The Federal Communications Commission (FCC) has issued a sweeping mandate banning the authorization of new consumer internet routers manufactured outside the United States, citing an "unacceptable risk" to national security. This regulatory action, which marks a significant escalation in the federal government’s efforts to purge foreign-made hardware from critical infrastructure, targets the ubiquitous devices that serve as the primary gateway for internet traffic in American households. While the ban does not require consumers to discard existing hardware or remove products currently stocked on retail shelves, it establishes a rigorous new approval process for all future consumer-grade routing equipment entering the U.S. market.

The decision follows a series of high-profile cyberattacks and intelligence reports suggesting that foreign-made networking equipment has been leveraged by state-sponsored actors for espionage, intellectual property theft, and the disruption of vital services. By adding consumer routers to its "Covered List"—a registry of telecommunications equipment deemed a threat to national security—the FCC is effectively mandating that manufacturers either onshore their production or undergo an exhaustive vetting process by the Department of Defense (DOD) and the Department of Homeland Security (DHS).

The Evolution of the Covered List and the Road to the Ban

The FCC’s "Covered List" was established under the Secure and Trusted Communications Networks Act of 2019. Historically, the list focused on enterprise-level infrastructure and telecommunications giants like Huawei and ZTE. However, the recent expansion to include consumer-grade routers reflects a shift in the perceived threat landscape. Federal agencies now argue that the "edge" of the network—the point where a private home network connects to the broader internet—is as critical as the core infrastructure.

The chronology of this ban is rooted in several years of escalating tension and specific cyber incidents:

  • 2019-2021: The U.S. government begins aggressive "rip and replace" programs to remove Huawei and ZTE equipment from rural telecommunications networks.
  • 2023: Federal agencies identify the "Volt Typhoon" and "Flax Typhoon" botnets. These operations, attributed to Chinese state-sponsored actors, specifically targeted consumer and small-office routers to create a covert network for launching attacks on U.S. infrastructure, including power grids and water systems.
  • Late 2024: The "Salt Typhoon" cyberattack is revealed, in which hackers successfully breached several U.S. broadband providers. Investigators found that the attackers exploited vulnerabilities in Cisco and other routing hardware to intercept traffic and conduct long-term surveillance.
  • February 2025: Texas Attorney General Ken Paxton files a lawsuit against TP-Link, the world’s largest provider of consumer Wi-Fi routers, alleging that the company’s ties to the Chinese government posed a risk to American data privacy.
  • Present Day: The FCC formalizes the ban on new foreign-manufactured routers, moving to close the security gaps identified in these preceding years.

Cybersecurity Risks at the Network Edge

The technical rationale behind the ban centers on the inherent vulnerability of the Internet of Things (IoT). Consumer routers are often the least-defended points in a digital ecosystem. Unlike enterprise servers, which are monitored by professional IT staff, home routers often run for years without firmware updates, making them ideal targets for "living off the land" (LotL) attacks. In these scenarios, hackers do not use custom malware that might be detected; instead, they use the router’s own administrative tools to conduct espionage.

Bogdan Botezatu, Director of Threat Research at Bitdefender, emphasizes that the strategic risk of compromised routers is a matter of scale. "Consumer routers sit at the edge of every home network, which makes them an attractive target and a strategic risk if compromised at scale," Botezatu noted. He argues that while proving malicious intent during the manufacturing phase is difficult, the lack of long-term firmware support and vulnerability management in many foreign-made devices creates an "unacceptable" window of opportunity for malicious actors.

Impact on Major Market Players

The ban creates a significant hurdle for the dominant players in the consumer networking industry. Currently, the vast majority of routers sold in the U.S. are manufactured in East Asia, even those sold by American brands.

TP-Link

TP-Link currently holds an estimated 35% of the U.S. consumer router market. Although the company has recently moved to distance itself from its Chinese origins—headquartering in the U.S. and Singapore and shifting production to Vietnam—it remains under intense scrutiny. Under the new FCC rules, TP-Link will be required to apply for "Conditional Approval" for every new model it intends to sell. The company has maintained that it is a private entity with no ties to the Chinese Communist Party, and its CEO, Jeffrey Chao, has reportedly applied for permanent U.S. residency to further signal the company’s commitment to the American market.

Netgear

As a U.S.-headquartered company, Netgear is positioned differently but is not exempt. Its manufacturing is largely distributed across Vietnam, Thailand, Indonesia, and Taiwan. Because its hardware is produced outside U.S. borders, Netgear’s future product lines will also face the new vetting process. However, the company has expressed support for the FCC’s move. A spokesperson stated that home routers are "critical to national security," and the company’s stock saw a notable uptick following the announcement, as investors bet on Netgear’s ability to navigate the regulatory landscape more effectively than its foreign-owned competitors.

Asus and Other Manufacturers

Asus, based in Taiwan, produces the bulk of its hardware in Taiwan and mainland China. While Taiwan is a key U.S. partner, the "foreign-made" designation still applies. Other brands, including Amazon’s Eero, Google’s Nest, and Linksys, face similar challenges. While these companies are American, their reliance on overseas assembly lines means they must now document their entire supply chain, including the country of origin for individual components and the citizenship of their board members.

The Conditional Approval Process

To continue importing new routers, manufacturers must navigate a complex "Conditional Approval" system managed by the DOD and DHS. The application requirements are exhaustive and include:

  1. Ownership Transparency: Full disclosure of all entities with a 5% or greater stake in the company.
  2. Board Composition: A list of all board members and their nationalities.
  3. Intellectual Property Details: Identification of who owns the source code and firmware.
  4. Supply Chain Audits: A breakdown of where every "modular transmitter" and critical component is manufactured.
  5. Onshoring Plans: A formal section requesting the applicant’s strategy for moving manufacturing and assembly to the United States.

The FCC has clarified that a router assembled in the U.S. will not be banned simply because it contains foreign-made capacitors or resistors. However, if the "modular transmitter"—the heart of the Wi-Fi capability—is foreign-made and deemed a risk, the entire device may be rejected.

Market Implications and Consumer Costs

Industry analysts warn that while the ban may harden national security, it will likely lead to increased costs for the average consumer. Brandon Butler, Research Manager of Network Infrastructure and Services at IDC, suggests that the administrative burden of the approval process and the potential shift toward more expensive U.S.-based manufacturing will create "upward pressure on pricing."

"In the near term, much will depend on how quickly conditional waivers are processed," Butler said. "Any delays could constrain supply, particularly as the industry transitions to the newer Wi-Fi 7 standard."

For consumers, the immediate impact is minimal. Existing Wi-Fi 6 and Wi-Fi 7 systems already in homes will continue to function and receive updates. However, as the next generation of networking technology emerges, the selection of available devices may shrink, and the "budget" router market—long dominated by low-cost foreign imports—may vanish entirely.

Broader Geopolitical Context

This move by the FCC is part of a broader "de-risking" strategy employed by the U.S. government. It mirrors recent bans on DJI drones and the ongoing legislative battle regarding TikTok. The underlying philosophy is that in an era of "hybrid warfare," consumer technology is a legitimate theater of conflict. By controlling the hardware that facilitates domestic internet access, the U.S. aims to prevent the creation of "sleeper" botnets that could be activated during a geopolitical crisis to disable communication or spread misinformation.

The push for "onshoring" is also a key component of the administration’s economic policy. By making it difficult to sell foreign-made electronics, the government is incentivizing a return to domestic manufacturing, a goal also supported by the CHIPS and Science Act.

Unresolved Questions and Future Outlook

Despite the clarity of the mandate, several questions remain unanswered by federal regulators. The FCC has not specified why the ban is limited to consumer routers while excluding other IoT devices like smart cameras or thermostats, which often share the same vulnerabilities. Furthermore, the criteria for what constitutes a "safe" foreign manufacturer remain somewhat opaque, leading to concerns about inconsistent enforcement.

As the first applications for Conditional Approval begin to move through the DOD and DHS, the tech industry will be watching closely. The outcome of these reviews will determine whether the U.S. router market remains a competitive, globalized industry or shifts into a protected, domestic-centric sector. For now, the message from Washington is clear: the convenience of cheap, foreign-made hardware no longer outweighs the perceived risks to national security. Consumers are advised to maintain their current equipment with the latest firmware updates and to expect a very different retail landscape the next time they look to upgrade their home network.