The Federal Communications Commission (FCC) is moving to impose stringent restrictions on foreign-made routers, effectively barring their sale in the United States unless they meet strict national security standards. The proposal expands the FCC's 'covered list,' which identifies equipment deemed a risk to national security, and could disrupt the U.S. router market as it currently operates.
Security Risks Drive Policy Shift
The FCC's decision comes amid growing concerns over cyberattacks exploiting vulnerabilities in foreign-made devices. Recent incidents, including attacks linked to Chinese state-backed hacking groups, have highlighted the risks posed by routers reliant on overseas manufacturing. According to the FCC, malicious actors have used these devices to infiltrate home networks, conduct espionage, and mask attacks on U.S. infrastructure.
"Effectively, the FCC would ban all new routers, because there are no domestic routers that meet that standard today," said Matt Wyckhouse, CEO of cybersecurity firm Finite State.
Much of the focus is on China-linked manufacturing, as a significant portion of routers sold in the U.S. depend on Chinese engineering, components, or assembly—even those marketed under American brands like TP-Link. TP-Link has expressed support for tighter standards while announcing plans to expand U.S.-based manufacturing alongside its operations in Vietnam.
Challenges for Domestic Production
However, transitioning away from global supply chains presents significant hurdles. Key elements of router production, such as firmware development and chipset design, are often tied to overseas teams, raising concerns about hidden vulnerabilities. Critics warn that the FCC's proposal could disrupt supply chains and drive up costs for consumers. Cybersecurity experts also emphasize that outdated software, rather than manufacturing origin, remains a primary vulnerability.
The FCC's proposal reflects a broader effort in Washington to reduce reliance on foreign technology. While supporters argue it addresses critical security gaps, the plan's implementation could face resistance from industry stakeholders and consumers alike.