FCC Bans New Routers Made Outside the USA Over Security Risks

What happened

New routers made outside the USA are now barred from new U.S. sales after the Federal Communications Commission updated its Covered List to include all consumer routers manufactured in foreign countries. The change follows a March 20 national security determination by an Executive Branch interagency body. According to that assessment, foreign-produced routers carry a supply-chain risk that could disrupt the U.S. economy, critical infrastructure, and national defense, and could also be used to immediately and severely disrupt U.S. critical infrastructure and directly harm U.S. persons. The Federal Communications Commission also said foreign-made routers helped the Volt Typhoon, Flax Typhoon, and Salt Typhoon hackers carry out attacks targeting vital U.S. infrastructure. The Covered List was created under the Secure and Trusted Communications Networks Act of 2019. 

Who is affected

The direct impact falls on makers of consumer routers manufactured outside the United States that want to sell new models in the U.S. market. For U.S. consumers, existing routers will continue to be sold, though access to new models may become more difficult and devices may become more expensive. 

Why CISOs should care

This decision matters because the Federal Communications Commission tied the rule change directly to supply-chain risk and to prior attacks on vital U.S. infrastructure. For CISOs, the development is relevant where router sourcing, infrastructure resilience, and vendor approval requirements intersect with enterprise and public-sector technology planning. 

3 practical actions:

1. Review router sourcing exposure: Identify whether planned network hardware purchases, refresh cycles, or supplier roadmaps depend on new consumer router models manufactured outside the United States. 
2. Assess regulatory path risk: Confirm whether affected vendors intend to pursue the U.S. approval pathway that requires disclosure of ownership, supply chain, manufacturing, assembly, and software or firmware origin details. 
3. Adjust procurement expectations: Account for possible delays, reduced model availability, and higher costs where testing, approvals, and certification may slow entry of new router models into the U.S. market. 

For more coverage of newly disclosed security flaws and systemic exposure risks, explore our reporting under the Vulnerabilities tag.