The Federal Communications Commission spent months warning Americans about the national security risks posed by foreign-manufactured networking equipment. It moved to block new authorizations for devices produced by companies with ties to adversarial governments. The message was unambiguous: Chinese-made routers and similar gear represent a threat to U.S. infrastructure and consumer privacy.
Then it carved out an exception for Netgear.
On June 17, the FCC granted Netgear — one of the most widely recognized consumer networking brands in the United States — a temporary exemption from its ban on equipment authorizations for devices manufactured by entities on the agency’s “Covered List.” The exemption allows Netgear to continue obtaining FCC equipment authorizations for products assembled by a company that would otherwise fall squarely under the prohibition. The decision, first reported by Gizmodo, has drawn sharp criticism from lawmakers and security researchers who say it undermines the very policy the FCC championed.
The backstory matters. In late 2024 and into 2025, the FCC finalized rules denying equipment authorization to devices produced by companies deemed national security threats under the Secure and Trusted Communications Networks Act of 2019. That law created the Covered List — a roster of companies whose equipment and services the U.S. government considers dangerous. Huawei, ZTE, Hytera Communications, Hikvision, and Dahua Technology are all on it. So is China Telecom. The FCC’s prohibition was designed to prevent these companies’ products from receiving the certifications needed to be legally sold and marketed in the United States.
Netgear doesn’t manufacture its own hardware. Like many American networking brands, it contracts production to third-party manufacturers, several of which are based in China or have deep ties to Chinese supply chains. The specific manufacturer involved in the Netgear exemption hasn’t been publicly identified by the FCC, and Netgear has declined to name the company in public statements. But the fact that an exemption was needed at all tells the story: at least some Netgear products are being built by, or with significant involvement from, an entity the U.S. government has flagged as a security concern.
FCC Chairman Brendan Carr framed the exemption as a pragmatic, time-limited measure. In a statement accompanying the decision, Carr said the agency wanted to give Netgear time to transition its supply chain away from covered entities while ensuring American consumers wouldn’t face sudden shortages of networking equipment. The exemption is set to expire, though the FCC has not committed to a hard public deadline, and the terms allow for possible renewal.
Critics aren’t buying it.
Representative Raja Krishnamoorthi, an Illinois Democrat who has been among the most vocal congressional voices on Chinese technology threats, called the exemption “inexplicable” in a post on X. “We cannot credibly tell the American people that certain foreign-made equipment is dangerous and then turn around and let it onto the market because it carries a familiar brand name,” he wrote. Senator Tom Cotton, an Arkansas Republican, echoed similar concerns, suggesting the exemption creates a two-tier system where well-connected American companies get special treatment while the underlying security risks remain unaddressed.
The security concerns aren’t theoretical. In December 2024, U.S. officials confirmed that a Chinese state-sponsored hacking group known as Salt Typhoon had compromised the networks of multiple American telecommunications providers, including AT&T and Verizon, by exploiting vulnerabilities in networking equipment. The intrusions, which allowed the hackers to intercept communications and metadata from potentially millions of Americans, were described by officials as one of the most significant espionage operations ever conducted against U.S. telecom infrastructure. The FBI and CISA issued joint advisories urging companies and individuals to scrutinize the provenance of their networking hardware.
And that’s exactly the environment in which the FCC decided to grant Netgear a carve-out.
To be fair, the situations aren’t perfectly analogous. Salt Typhoon targeted carrier-grade infrastructure, not consumer Wi-Fi routers. But security researchers have long warned that consumer networking equipment represents an underappreciated attack surface. Home routers are notoriously under-patched. They sit at the boundary between the open internet and everything inside a household — laptops, phones, smart home devices, security cameras. A compromised router can intercept traffic, redirect DNS queries, and serve as a persistent foothold for further intrusion. For the millions of Americans who now work from home at least part of the time, a compromised consumer router is effectively a compromised enterprise endpoint.
Netgear, for its part, has pushed back against the implication that its products are unsafe. In a statement provided to multiple outlets, the company said it “takes security extremely seriously” and that all of its products undergo rigorous internal testing regardless of where they are manufactured. The company also said it is actively working to diversify its manufacturing partnerships and reduce reliance on any single supplier. But it has not disclosed which Covered List entity is involved, how long the relationship has existed, or what specific components or assembly processes are at issue.
That lack of transparency is itself a problem, according to several analysts who track supply chain security. “The whole point of the Covered List is to create clarity,” said one former NSA official who spoke on background. “When you start granting exemptions without full public disclosure of the reasoning, you reintroduce exactly the kind of ambiguity the policy was supposed to eliminate.”
The FCC’s decision also raises questions about how many other companies might seek similar treatment. The consumer electronics industry is deeply entangled with Chinese manufacturing. TP-Link, another major router brand in the U.S. market, has faced its own scrutiny — the Commerce Department opened an investigation into the company in late 2024 over potential national security concerns, as The Wall Street Journal reported. TP-Link is headquartered in Shenzhen, China, and holds a commanding share of the U.S. home router market. If the FCC is willing to exempt Netgear, the argument goes, what happens when other companies line up with their own transition plans and their own requests for temporary relief?
There’s a broader industrial policy dimension here, too. The push to decouple American technology supply chains from China has been a bipartisan priority for several years now, spanning the Trump and Biden administrations and continuing under the current Congress. The CHIPS and Science Act directed billions toward domestic semiconductor manufacturing. Export controls have restricted China’s access to advanced chipmaking tools. And the FCC’s equipment authorization ban was supposed to be the consumer-facing edge of that same strategy — a way to ensure that the devices Americans bring into their homes aren’t built by companies the U.S. government considers adversaries.
Exemptions erode that message. Not fatally, perhaps. But meaningfully.
Industry groups have offered a more sympathetic reading of the FCC’s move. The Consumer Technology Association, which represents major electronics brands, has argued that abrupt supply chain shifts can lead to product shortages, price increases, and disruptions that ultimately harm consumers more than they protect them. There’s some validity to this. Rerouting manufacturing away from established Chinese partners isn’t a matter of flipping a switch. It requires identifying new contract manufacturers, qualifying production lines, validating quality control processes, and often redesigning products to accommodate different component sourcing. All of that takes time — and money.
But the counterargument is straightforward: companies have known this was coming. The Secure and Trusted Communications Networks Act became law in 2020. The FCC began the rulemaking process for equipment authorization restrictions well before the final rules took effect. Netgear and every other company in the space had years to prepare. An exemption granted now looks less like a reasonable accommodation and more like a reward for delayed action.
So where does this leave things? The FCC’s Covered List ban remains in effect for all other companies. Netgear’s exemption is, on paper, temporary. And the broader political momentum toward supply chain decoupling from China shows no signs of reversing. If anything, the Salt Typhoon revelations and ongoing tensions over Taiwan have accelerated it.
But the Netgear exemption has introduced a crack in what was supposed to be a firm wall. And in Washington, cracks have a way of widening. Other companies will take note. Lobbyists will cite the precedent. And the FCC will face pressure — from industry, from Congress, and from its own stated principles — to either close the loophole or explain why it should stay open.
For consumers, the practical takeaway is unsettling. The router sitting in your living room might carry an American brand name on the outside. What’s inside — and who built it — is a different question entirely. The FCC just made that question harder to answer.
WebProNews is an iEntry Publication