Late Monday afternoon, the FCC dropped an order that nobody saw coming. Every new consumer router model manufactured outside the United States is now banned from sale.
Not just TP-Link. Not just Chinese brands. Every. Single. One.
The FCC updated its "covered list" — the national security blacklist for telecom equipment — to include all consumer-grade routers produced in foreign countries. New models can't get FCC authorization, which means they can't be imported or sold.
If you already own a router, you're fine. Retailers can keep selling models that were approved before the ban.
But no new foreign-designed, foreign-assembled, or foreign-manufactured router models will hit US shelves.
Here's where it gets wild 🤯
Chinese manufacturers control roughly 60% of the US home router market.
But this ban doesn't just hit Chinese brands. ASUS is Taiwanese. Netgear designs in the US but manufactures abroad. Even "American" brands assemble in Taiwan, Vietnam, and China.
The FCC's definition of "foreign-made" covers any device where manufacturing, assembly, design, or development happens outside the US.
That's almost everything on the shelf at Best Buy right now.
The security argument is real — to a point
I'm not going to pretend the threat doesn't exist.
Chinese state-sponsored groups — Volt Typhoon, Flax Typhoon, Salt Typhoon — have compromised hundreds of thousands of routers. The FBI disrupted a Flax Typhoon botnet of over 260,000 devices in 2024. Salt Typhoon breached Verizon, AT&T, and Lumen by exploiting Cisco router vulnerabilities.
CrowdStrike reported a 150% surge in China-linked cyber activity that year.
These are real attacks on real infrastructure.
But here's my problem: the vulnerabilities they exploited were software bugs. Not hardware backdoors. Not supply chain implants. Software patches that vendors hadn't pushed and users hadn't installed.
Banning where a router is assembled doesn't fix unpatched firmware. A router manufactured in Texas with the same buggy Cisco IOS XE code is just as exploitable as one made in Shenzhen.
What this actually means for developers 💻
If you're running a home lab, self-hosting anything, or working remote with specific networking needs — your options just got significantly narrower.
The enthusiast router market runs on foreign hardware. Ubiquiti, MikroTik, GL.iNet — the entire prosumer segment either manufactures abroad or sources components internationally.
Router makers can apply for an 18-month "conditional approval" from the Pentagon or DHS. But they have to submit a time-bound plan to move manufacturing to the US.
That's not a quick process. That's a complete supply chain rebuild.
→ Short term: expect prices to climb
→ Domestic manufacturing costs more
→ Companies that get exemptions fastest will dominate
→ Everyone else waits
The uncomfortable question 🤔
I think securing the router supply chain matters. The Typhoon campaigns proved that compromised network equipment is a genuine national security risk.
But banning the hardware doesn't address the software.
And the FCC's order doesn't include a single requirement for firmware security standards, automatic patching, or vulnerability disclosure.
We're getting a manufacturing ban instead of a security standard. That feels backwards.
→ If the goal is secure routers, mandate secure firmware
→ Require automatic security updates
→ Force vendors to maintain patches for a minimum lifecycle
→ Those policies would actually reduce the attack surface
Instead, we got protectionism dressed up as cybersecurity.
What router are you running right now — and would you trust a US-only market to give you something better? 👇
Top comments (0)