The United States has banned new consumer internet routers manufactured outside the country after the Federal Communications Commission added foreign-made consumer routers to its Covered List of communications equipment considered to pose “an unacceptable risk to the national security of the United States.” Routers connect computers, phones, TVs, and other devices to the internet in homes and businesses, and influence connection speeds and wireless coverage.
The decision places routers alongside foreign-made drones that were banned in the United States at the end of last year. Under the new policy, consumer-grade Wi-Fi routers produced outside the country can no longer receive FCC equipment authorization, a requirement for most electronic devices before they can be imported, marketed, or sold in the United States.
The restriction applies only to new router models manufactured abroad. Routers that Americans already own remain legal to use. Devices that were previously approved by the FCC can still be sold in stores and continue receiving firmware updates.
Government officials said the decision is based on cybersecurity risks involving internet infrastructure and household networks. The FCC said foreign-made routers had been exploited by malicious actors. “Malicious actors have exploited security gaps in foreign-made routers to attack American households,” the commission said when explaining the policy.
Today, the FCC took additional action to safeguard Americans and the communications networks we rely on.
The FCC added consumer routers produced in foreign countries to the agency’s Covered List.
This action follows a national security determination provided by Executive Branch… pic.twitter.com/s3OoEo5NOV
— Brendan Carr (@BrendanCarrFCC) March 23, 2026
Investigations into recent cyber incidents also influenced the decision. Routers were connected to three cyberattacks targeting US infrastructure known as Volt, Flax, and Salt Typhoon. The Salt Typhoon incident involved routers used to access networks belonging to American telecommunications providers, including AT&T, Verizon, and Lumen. Lumen operates CenturyLink and Quantum Fiber.
Government investigations into those incidents blamed actors within or working on behalf of the Chinese government. Officials warned that vulnerabilities in routers could provide entry points into critical networks and communications systems.
The rule does not revoke authorization from routers that have already received FCC approval. These devices may continue to be imported and sold in the United States, and consumers can continue using them without replacement.
Manufacturers producing routers outside the country can still seek permission to sell new models through a Conditional Approval process. The Department of Defense and the Department of Homeland Security evaluate these applications.
Companies seeking approval must disclose detailed information about their ownership structure, board membership, investors, component origins, intellectual property ownership, design, assembly locations, and firmware development. Applicants must also provide a plan describing how manufacturing could move to the United States.
At the time of the announcement, no companies had received approval. “No routers or manufacturers have been granted a Conditional Approval so far,” an FCC spokesperson said.
The FCC defines foreign-made routers broadly. A device qualifies if any major stage of production occurs outside the United States, including manufacturing, assembly, design, or development.
Because router production relies heavily on international supply chains, the policy affects nearly every consumer router brand operating in the United States. The majority of routers sold in the country are produced overseas, frequently in China or Taiwan. Estimates indicate roughly 60 percent of routers used in the US are manufactured in China.
The rule also applies to routers designed in the United States but built abroad. Popular brands affected include Netgear, TP-Link, Asus, Amazon’s Eero, Google’s Nest, Synology, Linksys, and Ubiquiti. Routers supplied by internet service providers in the US are also included in this category.
The FCC addressed the role of foreign components in routers assembled domestically. According to its guidance, devices assembled in the United States are not automatically classified as covered equipment simply because they contain foreign-made components unless those components meet specific regulatory definitions.
Manufacturers assembling routers in the US using imported parts may still qualify if they can demonstrate that the router was not produced in a foreign country.
The order places particular attention on TP-Link, which holds a large share of the US router market. Estimates place the company’s share of the consumer router market at roughly 35 percent, while Netgear and Asus together account for about 25 percent.
The US Commerce, Defense, and Justice departments had been investigating TP-Link routers for more than a year due to concerns about links to China. In February, Texas Attorney General Ken Paxton filed a lawsuit accusing the company of allowing the Chinese Communist Party to access American consumer devices.
TP-Link denies the allegations and says its operations have changed in recent years. The company states that routers sold in the United States have been manufactured in Vietnam since 2018. A company spokesperson said most routers worldwide are produced outside the United States and that the policy affects the entire industry.
TP-Link is privately owned and not listed on a stock exchange. Cofounder Jeffrey Chao and his wife, Hillary Chao, are listed as the company’s sole owners. According to the Times of India, Chao recently applied for permanent US residency through President Trump’s Gold Card program.
Netgear is also affected. Although the company was founded in the United States and is headquartered there, its routers are produced overseas in Vietnam, Thailand, Indonesia, and Taiwan.
A Netgear representative said the company supports the government’s action. “We commend the administration and the FCC for their action toward a safer digital future for Americans.”
Netgear is publicly traded on the Nasdaq. Institutional investors, including BlackRock and Vanguard, hold large positions in the company. Its stock price rose following the announcement of the router ban.
Asus will also need approval to sell new routers in the United States. The company manufactures most of its routers in Taiwan, but also operates production facilities in China and works with third-party manufacturers. Additional production sites include Thailand, Vietnam, Indonesia, Mexico, and the Czech Republic. Asus did not respond to requests for comment.
Other manufacturers contacted for comment included D-Link, Eero, Linksys, Nest, Razer, and Synology. No responses had been received when reports were published.
Very few routers sold in the United States are manufactured domestically. One example is the Starlink Wi-Fi router produced by SpaceX. Starlink says many of its routers are manufactured in Texas, although components for those devices come from East Asia.
Cybersecurity specialists say routers present attractive targets for attackers because they sit at the entry point of home networks and connect multiple devices to the internet. Bogdan Botezatu, director of Threat Research at Bitdefender, explained the role these devices play in network security.
“Consumer routers sit at the edge of every home network,” he said.
Experts say consumers who already own routers can continue using them. The FCC stated that routers currently authorized for use in the United States can continue receiving software and firmware updates that mitigate harm to consumers until at least March 1, 2027.
Firmware updates address security vulnerabilities and maintain router performance. Without updates, routers can become vulnerable to malware or other cyber threats.
Security specialists recommend keeping router firmware updated, changing default login credentials, and using strong passwords. Default usernames and passwords are commonly exploited during cyberattacks.
Devices with unchanged credentials remain vulnerable to automated password-guessing attacks. Experts also advise updating Wi-Fi passwords regularly and using long, random combinations of characters.
Some cybersecurity professionals recommend using a virtual private network to encrypt internet traffic and prevent internet service providers or other entities from monitoring browsing activity.
Router manufacturers are expected to apply for Conditional Approval so new products can enter the US market. The approval process will determine which companies can continue introducing new router models and supporting existing devices with firmware updates.
