The head says it. On March 23, 2026, in an unexpected move, the  Federal Communications Commission (FCC) announced it would ban all new consumer-grade routers manufactured abroad for national security reasons. This applies to hardware made in all other countries, regardless of the manufacturers’ nationality.

In a way, this new development is a surprising end to the years-long saga in which the US government mulled banning TP-Link routers for the same reasons.

Dong’s note: On March 30, the FCC published a comprehensive FAQ on its router ban. On March 31, I updated this post, which was originally published on March 25, to add more information, including the FCC’s take on firmware updates for existing foreign-made routers.

Best Five Wi-Fi 7 Mesh Systems: Wi-Fi 7 hardware comes in all shapes and sizes. None is affected by the FCC router ban.
All existing consumer-grade Wi-Fi 7 routers are made abroad, and none are affected by the latest FCC router ban.

Related stories on home network security and privacy

FCC router bans: The specifics

Routers are essential and ubiquitous equipment—each home or office network needs one. The FCC defines routers as “consumer-grade network devices” that “forward data packets, most commonly Internet Protocol (IP) packets, between networked systems.”

Generally, whoever controls the router owns the traffic passing through it and can dictate what happens behind the scenes, far beyond what you see on your screens.

On this front, the FCC shared a National Security Determination regarding the unacceptable risks posed by routers produced in foreign countries that, among other things, read:

“Recently, malicious state and non-state sponsored cyber attackers have increasingly leveraged the vulnerabilities in small and home office routers produced abroad to carry out direct attacks against American civilians in their homes. From disrupting network connectivity to enabling local networking espionage and intellectual property theft, foreign-produced routers present unacceptable risks to Americans. Additionally, routers produced abroad were directly implicated in the Volt, Flax, and Salt Typhoon cyberattacks, which targeted critical American communications, energy, transportation, and water infrastructure. Routers in the United States must have trusted supply chains so we are not providing foreign actors with a built-in backdoor to American homes, businesses, critical infrastructure, and emergency services.”

And that’s the premise behind this FCC router ban, which took effect on March 23, 2026. Specifically, starting that day, any routers produced in a foreign country will automatically be added to the existing ban list (called Covered List), which includes all previously banned networking hardware.

According to the announcement, “new devices on the Covered List, such as foreign-made consumer-grade routers, are prohibited from receiving FCC authorization and are therefore prohibited from being imported for use or sale in the US”.

This new development is surprising because it’s much broader than the FCC’s previous plan to ban only TP-Link routers. Most importantly, virtually all routers I’ve worked with are made outside the US—primarily in China, Indonesia, Taiwan, Thailand, or Vietnam.

So the question is, does this ban mean US consumers can no longer buy new routers? Not necessarily.

FCC Router Ban for foreign manufactured routers
FCC router ban: This particular ASUS router is made in Vietnam.

Exceptions and Conditional Approval

The ban applies only to new routers that have not yet been authorized or even manufactured.

The FCC states clearly in its ban announcement:

  1. The (updated) Covered List does not prohibit the import, sale, or use of any existing device models the FCC previously authorized.
  2. This action does not affect any previously purchased consumer-grade routers. Consumers can continue to use any router they have already lawfully purchased or acquired.
  3. Producers of consumer-grade routers that receive Conditional Approval from the Department of War (DoW) or the Department of Homeland Security (DHS) can continue to receive FCC equipment authorizations.

On this front, here are a couple of things I learned from the newly published FAQ:

  • Routers made in the US with foreign components are not automatically added to the Covered List unless the “covered” component is a modular transmitter under the FCC’s rules.
  • Foreign-made routers (those on the Covered List) can be imported in small batches for product development purposes, provided they are not marketed or sold.
  • The Covered List is not enforced retrospectively. Specifically, consumers can continue to use their existing legally acquired router, whether or not it’s currently on the updated Covered List.
  • Consumers are not allowed to buy a router on the Cover List abroad and bring it home to use. (This has been the case with any router not approved by the FCC.)
  • The ban applies to hardware installed by professionals for residential use, including SP-provided residential gateways.

Considering that there are already plenty of routers, including those supporting the latest Wi-Fi 7 standard, that have been authorized, this ban has no immediate effect on the US networking market.

However, going forward, new routers, especially those supporting the upcoming Wi-Fi 8, will need to be manufactured in the US or granted Conditional Approval, which is determined on a case-by-case basis via an application process.

Banned routers and firmware updates

The most interesting question on the FCC’s recently published FAQ page concerned firmware updates for currently authorized foreign-made routers, which are virtually all standard Wi-Fi routers.

The FCC linked to a waiver document that, among other things, reads:

“All routers authorized for use in the United States may continue to receive software and firmware updates that mitigate harm to U.S. consumers at least until March 1, 2027. These include all software and firmware updates to ensure the continued functionality of the devices, such as those that patch vulnerabilities and facilitate compatibility with different operating systems.”

From the looks of it, if you buy a new router now, you’ll have only about one year of “authorized” firmware support. That brings up a big question: what if these routers have a vulnerability that needs to be patched after March 1, 2027?

The “at least” language of the waiver suggests that the authorized routers will be allowed to receive firmware updates beyond that date, but it’s unclear whether that’d require a further extension or a specific permit.

Firmware is what dictates the function of hardware, similar to an operating system in a computer. For this reason, it makes sense that the FCC wants to regulate or restrict firmware updates to prevent the potential weaponization of the hardware. However, entirely banning firmware updates would surely make the router less secure when a vulnerability needs to be patched.

My take is that on this front, we’ll need to wait until next year to find out.

Reactions from hardware vendors

I contacted a few popular networking vendors about the new ban, and none, so far, seem overly concerned.

TP-Link Systems Inc., the popular Chinese-yet-not-so-Chinese hardware vendor, once the heart of the whole router-ban saga, seems to take solace in the fact that the new FCC router ban put all hardware vendors under the same scrutiny. Its spokesperson offered this statement:

“This action from the FCC appears to affect virtually all new consumer-grade routers seeking authorization to be sold in the United States. Because nearly every manufacturer in this sector produces hardware abroad or relies on a global supply chain, this new requirement will set a bar for the entire industry. Placing all manufacturers and their supply chains under the same scrutiny is a positive step in the direction of making the router industry more secure.  

We are confident in the security of our supply chain. TP-Link has been committed to making further investments in America and has already been planning to establish U.S.-based manufacturing to complement our existing company-owned facilities in Vietnam. TP-Link is well-positioned — in fact, possibly better positioned than any of its competitors — to succeed under the new guidelines and maintain its position as the leading U.S. vendor of secure network devices.”

NETGEAR, TP-Link’s perceived biggest US competitor, also appears to cheer the FCC on making the new ban via this statement, offered by its spokesperson:

We commend the Administration and the FCC for their action toward a safer digital future for Americans. Home routers and mesh systems are critical to national security and consumer protection, and today’s decision is a step forward. As a U.S.-founded and headquartered company with a legacy of American innovation, NETGEAR has long invested in security‑first design, transparent practices, and adherence to government regulations, and we will continue to do so.

The final thoughts

As mentioned, the role of routers in online security is real, and, therefore, so are their risks. In electronics, supply chain security risks are also very real: among other things, a third party can add extra components without the manufacturer’s knowledge, as demonstrated by the extreme example of the 2024 Lebanon electronic device attacks.

So, the new FCC router ban makes sense, at least on the surface. Still, its effectiveness at keeping Americans and the US safe depends on the process by which a foreign-made router is granted Conditional Approval. There’s a lot of gray area in this process, to put it mildly, on the fate of new routers and firmware updates for existing ones.

Still, in the meantime, there’s no need for US consumers to fret, since the ban doesn’t apply retroactively—no router is being recalled because of it—and there are plenty of routers already authorized by the FCC that they can bring home today.

That said, you don’t need to do anything differently. As usual, keep your current router as long as it works for you, and if you need a replacement, these top-five options will help.