FCC Bans New Consumer-Grade Routers Made Outside the United States

FCC Adds Foreign-Made Routers to Covered List

The FCC maintains a “Covered List” of communications equipment and services that have been determined to pose an unacceptable risk to the national security of the United States or the security and safety of U.S. persons. As a result of the FCC’s March 23, 2026, addition to the Covered List, new foreign-made, consumer-grade routers are prohibited from receiving FCC equipment authorizations necessary for the import, marketing, or sale of these products in the United States.

For purposes of the FCC’s action, routers are consumer-grade networking devices that are primarily intended for residential use and can be installed by the customer. Routers forward data packets, most commonly Internet Protocol packets, between networked systems. The FCC noted that router “production” includes any major stage of the process through which the device is made, including manufacturing, assembly, design, and development. Moreover, the prohibition applies to all new consumer-grade router models produced outside of the United States, regardless of the producer’s nationality, meaning that the prohibition applies even to U.S.-headquartered or incorporated companies that design and develop their products in the United States but manufacture them abroad. Similarly, a product that is designed by a non-U.S. company but produced in the United States is covered because design and development are considered stages of production for purposes of the rule.

The FCC’s action follows a March 20, 2026, National Security Determination (NSD) issued by an Executive Branch interagency group concluding that routers produced in foreign countries present two categories of unacceptable risk: (1) a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense; and (2) a severe cybersecurity risk that could be leveraged to immediately and severely disrupt U.S. critical infrastructure and directly harm U.S. persons. The NSD highlighted that state and non-state actors have leveraged foreign-made routers to disrupt network connectivity, conduct espionage, and enable intellectual property theft. The NSD also noted that foreign-made routers were implicated in extensive cyberattacks on U.S. communications, energy, transportation, and water infrastructure.

Conditional Approval

The FCC action establishes a process for producers of foreign routers to apply for Conditional Approval, which would involve an individualized risk assessment that could exempt the applicant from Covered List restrictions. The FCC’s guidance for the Conditional Approval process requires the submission of extensive corporate, investor, supply chain, and manufacturing documentation, including plans for onshoring U.S. production.

Software and Firmware Waiver

FCC regulations prohibit modifying equipment placed on the Covered List, even prohibiting software or firmware updates to such equipment. However, the FCC issued a temporary waiver of these prohibitions, applicable to routers authorized prior to March 23, 2026. The waiver permits software and firmware updates to routers until March 1, 2027, to “mitigate harm to U.S. consumers,” allowing updates to ensure the continued functionality of the router, such as those that patch vulnerabilities and facilitate compatibility with different operating systems. The FCC’s waiver demonstrates a recognition that, in the absence of such a waiver, previously deployed routers that consumers were allowed to keep using would have been more vulnerable to security attacks.

Practical Considerations for Manufacturers and Retailers

• The ban applies to new consumer-grade routers with any major production stage located outside of the United States. Router manufacturers should consider auditing their design and development inputs, supply chains, and production flows to understand the impact on their products and consider what stages may be onshored to the United States.

• Manufacturers should consider reviewing the substantial Conditional Approval disclosure requirements. Manufacturers involved in the router supply chain should closely monitor the FCC’s Covered List page and related guidance, ensure that new product launches account for the prohibition, and consult with counsel to evaluate whether existing or planned products require a Conditional Approval application. Manufacturers considering a Conditional Approval application should quickly begin to collect documentation, noting that the application process may involve several rounds of follow-up questions from U.S. government officials.

• Retailers should consider incorporating the Covered List into their procurement and risk management processes. Retailers should assess their current supply chains, closely monitor the FCC’s Covered List page and related guidance, and review contracts with suppliers to understand how supply disruptions, authorization changes, or Conditional Approval denials would affect existing and expected procurement.

• Companies should consider monitoring the regulatory landscape for further restrictions on foreign-made technology, equipment, and services. The addition of routers to the Covered List follows similar national security determinations in December 2025 that added foreign-produced uncrewed aircraft systems (UAS) and UAS critical components to the Covered List. Companies with exposure to FCC equipment authorization requirements beyond UAS or routers should monitor Executive Branch focus areas within cyberspace, critical infrastructure, and supply chains for further restrictions on foreign technology.