF) effectively has the same impact: The agency says it will not certify a foreign-made consumer router, making it illegal to sell or even import future new models into the country.

The agency said it’s doing this in response to a National Security Determination earlier this month, which says: “Recently, malicious state and non-state sponsored cyber attackers have increasingly leveraged the vulnerabilities in small and home office routers produced abroad to carry out direct attacks against American civilians in their homes. From disrupting network connectivity to enabling local networking espionage and intellectual property theft, foreign-produced routers present unacceptable risks to Americans.”

It also blamed foreign-made routers for the Volt, Flax, and Salt Typhoon cyberattacks that hit critical American infrastructure, adding that “routers in the United States must have trusted supply chains so we are not providing foreign actors with a built-in backdoor to American homes, businesses, critical infrastructure, and emergency services.”

Latest Videos From

While this might match the context of increasing instability in global geopolitics, it does not specifically address the weakness found in many consumer Wi-Fi routers. Although TP-Link was widely used in recent cyberattacks, cybersecurity experts told CNET that this was because of its ubiquity in the market, and that the exploited vulnerabilities were also present on routers made by American companies. In fact, the U.S. government itself said that the Salt Typhoon attacks often targeted Cisco hardware. Still, this did not deter the Department of Commerce from investigating TP-Link over its close ties to China.

This isn’t the first time that the FCC issued a directive that had a blanket effect on a specific type of device. In late December 2025, the agency made a similar move on foreign-made drones, effectively banning DJI and other imported brands from registering new models in the U.S. Many of the best Wi-Fi routers on sale in 2026 are from foreign companies like TP-Link. The FCC's new measure could, in theory, preclude future new products from these companies from coming to the States.

Nevertheless, this does not mean that foreign router manufacturers will forever be excluded from the U.S. market. The FCC says (PDF) that affected brands can apply for a “Conditional Approval” from the Department of War or the Department of Homeland Security to exempt them from the Covered List before they can build “trusted manufacturing capacity in the United States.” The move also does not affect any routers already on sale in the United States, or indeed any routers previously purchased, which will continue to work as normal.

Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.