The router sitting in your home — the one connecting every phone, laptop, and smart device on your network to the internet — is almost certainly made overseas. As of March 23, no new model of that device can receive U.S. market authorization unless it clears a security review by the Department of War or the Department of Homeland Security first.
The Federal Communications Commission updated its Covered List to include all routers produced in a foreign country, following a National Security Determination received on March 20 from a White House-convened Executive Branch interagency body.
The determination concluded that foreign-produced routers introduce a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense, and pose a severe cybersecurity risk that could be leveraged to immediately and severely disrupt U.S. critical infrastructure and directly harm U.S. persons.
The FCC’s Covered List — established under the Secure and Trusted Communications Networks Act — carries real enforcement teeth. Equipment on the Covered List is prohibited from receiving FCC equipment authorization, and most electronic devices require FCC equipment authorization prior to importation, marketing, or sale in the U.S. Covered equipment is banned from receiving new equipment authorizations, preventing new devices from entering the U.S. market.
The national security determination cited three Chinese state-sponsored cyber campaigns by name. Routers produced abroad were directly implicated in the Volt, Flax, and Salt Typhoon cyberattacks, which targeted critical American communications, energy, transportation, and water infrastructure.
Salt Typhoon penetrated multiple U.S. telecommunications carriers and persisted inside their networks for months; Volt Typhoon pre-positioned itself inside U.S. critical infrastructure for potential future disruption; and Flax Typhoon operated a 260,000-device botnet largely built from compromised consumer routers.
Unlike prior Covered List entries that targeted specific entities such as Huawei and ZTE, this update applies categorically based on place of production, not manufacturer identity. That distinction matters enormously for the industry.
Virtually all routers are made outside the United States, including those produced by U.S.-based companies like TP-Link, which manufactures its products in Vietnam. It appears that the entire router industry will be impacted by the FCC’s announcement concerning new devices not previously authorized by the FCC. Netgear, Amazon Eero, Google Nest WiFi, Asus, Linksys, and D-Link all manufacture in Asia. The one apparent exception is the newer Starlink Wi-Fi router, which the company says is manufactured in Texas.
The action does not strand existing users. Consumers can continue using any router they have already purchased, and retailers can continue selling previously authorized models already in their supply chains. Firmware updates for covered devices remain permitted at least through March 1, 2027.
The disruption falls entirely on new product cycles — which in a fast-moving consumer networking market means the freeze begins almost immediately.
A rule that bans new foreign router models while leaving millions of existing foreign-made devices completely untouched does not make U.S. networks measurably more secure today. Security researchers have noted that the Volt Typhoon attacks cited by the FCC as justification, primarily targeted Cisco and Netgear hardware — U.S.-designed products — pointing to software patching failures rather than manufacturing origin as the operational vulnerability.
A Conditional Approval pathway exists for manufacturers willing to pursue it. The Conditional Approval pathway requires companies to commit to establishing or expanding U.S. manufacturing for the products they want to bring to market. That is a significant industrial policy commitment on top of any security review, and one that smaller router vendors may find prohibitive.
The December 2025 drone ban used an identical framework — and as of publication, it had cleared exactly four non-Chinese drone systems while leaving major Chinese manufacturers fully blocked.
