FCC Bans Import of Foreign-Made Consumer Routers Over Supply Chain Risks

The Federal Communications Commission has ordered a ban on importing new consumer-grade routers manufactured outside the United States, citing national security risks. The decision, announced March 24, 2026, adds all foreign-produced consumer routers to the FCC's Covered List, blocking their marketing and sale in the U.S.

FCC Chairman Brendan Carr pointed to documented exploitation of foreign-made routers by state-sponsored threat actors, including the Chinese-linked Volt Typhoon and Salt Typhoon campaigns that targeted U.S. critical infrastructure.

What's Banned

New models of consumer-grade routers manufactured in foreign countries can no longer receive FCC authorization for import or sale. The ban takes effect immediately.

Previously approved router models already in retail circulation may continue to be sold until existing inventory is depleted. Consumers can keep using any router they currently own—the ban applies only to new certifications and imports going forward.

Manufacturers can apply for Conditional Approval through the Department of War or Department of Homeland Security if they can demonstrate their products don't pose security risks. Starlink Wi-Fi routers, manufactured in Texas, are exempt.

Why Now

The decision follows years of warnings about router security and mounting evidence that compromised consumer networking equipment enables sophisticated attacks. The FCC cited two categories of risk:

Supply chain vulnerability: Foreign-manufactured routers could contain firmware backdoors, undocumented access mechanisms, or components that enable surveillance or disruption.

Cybersecurity threat: State and non-state actors have already exploited consumer routers for espionage, network disruption, credential theft, and botnet operations.

The Volt Typhoon campaign, attributed to Chinese state-sponsored actors, specifically targeted small office and home office routers as pivot points into critical infrastructure networks. Salt Typhoon's operations against telecom infrastructure similarly demonstrated how compromised networking equipment provides strategic access.

Industry Impact

The ban will significantly affect the consumer router market, where overseas manufacturing has long dominated due to cost advantages. Major brands that manufacture abroad will need to either relocate production or seek case-by-case exemptions.

Consumer prices will likely rise as the supply of certified devices shrinks. Organizations should anticipate longer lead times for bulk router purchases and may want to stockpile approved models before current inventory sells through.

For enterprises, the ban reinforces the broader trend toward supply chain security scrutiny. If consumer routers face import restrictions, enterprise networking equipment from foreign manufacturers may face similar pressure.

What Organizations Should Do

1. Audit your router inventory — Identify devices by manufacturer and country of origin
2. Plan replacement cycles — Factor in reduced availability of foreign-made options
3. Review procurement policies — Establish criteria for approved networking equipment vendors
4. Consider managed solutions — Enterprise-grade managed networking services may provide better security guarantees than consumer-grade hardware

The Bigger Picture

The FCC's decision represents the most significant supply chain security action targeting networking infrastructure since concerns about Huawei equipment emerged years ago. It signals a policy direction where national origin increasingly matters for technology that handles sensitive data or enables critical communications.

Whether this approach meaningfully improves security depends on implementation. Domestic manufacturing doesn't automatically mean secure manufacturing, and determined adversaries have demonstrated ability to compromise supply chains regardless of geographic boundaries. But reducing exposure to products from adversary nations' manufacturing ecosystems closes one avenue of potential compromise.

For consumers concerned about router security, the fundamentals remain the same: keep firmware updated, disable unnecessary remote management features, use strong credentials, and follow basic network security hygiene. Where your router was manufactured matters less than whether you're running vulnerable firmware.