FCC bans new routers made outside the USA over security risks

The Federal Communications Commission has updated its Covered List to include all consumer routers made in foreign countries, banning the sale of new models in the U.S.

The Covered List, created under the Secure and Trusted Communications Networks Act of 2019, is an FCC-maintained list of communications equipment and services that the U.S. government has determined to pose an unacceptable risk to national security or the safety of Americans.

The list previously included specific products and companies tied to security concerns, such as Kaspersky, Huawei, ZTE, Hikvision, and Dahua.

  1. Adding all routers manufactured abroad to the Covered List follows a National Security Determination issued on March 20 by an Executive Branch interagency body.
  2. According to the assessment, foreign-produced routers carry a supply-chain risk "that could disrupt the U.S. economy, critical infrastructure, and national defense." The  agency determined that these devices could also be used "to immediately and severely disrupt U.S. critical infrastructure and directly harm U.S. persons."
  3. In support of the decision, the FCC highlights that foreign-made routers helped the Volt, Flax, and Salt Typhoon hackers carry out attacks that targeted vital U.S. infrastructure.

Exemptions and alternative approval path
https://www.bleepstatic.com/images/news/u/1220909/2026/March/carr.png
Conditional approval has been granted to certain routers used in the U.S. Department of War (DoW) or the Department of Homeland Security (DHS) for drone systems, which have been determined not to constitute a security risk.

Also, the new rules do not bar foreign consumer-grade router makers from seeking approval in the U.S., as long as they transparently disclose:

    Corporate and ownership structure, including any foreign government financial support and influence.
    Manufacturing and supply chain details, including bill of materials, country of origin for all components, IP ownership details, manufacturing and assembly locations, and origin of software/firmware.
    Plan to move critical components manufacturing to the United States, and provide a description of existing U.S.-based manufacturing or assembly processes.

Consumer impact

For regular consumers in the United States, the new rules are expected to have no immediate effect, as all existing routers will continue to be sold in the country.

In what concerns Unmanned Aircraft Systems (UAS) and their critical components, the FCC noted that it will allow software and firmware updates until at least January 1, 2027.

Access to new router models for U.S.-based consumers may become more difficult, and the devices may also become more expensive, as the regulatory approval process adds extra complications and costs.

Given that testing, approvals, and FCC certification typically take a couple of months, even when all conditions are met. In some cases, this might lead to a delay in entering the U.S. market.

Some manufacturers may also decide that the alternative certification pathway is not worth the effort - particularly due to the onshoring requirement - and exit the U.S. market, reducing model availability.
tines

 
Related Articles:

US disrupts SocksEscort proxy network powered by Linux malware

TP-Link warns users to patch critical router auth bypass flaw

Kali Linux 2026.1 released with 8 new tools, new BackTrack mode

Paid AI Accounts Are Now a Hot Underground Commodity

Compromised Site Management Panels are a Hot Item in Cybercrime Markets

Adding all routers manufactured abroad to the Covered List follows a National Security Determination issued on March 20 by an Executive Branch interagency body.

According to the assessment, foreign-produced routers carry a supply-chain risk "that could disrupt the U.S. economy, critical infrastructure, and national defense." 

The  agency determined that these devices could also be used "to immediately and severely disrupt U.S. critical infrastructure and directly harm U.S. persons."

In support of the decision, the FCC highlights that foreign-made routers helped the Volt, Flax, and Salt Typhoon hackers carry out attacks that targeted vital U.S. infrastructure.

Tweet

Exemptions and alternative approval path

Conditional approval has been granted to certain routers used in the U.S. Department of War (DoW) or the Department of Homeland Security (DHS) for drone systems, which have been determined not to constitute a security risk.

Also, the new rules do not bar foreign consumer-grade router makers from seeking approval in the U.S., as long as they transparently disclose:

  • Corporate and ownership structure, including any foreign government financial support and influence.
  • Manufacturing and supply chain details, including bill of materials, country of origin for all components, IP ownership details, manufacturing and assembly locations, and origin of software/firmware.
  • Plan to move critical components manufacturing to the United States, and provide a description of existing U.S.-based manufacturing or assembly processes.

Consumer impact

For regular consumers in the United States, the new rules are expected to have no immediate effect, as all existing routers will continue to be sold in the country.

In what concerns Unmanned Aircraft Systems (UAS) and their critical components, the FCC noted that it will allow software and firmware updates until at least January 1, 2027.

Access to new router models for U.S.-based consumers may become more difficult, and the devices may also become more expensive, as the regulatory approval process adds extra complications and costs.

Given that testing, approvals, and FCC certification typically take a couple of months, even when all conditions are met. In some cases, this might lead to a delay in entering the U.S. market.

Some manufacturers may also decide that the alternative certification pathway is not worth the effort - particularly due to the onshoring requirement - and exit the U.S. market, reducing model availability.

Related Articles:

US disrupts SocksEscort proxy network powered by Linux malware

TP-Link warns users to patch critical router auth bypass flaw

Kali Linux 2026.1 released with 8 new tools, new BackTrack mode

Paid AI Accounts Are Now a Hot Underground Commodity

Compromised Site Management Panels are a Hot Item in Cybercrime Markets