FCC Adds Foreign-Made Routers to Covered List for National Security Reasons

By Blake Reed

On March 23, 2026, the Federal Communications Commission took a significant step to strengthen cybersecurity by updating its covered list to include all consumer-grade routers produced in any foreign country. This move, announced by the FCC’s Public Safety and Homeland Security Bureau, effectively prohibits new models of foreign-made routers from receiving the equipment authorization required for importation, marketing, or sale in the United States.

The update follows a formal National Security Determination issued on March 20, 2026, by a White House-convened interagency body with expertise from key national security agencies. That determination concluded that routers produced abroad — regardless of the manufacturer’s nationality — pose unacceptable risks to the national security of the United States and the safety of American citizens. Specifically, these devices introduce supply-chain vulnerabilities that could disrupt the economy, critical infrastructure, and national defense, while also creating severe cybersecurity risks that could be exploited to harm U.S. persons or infrastructure.

National security justifications are often invoked to justify trade restrictions. Consumer electronics have increasingly been subject to these restrictions over dual-use concerns. Essentially, government agencies worry that they could be weaponized by the Chinese Communist Party or other foreign adversaries in the supply chain, either through implanted malware or the threat of a kill switch. Some of these concerns are legitimate, but, as the debates over microchip exports demonstrate, they can also be used as a pretext for the autarkist tendencies of both the Biden and Trump administrations.

In this case, foreign-made routers have already been implicated in real-world attacks. Bad actors have leveraged vulnerabilities in small-office and home routers to disrupt network connectivity, conduct espionage, steal intellectual property, and power botnets. Large-scale cyber warfare operations such as Volt Typhoon, Salt Typhoon, and other state-sponsored campaigns that targeted vital American systems in communications, energy, transportation, and water sectors relied on compromised imports. The White House determination emphasized that trojan horse routers render the U.S. network vulnerable to unauthorized access, data exfiltration, and attacks on connected devices in everyday American homes.

The FCC derives its statutory authority for this move from the Secure and Trusted Communications Networks Act of 2019, which requires the FCC to add equipment to the covered list when national security experts identify unacceptable risks. Equipment on the covered list cannot receive new FCC authorizations, meaning new foreign-produced router models are now barred from the U.S. market. This builds on earlier additions to the list, including certain uncrewed aircraft systems and other communications gear from foreign sources.

Importantly, the rule includes a narrow exception. Routers that receive conditional approval from the Department of Defense or the Department of Homeland Security — after a review confirming they do not pose such risks — may still qualify for FCC authorization. Manufacturers are encouraged to apply for these approvals by submitting documentation to the designated FCC email address. As of the announcement, no router models had yet received such exemptions.

Consumers should know that this change does not affect existing routers. Anyone who already owns a router, even one produced abroad, can continue using it without interruption. Retailers may still sell previously authorized models that were already in the supply chain. The restrictions apply only to new device models going forward. A blanket waiver also allows software and firmware updates on existing covered routers to patch vulnerabilities and maintain functionality, at least through early 2027.

This latest covered list update underscores growing concerns about supply-chain security in an era when everyday devices like home Wi-Fi routers serve as gateways to personal data and connected networks. While it may encourage greater domestic or allied production of routers over time, it also raises questions about potential short-term impacts on availability and pricing as manufacturers adjust. Considering the offered justification for proscribing all foreign imports, one is left wondering why a more targeted approach to certain countries of concern, the standard practice for most federal supply chain fatwas, would not suffice.

The story is still unfolding, with manufacturers likely to pursue conditional approvals and the market adapting to the new requirements. Whether this accelerates American innovation in secure networking hardware or simply shifts production patterns while increasing costs remains to be seen, but the message from the FCC is clear: national security considerations now carry significant weight in the consumer technology space. To view the full FCC Public Notice announcing the router update (DA-26-278), click here.