The Federal Communications Commission on Monday added all foreign-made consumer routers to its Consolidated List – the federal government’s list of telecommunications equipment deemed a national security threat. The move effectively bans the sale of new WiFi routers made outside the country.
The ban is sweeping, as almost every consumer router on the market today is made overseas. However, the FCC also said that previously approved WiFi routers can still be used and sold.
The FCC communication says “the action does not affect the consumer’s continued use of routers they previously acquired.” Similarly, it “does not prevent dealers from continuing to sell, import, or market router models previously approved through the FCC’s equipment approval process.”
It’s the same playbook we saw with the drone ban in December 2025, when the FCC banned most consumer drones, as they remain easy to find.
The FCC bans all routers made outside the US
As before, a national security fix, according to the FCC, is that routers manufactured in other countries present a supply chain risk that could disrupt critical infrastructure. In addition, the FCC says that external routers have already been used in real cyber attacks. The Volt, Flax, and Salt Storm attacks — all targeting critical US infrastructure — involved routers made in other countries, according to the FCC.
This Tweet is currently unavailable. Either it is loading or it has already been downloaded.
A quick look at Amazon and Best Buy shows that popular routers are still widely available, but the situation is confusing. Let’s analyze what we know about the new rules.
So which routers are banned?
Any devices on the FCC’s covered list are prohibited from receiving new approvals, which are required before the device can be imported, marketed, or sold in the United States. And the FCC ruling adds “all consumer-grade routers manufactured in foreign countries” to that list.
Effectively, all types of home routers will be affected by the ban. (The only home-made consumer routers Mashable knows of are made by Starlink for satellite internet.)
Mashable Light Speed
The FCC update applies to any router manufactured outside the US — and the FCC’s definition of “manufactured” is intentionally broad. It includes not only where the device is physically assembled, but where it was designed, developed, or completed at any major stage of its manufacturing process. So, a line designed in the United States by an American company but assembled in Taiwan would still be banned, for example.
TP-Link, a Chinese manufacturer that has faced its own unique congressional scrutiny and government inquiries, is an obvious target. But the ban extends beyond Chinese companies. It also includes Asus, which is Taiwanese; Netgear, headquartered in San Jose and manufacturing overseas; Eero, owned by Amazon and manufactured in Vietnam; and Ubiquiti, another American company whose hardware is manufactured overseas. If a router exists in the physical world in 2026, there’s a very good chance it was made somewhere other than the United States, so it’s now covered.
TP-Link, on the other hand, was more specific. In a statement to PCMag, the company admitted the obvious – that router production is a globally distributed industry, with its products made in Vietnam – and set this decision as looking at the entire industry instead of a targeted action. The company said it is confident in the security of its supply chain and welcomes what it described as an industry-wide review.
Likewise, before DJI’s drones were banned in December, the company told Mashable that the ban was a bare-bones effort to bolster US manufacturing, not a legitimate national security issue.
“This is about forcing a major drone manufacturer out of the market so that American drone manufacturers can’t compete with them,” said Adam Welsh, DJI’s Head of Global Policy, in an interview with Mashable in December.
What routers can you buy?
More than you would expect— at the moment. An important difference in the FCC rules is between new device models and those that were previously approved. Any router that already has FCC equipment approval can be imported, sold, and used. Sellers can continue to ship existing items. Consumers can continue to buy those models. The ban applies to new models seeking approval going forward, not to current stock sitting on Best Buy’s shelves.
If you already own a router, nothing changes. The Covered List does not require consumers to change or stop using the hardware they have already purchased.
However, if you need to upgrade, now is the time to do it. The FCC granted a limited waiver on Monday, allowing all previously approved routers to continue receiving software and firmware updates — security patches, bug fixes, and compatibility updates — at least until March 1, 2027, at which point the agency says it will reevaluate.
The waiver exists because, without it, the Covered List rules would have immediately stripped those routers of review eligibility the moment they were added to the list, even for devices already in people’s homes. The irony here is that the FCC’s ban is based entirely on the security risks of routers made in other countries, which, by their own devices, will end up cutting security updates that keep those same routers out of debt.
Amazon’s Big Spring Sale is back: The best deals are already on Apple, robot vacuums, headphones, and more.
Is there a way to go back to the manufacturers?
He is there, but it is a small door. FCC rules include a “Conditional Approval” mechanism, administered by the Department of Defense and the Department of Homeland Security, where a router manufacturer can apply for an individual exemption if they can demonstrate that their product does not pose an unacceptable risk.
The application process is extensive: manufacturers must disclose their full business structure, ownership, any foreign government ties, a complete bill of materials, the country of origin of all software components, and – most importantly – a detailed plan, with a timeline for moving production to the United States. Conditional Approval does not last longer than 18 months and comes with quarterly reporting requirements. There is no guarantee of approval, and all decisions are final.
Articles
Cybersecurity Government
