Bottom line up front: The FCC banned new foreign-made routers from entering the US market. Routers you already own are not affected by the ban itself. But the ban exists because home routers are a documented national security risk - and that risk doesn't depend on whether your router is on a list. Understanding your specific router's security posture matters now more than ever.
What happened on March 23, 2026
The Federal Communications Commission updated its "Covered List" - a list of communications equipment deemed to pose an unacceptable risk to US national security - to include all consumer-grade routers manufactured in foreign adversary nations.
The FCC's rationale, as stated in its official fact sheet, was twofold: foreign-produced routers introduce "a supply chain vulnerability that could disrupt the US economy, critical infrastructure, and national defense," and they pose "a severe cybersecurity risk." The agency specifically cited three Chinese state-sponsored cyberattack campaigns - Volt Typhoon, Flax Typhoon, and Salt Typhoon - all of which exploited vulnerabilities in home and small-office routers.
The ban is enforced through the FCC's Equipment Authorization process. Every consumer electronic device sold in the US must have an FCC ID - a stamp of approval that says the device has been tested and authorized. Devices on the Covered List cannot receive this authorization. No FCC ID means no legal US sale.
Key dates
March 23, 2026FCC updates Covered List - new foreign router models cannot receive FCC authorization
September 2026Retailers prohibited from importing new inventory of covered devices
March 1, 2027Last date for firmware/software updates to existing authorized models
OngoingExisting authorized inventory can continue to be sold and used
What is actually banned
The ban applies to new router models seeking FCC Equipment Authorization after March 23, 2026, if those routers are manufactured in a country designated as a foreign adversary - primarily China, Russia, and Iran.
The FCC's definition of "production" is intentionally broad. It covers "any major stage of the process through which the device is made, including manufacturing, assembly, design, and development." This means a router designed in China but assembled in Vietnam is likely still covered. A router designed in the US but assembled in China may also be covered depending on how "critical" each stage is evaluated to be.
Important nuance: The ban's broad definition of "production" may catch routers made by US-headquartered companies like Netgear, Google, and Amazon/Eero if their manufacturing occurs in covered countries. This is currently under evaluation through the Conditional Approval process.
What "Conditional Approval" means
Router manufacturers can apply to the Department of Defense or Department of Homeland Security for a "Conditional Approval" - essentially an exemption that allows their foreign-made product to receive FCC authorization if it can be demonstrated that the device doesn't pose unacceptable security risks. The process requires extensive security documentation and disclosure. Approvals last up to 18 months and are not guaranteed.
What is NOT banned
This is the most important thing most news coverage has gotten wrong or insufficiently emphasized:
Routers you already own are completely unaffected. You can keep using them indefinitely.
Routers currently on store shelves that were previously authorized by the FCC can continue to be sold.
Importing existing authorized models remains legal until September 2026.
Security firmware updates for existing authorized models are permitted through March 1, 2027.
In plain terms: The routers currently available at Best Buy, Amazon, and your ISP are all legal to purchase and use - the ban is about new model authorizations, not what's already on shelves. That said, the ban is a signal worth taking seriously: the US government has concluded that the devices sitting in most American homes represent a real security vulnerability. The right response isn't panic - it's an honest look at whether your current router actually gives you the protection your household deserves.
Which routers are affected
Virtually all currently-authorized consumer routers are not directly affected by the ban on the day it took effect. The ban prevents new models from being authorized - it doesn't retroactively ban authorized devices.
However, the ban creates longer-term market uncertainty: router manufacturers whose hardware relies on Chinese production will eventually need to either qualify for Conditional Approval or shift manufacturing. Until that process resolves, the pipeline of new router models from affected manufacturers is uncertain.
The legitimate debate: does this actually improve security?
The FCC's rationale is not without critics - including serious security researchers and institutions. Here is the honest case on both sides:
The case for the ban
TP-Link routers have been explicitly documented in three state-sponsored attack campaigns (Volt, Flax, Salt Typhoon) and are the subject of an active DOJ investigation.
Chinese intelligence law (2017) legally compels Chinese companies to cooperate with intelligence requests - creating a structural risk for any Chinese-manufactured networking equipment regardless of current behavior.
Supply chain attacks (malicious firmware inserted during manufacturing) are a documented threat vector for Chinese-made hardware.
The US government needs a mechanism to address systemic supply chain risks, not just react to individual incidents.
The case against the ban (as made by security researchers)
The Internet Governance Project, Malwarebytes, and several independent security researchers have raised substantive objections:
Device age and patch support status are more important risk factors than manufacturing origin. A well-maintained router made in China is more secure than an abandoned end-of-life router made in the US.
The ban may extend the life of insecure devices. By restricting new foreign-made models, the ban may push consumers to hold onto older, less secure routers for longer than they otherwise would.
All major consumer router brands manufacture abroad. US companies like Netgear, Google, and Amazon/Eero all manufacture outside the US. The ban, applied broadly, could create a router shortage without a clear domestic alternative.
The most secure modern routers are often foreign-made. Wi-Fi 7 routers with auto-update features and modern security standards are predominantly manufactured abroad.
Our position: We score routers on multiple risk factors - manufacturing origin is one of them, but device age, active patch support, and documented CVE history are weighted alongside it. A brand-new Taiwanese-made router with active security updates is scored differently from a 5-year-old end-of-life Chinese-made router, even if both originate outside the US. Both sides of this debate are making a narrower argument than the one we think matters most: the real question isn't whether the ban helps - it's whether your home network has the highest protection available to it. Most don't.
What you should actually do
The ban is a policy decision about new market authorizations. The security problem it's responding to is real, ongoing, and already in your home. These are the actions that actually matter:
Check your specific router's security grade using our free checker. The most important factors are patch support status, CVE history, and manufacturer jurisdiction - not just whether a ban applies. Knowing where you stand is the starting point.
If you have a TP-Link router, the federal investigation and documented Volt Typhoon involvement are independent of the ban and represent serious, unresolved concerns. This isn't a "wait and see" situation - replacement is warranted.
If you have an end-of-life router (from any manufacturer), replace it. An unpatched router is a permanently open door - no policy or firmware update changes that.
If you have an ISP gateway, secure your ISP account with 2FA, disable public hotspot broadcasting, and consider placing a dedicated security router behind it for real control over your network.
If your current router scores a B or lower, it's worth asking honestly: is "adequate" the standard your household deserves? The highest protection available doesn't cost much more than average - it just requires making the choice deliberately.
Most people have no idea the FCC banned foreign-made routers - or that they may already own one. If this was useful, sharing it is how it gets to someone who can act on it.
