The U.S. router ban: Everything you need to know
The Federal Communications Commission on Monday added all foreign-manufactured consumer routers to its Covered List — the federal government’s running blacklist of communications equipment deemed a national security threat. The move effectively bans the sale of new WiFi routers made outside the country.
The ban is sweeping, as virtually every consumer router on the market today is made overseas. However, the FCC also said that previously approved WiFi routers can still be operated and sold.
An FCC communication states that the “action does not impact a consumer’s continued use of routers they previously acquired.” Likewise, it doesn’t “prevent retailers from continuing to sell, import, or market router models approved previously through the FCC’s equipment authorization process.”
It’s the same playbook we saw with the drone ban in December 2025, when the FCC blacklisted most consumer drones, even as they remained easy to find.
As before, the national security justification, per the FCC, is that foreign-produced routers introduce supply chain vulnerabilities that can disrupt critical infrastructure. In addition, the FCC says that foreign routers have already been exploited in real cyberattacks. The Volt, Flax, and Salt Typhoon attacks — all of which targeted vital U.S. infrastructure — involved foreign-made routers, according to the FCC.
This Tweet is currently unavailable. It might be loading or has been removed.
A quick glance at Amazon and Best Buy shows that popular routers are still widely available, but the situation is confusing. Let’s break down what we know about the new rules.
So which routers are banned?
Any equipment on the FCC’s Covered List is blocked from receiving new authorization, which is required before a device can be imported, marketed, or sold in the United States. And the FCC’s decision adds “all consumer-grade routers produced in foreign countries” to that list.
Effectively, all home router brands will be impacted by the ban. (The only domestically-produced consumer routers Mashable is aware of are made by Starlink for satellite internet.)
Mashable Light Speed
The FCC’s update applies to any router produced outside the U.S. — and the FCC’s definition of “produced” is deliberately broad. It covers not just where a device is physically assembled, but where it was designed, developed, or had any major stage of its manufacturing process completed. So, a router designed in the United States by an American company but assembled in Taiwan would still be banned, for instance.
TP-Link, the Chinese manufacturer that has faced its own separate congressional scrutiny and government inquiries, is an obvious target. But the ban extends well beyond Chinese companies. It also includes Asus, which is Taiwanese; Netgear, which is headquartered in San Jose and manufactures abroad; Eero, which is owned by Amazon and produced in Vietnam; and Ubiquiti, another American company whose hardware is produced overseas. If the router exists in the physical world in 2026, there is a very good chance it was made somewhere other than the United States, and is therefore now covered.
TP-Link, for its part, was characteristically direct. In a statement to PCMag, the company acknowledged the obvious — that router manufacturing is a globally distributed industry, with its own products made in Vietnam — and framed the ruling as an industry-wide reckoning rather than a targeted action. The company said it was confident in the security of its supply chain and welcomed what it described as an evaluation of the entire sector.
Likewise, before DJI drones were banned in December, the company told Mashable the ban was a naked attempt to shore up U.S. manufacturing, rather than a legitimate national security issue.
“This is about forcing the biggest manufacturer of drones out of the market so that American drone manufacturers don’t have to compete with them,” said Adam Welsh, DJI’s Head of Global Policy, in an interview with Mashable in December.
What routers can you still buy?
More than you might expect — for now. The critical distinction in the FCC’s rules is between new device models and previously authorized ones. Any router that already has an FCC equipment authorization can still be imported, sold, and used. Retailers can continue moving existing inventory. Consumers can continue buying those models. The ban applies to new models seeking authorization going forward, not to the current stock sitting on Best Buy shelves.
If you already own a router, nothing changes. The Covered List does not require consumers to replace or stop using hardware they already purchased.
However, if you need an upgrade, now’s the time to do it. The FCC granted a limited waiver on Monday, allowing all previously authorized routers to continue receiving software and firmware updates — security patches, bug fixes, and compatibility updates — at least until March 1, 2027, at which point the agency says it will reassess.
The waiver exists because, without it, the Covered List rules would have immediately stripped those routers of update eligibility the moment they were added to the list, even for devices already sitting in people’s homes. The irony here is that the FCC’s ban is premised entirely on the security risks of foreign-made routers, which, by its own mechanics, will eventually cut off the security updates that keep those same routers from becoming liabilities.
Is there any way back for manufacturers?
There is, but it’s a narrow door. The FCC’s rules include a “Conditional Approval” pathway, administered by the Department of Defense and the Department of Homeland Security, through which a router producer can apply for an individual exemption if it can demonstrate its product does not pose unacceptable risks.
The application process is extensive: manufacturers must disclose their full corporate structure, ownership, any foreign government ties, a complete bill of materials, country of origin for every component, and all software, and — most significantly — a detailed, time-bound plan to move manufacturing to the United States. Conditional Approvals last no longer than 18 months and come with quarterly reporting requirements. There is no guarantee of approval, and all decisions are final.
Topics
Cybersecurity
Government