What happened
On March 23, 2026, the FCC updated its Covered List to include all consumer-grade routers produced in foreign countries, following a determination by a White House-convened Executive Branch interagency body that such routers “pose unacceptable risks to the national security of the United States or the safety and security of United States persons.”
The threat triggers cited
The Executive Branch determination noted that foreign-produced routers introduce a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense, and pose a severe cybersecurity risk. Malicious actors have exploited security gaps in foreign-made routers to attack American households, disrupt networks, enable espionage, and facilitate intellectual property theft. Foreign-made routers were also involved in the Volt, Flax, and Salt Typhoon cyberattacks targeting vital U.S. infrastructure.
Scope of the ban
The ban is broad because of how “production” is defined — it covers any major stage of the process through which the device is made, including manufacturing, assembly, design, and development. Critically though, the FCC clarified that this change does not prevent the import, sale, or use of any existing models that the agency previously authorized.
The exemption path
The determination includes an exemption for routers that the Department of Defense or the Department of Homeland Security grant “Conditional Approval” after finding that such devices do not pose unacceptable risks. Producers are encouraged to submit applications to conditional-approvals@fcc.gov.
Market impact
China commands around 60% of the market for consumer routers. The action puts further pressure on TP-Link Systems Inc., one of the world’s largest router makers, which was founded in China but has since set up its headquarters in Irvine, California, and is already facing investigations by the Trump administration. Netgear shares rose as much as 16.7% in after-hours trading, suggesting investors believe the company will secure an exemption and benefit from reduced competition.
The Security vs. Reality Tension
This is where it gets analytically interesting. The stated rationale is sound — Typhoon-family APTs have repeatedly weaponised SOHO routers as pivot infrastructure. But critics land some valid punches:
Ryan McConechy of Barrier Networks pointed out that essentially no consumer-grade routers are manufactured domestically in the U.S., and that many major manufacturers, including American companies like Cisco, assemble products in Taiwan and Vietnam — meaning a blanket ban could cause huge market disruption.
Without a wholesale shift of entire supply chains to the U.S., backdoors and spyware can still be integrated into networking technology, and security vulnerabilities will exist in router products regardless of where they’re manufactured.
There is also an element of hypocrisy flagged by The Register — American intelligence agencies were previously caught intercepting Cisco-made routers in transit to customers and updating their firmware to deploy espionage tools.
