On March 23, the Federal Communications Commission (FCC) made a significant announcement that it will be banning all foreign-made Wi-Fi routers. This move marks a major shift in U.S. policy aimed at securing the nation's digital infrastructure, but it also brings considerable uncertainty for consumers and manufacturers alike. While the ban targets new router models produced outside the U.S., existing devices that have already received FCC authorization are exempt and can continue to be used without immediate concern.
The ban, as outlined by the FCC, applies specifically to any new Wi-Fi router models produced in foreign countries. Manufacturers must seek an exemption to sell routers that do not meet the domestic production criteria. To date, Netgear has become the first company granted such an exemption, receiving what the FCC terms "Conditional Approval," despite the fact that its routers are manufactured across several countries including Vietnam, Thailand, Indonesia, and Taiwan. Netgear's CEO CJ Prober expressed support for the FCC's vision, emphasizing the company's U.S. roots and commitment to digital security.
This ruling has far-reaching implications because the majority of Wi-Fi routers sold in the U.S. are at least partially made abroad. Brands such as TP-Link, Asus, and Netgear rely heavily on foreign manufacturing, with estimates suggesting that about 60% of U.S. routers are produced in China. The FCC's definition of a foreign-made router is broad, encompassing devices where any significant stage of the manufacturing process-including design, assembly, or development-occurs outside the United States.
FCC Chair Brendan Carr framed the ban as a continuation of efforts started under former President Trump to protect U.S. cyberspace, critical infrastructure, and supply chains from foreign threats. The FCC has pointed to real cybersecurity risks tied to foreign-made routers, citing their involvement in recent cyberattacks such as Volt, Flax, and Salt Typhoon. Notably, the Salt Typhoon attack exploited Cisco routers to breach networks of major U.S. internet providers like AT&T, Verizon, and Lumen (which owns CenturyLink and Quantum Fiber).
However, the ban has met with criticism for its blunt approach. William Budington, a technologist at the Electronic Frontier Foundation (EFF), called the FCC's measure "an extremely blunt instrument" that may inadvertently disrupt many harmless products while attempting to address genuine security concerns. Budington also pointed out that federal cybersecurity efforts have been underfunded, with budget cuts limiting the availability of robust testing labs for consumer-grade routers, which complicates efforts to establish more nuanced security standards.
For consumers, the immediate impact is limited. The FCC clarified that the ban does not apply to routers already authorized and purchased in the U.S. This means you do not need to replace your current router right away. However, the ban will affect the availability of new models not yet approved by the FCC, so prospective buyers are advised to hold off on purchasing new routers until the regulatory environment becomes clearer.
One critical aspect of the FCC's public notice is the timeline for continued software and firmware updates on currently authorized routers. The agency guarantees that routers already approved will receive updates to mitigate security risks at least until March 1, 2027. Firmware updates are crucial because they patch vulnerabilities and enhance router performance. After this date, routers that can no longer receive updates risk becoming insecure and vulnerable to malware or cyberattacks.
Cybersecurity experts warn of the real danger posed by routers that lose update support. Rik Ferguson, VP of security intelligence at Forescout, stated that if a device's update pipeline is cut off, users should seriously consider replacing it due to rising security risks. Daniel Dos Santos, also from Forescout, emphasized that the longer a router goes without updates, the more it becomes exposed to emerging vulnerabilities that cannot be fixed.
Router manufacturers are now likely scrambling to secure exemptions from the FCC to continue selling models and issuing critical firmware updates. The FCC's language leaves some flexibility, noting that the March 1, 2027 deadline is a minimum and could potentially be extended. Still, experts suggest that consumers monitor which routers receive conditional approval and plan to replace unsupported devices accordingly.
Despite the ban, some analysts doubt it will dramatically change the landscape of router manufacturing. Budington observed that manufacturing processes are costly and complex to relocate; many companies might simply wait for the ban to be lifted rather than overhaul supply chains. Moreover, the FCC's order only applies to new models, so existing routers and those already approved remain unaffected for the time being.
For consumers, this means there is no urgency to replace current equipment but caution is warranted when considering new purchases. Experts recommend waiting several weeks or months to understand how the FCC's order will play out in practice. Sergey Shykevich, a threat intelligence manager at Check Point Research, advised holding off on new router purchases until the implications become clearer. Alan Butler from the Electronic Privacy Information Center echoed this sentiment, warning that many routers could become obsolete or unsupported within a year unless the exemption waiver is extended.
CNET, which recently reviewed over 30 Wi-Fi routers, stands by its recommendations but urges readers to delay new purchases pending further information. The FCC has not publicly specified which manufacturers will be subject to the ban, but nearly every router sold in the U.S. involves some degree of foreign manufacturing or assembly. Starlink is a notable exception, as the company reportedly manufactures its newer routers domestically in Texas.
Supply chains for routers are complex and often opaque. Sonu Shankar, chief product officer at Phosphorus Cybersecurity, noted that even if final assembly occurs in the U.S., many components originate overseas, particularly from China. This complexity means router companies are actively seeking conditional approvals and lobbying the FCC to avoid disruption.
Responses from industry players have so far been measured and supportive of the FCC's goal of securing digital infrastructure. Netgear highlighted its U.S. headquarters and commitment to security-first design and regulatory compliance. Likewise, TP-Link, which has faced scrutiny due to its Chinese ties, welcomed the FCC's move, describing it as a positive step toward industry-wide security. TP-Link also indicated plans to establish U.S.-based manufacturing, although it currently produces all U.S.-sold products in Vietnam.
Other major manufacturers such as Asus, D-Link, Eero, Linksys, Nest, Razer, and Synology have yet to publicly comment on the ban.
The FCC's ban will also affect the substantial portion of Americans-nearly 70%-who rent routers from their internet service providers (ISPs). These ISPs typically rely on foreign-made equipment as well. Ookla, an analytics company, analyzed speed tests and found that the top router vendors used by the largest ISPs are not fully U.S.-manufactured.
For consumers renting routers, the responsibility to comply with the FCC's new rules falls on the ISPs. Broadband analyst Doug Dawson noted that ISPs have adopted a "wait and see" stance and are not currently rushing to replace customer equipment. Since replacing routers involves costs, ISPs have little incentive to promptly swap out devices unless required. Customers interested in upgrading their equipment are encouraged to contact their ISPs, as many providers offer newer models upon request.
It is important to recognize that router vulnerabilities are not inherently tied to the country of manufacture. Shankar cautioned that security risks exist regardless of origin, especially if users do not follow basic security practices such as changing default passwords. Thus, users should remain vigilant, no matter what router they use.
To maintain router security, experts recommend several best practices:
- Regularly update your router's firmware to patch security vulnerabilities.
- Change default administrative passwords immediately upon setup.
- Use strong, unique passwords for your Wi-Fi network.
- Disable remote management features if not needed.
- Use modern encryption standards like WPA3 where available.
- Monitor your network for unusual activity.
In summary, the FCC's ban on foreign-made Wi-Fi routers aims to enhance national cybersecurity by restricting new router models produced outside the U.S. While it represents a significant policy shift with broad industry impact, existing routers remain usable and supported for the time being. Consumers should avoid rushing to buy new routers until the regulatory situation stabilizes and should prioritize security best practices to protect their home networks. Router manufacturers and ISPs face uncertainty as they seek exemptions and navigate compliance, making this a developing story to watch closely in the coming months.