The Router Lockout: Inside the FCC’s Unprecedented Ban on Foreign-Made Consumer Networking Equipment

The FCC has banned imports of consumer routers manufactured outside a list of approved allied nations, citing national security risks. The rule, effective September 2026, upends a supply chain dominated by Chinese manufacturing and forces major brands to relocate production within months.
The Router Lockout: Inside the FCC’s Unprecedented Ban on Foreign-Made Consumer Networking Equipment
Written by Juan Vasquez

The Federal Communications Commission just slammed the door on one of the most ubiquitous consumer electronics categories in America. Starting September 1, 2026, no new consumer routers manufactured outside the United States, Canada, or a short list of allied nations will be permitted for import or sale in the U.S. market. The ruling, announced Monday, represents the most aggressive federal action ever taken against foreign-made networking hardware — and it’s already sending shockwaves through an industry that has relied on overseas manufacturing for decades.

The move didn’t come out of nowhere. But the speed and scope of the final rule caught many in the telecommunications industry off guard.

As TechCrunch reported, FCC Chairwoman Jessica Rosenworcel framed the decision in stark national security terms, pointing to mounting evidence that consumer routers manufactured in China and several other nations have been shipped with firmware vulnerabilities — some of which U.S. intelligence agencies believe were deliberately embedded. “Your home router is the front door to your digital life,” Rosenworcel said during Monday’s press conference. “We can no longer treat it like a commodity appliance with no security implications.”

The ban covers all consumer-grade routers and mesh networking systems. Enterprise and carrier-grade equipment falls under a separate review process that remains ongoing. Existing devices already in homes and on store shelves are not affected — the rule targets only new imports beginning in the fall. But for companies like TP-Link, Netgear, and even portions of Linksys’s product line that rely on manufacturing facilities in China, Vietnam, and other restricted countries, the compliance timeline is extraordinarily tight.

A Supply Chain Reckoning Years in the Making

The intellectual groundwork for this ban has been building since at least 2020, when the Trump administration placed Huawei and ZTE on the FCC’s “Covered List” of equipment deemed threats to national security. That action focused on telecom infrastructure — cell towers, backbone switching gear, the hardware that carriers use to build out 5G networks. Consumer devices were largely left alone.

Then came the Volt Typhoon revelations.

In early 2024, U.S. intelligence agencies and Microsoft disclosed that a Chinese state-sponsored hacking group had been embedding itself inside American critical infrastructure by compromising — among other things — small office and home office routers. The campaign, attributed to an operation known as Volt Typhoon, exploited end-of-life routers from multiple manufacturers, many of them made in China. The FBI ultimately conducted a court-authorized operation to remotely disinfect hundreds of compromised devices across the country. The episode rattled policymakers on both sides of the aisle.

By late 2024, a bipartisan group of lawmakers had begun pressing the FCC to take action specifically on consumer routers. Reps. Raja Krishnamoorthi and Mike Gallagher, both members of the House Select Committee on China, sent a letter urging the commission to investigate TP-Link in particular, citing the company’s dominant U.S. market share and its corporate ties to China. TP-Link, which has since restructured its corporate hierarchy to place its U.S. operations under a California-based entity, has consistently denied any security compromise in its products.

But the political momentum was unmistakable. The Commerce Department opened its own investigation into TP-Link under ICTS (Information and Communications Technology and Services) authorities. The FCC launched a parallel Notice of Proposed Rulemaking in October 2025. And Congress, through the RESTRICT Act and subsequent legislative vehicles, gave federal agencies broader tools to act against foreign technology deemed a national security risk.

Monday’s final rule is the culmination of all of these threads.

The FCC’s order establishes a “Permitted Manufacturing Origin” list that currently includes the United States, Canada, the United Kingdom, Australia, Japan, South Korea, Taiwan, and EU member states. Routers manufactured in facilities located in these countries — regardless of the brand’s corporate headquarters — will be eligible for FCC equipment authorization. Devices made elsewhere won’t receive the necessary certifications to be legally sold.

There’s a critical nuance here. The rule doesn’t ban specific companies by name. A Chinese brand could theoretically continue selling in the U.S. if it shifts manufacturing to an approved country. And an American brand that manufactures in, say, Thailand — which is not on the current list — would need to relocate production or seek a waiver.

That distinction matters enormously. It means the rule is origin-based, not entity-based, which gives it a different legal footing than the Huawei ban and may make it harder to challenge on trade discrimination grounds. The FCC appears to have designed it this way deliberately.

Industry Fallout: Who Wins, Who Loses, and Who Scrambles

The immediate winners are obvious. U.S.-manufactured networking equipment — a small but growing category — gets an enormous competitive boost overnight. Companies like Ubiquiti, which assembles some product lines domestically, and newer entrants like Firewalla, which has been marketing security-focused routers, stand to benefit. So do contract manufacturers with capacity in approved nations.

The losers are equally clear. TP-Link controls roughly 65% of the U.S. consumer router market by unit volume, according to estimates from research firm IDC. The vast majority of its products are assembled in China and Vietnam. Even with its corporate restructuring, the company faces a monumental manufacturing challenge. Moving router production to an approved country in six months isn’t impossible — but it’s close. PCB assembly, firmware integration, quality testing, and supply chain qualification all take time. TP-Link issued a statement Monday calling the rule “unnecessarily broad” and pledging to work with the FCC on compliance pathways.

Netgear, which manufactures primarily through contract facilities in China and Vietnam, faces similar headwinds. The company’s stock dropped 11% in after-hours trading Monday. Netgear CEO Patrick Lo told analysts on an emergency call that the company had “anticipated regulatory movement in this direction” and had begun diversifying manufacturing to Taiwan and South Korea in 2025, but acknowledged that full transition by September would be “extremely challenging.”

Amazon’s Eero line, manufactured partly in China, is also affected. Amazon declined to comment on specific manufacturing plans but said it “supports efforts to strengthen the security of consumer networking products” and is “evaluating the rule’s requirements.”

And then there’s the price question. Routers are cheap in America partly because they’re made in countries with low labor costs and mature electronics manufacturing infrastructure. A basic Wi-Fi 6 router from TP-Link retails for under $50. Industry analysts expect that shifting production to approved countries will increase manufacturing costs by 15% to 40%, depending on the product tier and destination country. Those costs will inevitably flow downstream to consumers.

The Consumer Technology Association, the trade group behind CES, released a statement expressing concern about “unintended consequences for American consumers, including higher prices and reduced product availability during the transition period.” The group stopped short of opposing the rule outright but urged the FCC to extend the compliance deadline to at least March 2027.

Some security researchers, meanwhile, argue the rule doesn’t go far enough. The ban addresses manufacturing origin but doesn’t mandate specific firmware security standards, ongoing vulnerability disclosure requirements, or minimum software support lifetimes. “You can make a router in Ohio and still ship it with a default password of ‘admin’ and never patch it,” said Katie Moussouris, founder of Luta Security, in a post on X. “Manufacturing location is one variable. It’s not the only one.”

She’s right. And the FCC seems to know it. Buried in the 247-page order is a notice of further rulemaking that signals the commission’s intent to propose minimum cybersecurity standards for all consumer routers — regardless of origin — by the end of 2026. That second phase, if it materializes, would be even more consequential than the import ban itself.

The geopolitical dimensions are impossible to ignore. China’s Ministry of Commerce responded to the FCC’s announcement within hours, calling it “a protectionist measure disguised as a security policy” and warning of potential retaliatory action against American technology exports. The statement echoed Beijing’s response to previous U.S. restrictions on semiconductor equipment and AI chips.

But the security rationale isn’t fabricated. Beyond Volt Typhoon, researchers at Citizen Lab, Trend Micro, and the NSA’s Cybersecurity Directorate have documented multiple instances of consumer routers being exploited as entry points for espionage and pre-positioning operations. A report cited by TechCrunch noted that the FCC’s internal review found firmware anomalies in devices from at least three manufacturers that could not be explained by normal software development practices. The commission did not name the manufacturers publicly.

The real test comes in implementation. The FCC will need to build out verification and auditing mechanisms to confirm that devices claiming a particular manufacturing origin actually were produced there. In an industry where components cross borders multiple times before final assembly, establishing clear chain-of-custody rules is no small task. The order delegates some of this responsibility to existing FCC equipment authorization labs, but critics say those labs lack the resources and expertise to conduct meaningful supply chain audits.

There’s also the question of enforcement at the border. U.S. Customs and Border Protection will be responsible for intercepting non-compliant devices. CBP already struggles with counterfeit electronics; adding a new category of restricted goods will strain an already stretched operation.

For now, the industry is in triage mode. Major retailers are assessing inventory exposure. Contract manufacturers in Taiwan and South Korea are fielding calls from desperate brand managers. And Washington lobbyists are already exploring whether the September deadline can be pushed back through legislative or administrative channels.

One thing is certain: the era of treating consumer routers as low-stakes commodity hardware is over. Whether this particular rule is the right mechanism — or whether it creates more problems than it solves — will be debated fiercely in the months ahead. But the underlying premise, that the devices connecting 130 million American households to the internet deserve the same security scrutiny as the networks they connect to, has become bipartisan orthodoxy.

The routers sitting on shelves today still work. The ones arriving next fall will look very different — in where they’re made, what they cost, and what’s expected of the companies that build them.

Subscribe for Updates

CybersecurityUpdate Newsletter

The CybersecurityUpdate Email Newsletter is your essential source for the latest in cybersecurity news, threat intelligence, and risk management strategies. Perfect for IT security professionals and business leaders focused on protecting their organizations.

By signing up for our newsletter you agree to receive content related to ientry.com / webpronews.com and our affiliate partners. For additional information refer to our terms of service.

Notice an error?

Help us improve our content by reporting any issues you find.

Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us