On March 23, 2026, the Federal Communications Commission banned ALL consumer routers manufactured in foreign countries—not just China, but every country including allies like Japan, South Korea, and the UK. The unprecedented move follows a White House determination that foreign-made routers pose “unacceptable national security risks” after Chinese state-sponsored groups used compromised routers to infiltrate U.S. telecommunications and critical infrastructure.
There’s one problem: virtually no consumer routers are manufactured in the United States. Even American brands like Cisco, Netgear, and Linksys produce their hardware overseas, creating an immediate supply chain crisis with no domestic alternatives ready to fill the gap.
Not Just China—Every Foreign Country Gets Banned
Unlike previous targeted bans against specific Chinese manufacturers (Huawei, ZTE), this policy casts a much wider net. The FCC’s updated “Covered List” now includes “routers produced in a foreign country, regardless of the nationality of the producer.” This means routers manufactured in allied nations—Japan, South Korea, Taiwan, the United Kingdom—face the same restrictions as those from adversarial countries.
The ban is geographic, not company-based. A U.S. company manufacturing routers in Taiwan gets blocked. A Japanese company with UK production facilities gets blocked. The indiscriminate scope raises questions about whether this is genuine security policy or protectionism dressed up as national security.
The Domestic Manufacturing Problem No One Wants to Talk About
Consumer-grade networking equipment is essentially 100% manufactured overseas. China and Taiwan dominate production, with additional manufacturing concentrated in South Korea. Domestic U.S. router manufacturing for consumer products? Virtually non-existent.
Even brands with “American” heritage manufacture abroad. Cisco, Netgear, Linksys—all U.S.-based companies, all producing hardware overseas. The few exceptions, like Avalon Wireless distributed by L-com, operate at such small scale they can’t fill the gap. Products labeled “Made in USA” typically just mean final assembly happened domestically while PCBs and components came from abroad.
The ban creates scarcity with no replacement supply chain. Until manufacturers navigate the approval process (more on that in a moment), consumers face higher prices, limited selection, and delays on the latest technology like WiFi 7 routers.
The Escape Hatch: Conditional Approvals and Regulatory Uncertainty
The ban isn’t absolute. Manufacturers can apply for “Conditional Approvals” by submitting applications to the FCC, which forwards them to the Department of War and Department of Homeland Security for evaluation. If DoW and DHS determine a router “does not pose unacceptable risks,” it gets approved for sale.
Here’s the catch: no criteria have been published for what constitutes “acceptable risk.” The approval timeline is unknown. The evaluation process is a black box. Major brands like TP-Link, ASUS, and Netgear will likely apply and eventually receive approvals. But the lack of transparency creates uncertainty and opens the door to potential regulatory capture—who gets approved may depend more on political connections than actual security.
Related: Cyber.mil Expired Certificate: Government Security Theater
FCC Router Ban: Real Attacks, Questionable Solution
To be fair, the security concerns aren’t imaginary. Three Chinese state-sponsored groups—Volt Typhoon, Flax Typhoon, and Salt Typhoon—successfully compromised routers to infiltrate critical U.S. infrastructure. The BlackTech group demonstrated capabilities to modify router firmware without detection, installing backdoors that bypassed logging functions. Salt Typhoon compromised Cisco routers to infiltrate AT&T, Verizon, T-Mobile, and six other major telecommunications companies in 2024.
But here’s where the logic falls apart: those attacks targeted routers from U.S. brands like Cisco and Netgear—companies based in America but manufacturing overseas. The vulnerabilities stemmed from poor security practices (default credentials, unpatched firmware, lack of monitoring), not the geographic location of production. As developers on Hacker News pointed out in a 228-point discussion: “Vulnerabilities have nothing to do with country of manufacture. They have always been due to manufacturers’ crap security practices.”
Banning routers from allied nations like Japan or the UK doesn’t address the actual problem. Mandatory open-source firmware, required update support with escrow arrangements, and functional security standards would. This ban targets geography while ignoring the practices that create vulnerabilities.
What Developers Should Actually Do
Don’t panic-replace existing equipment. The ban only applies to new device models seeking FCC authorization after March 23, 2026. Routers you already own are grandfathered in, and retailers can still sell previously authorized models from existing inventory.
Focus on proven security practices instead of worrying about country of origin. Install OpenWRT firmware if your router supports it—open-source firmware provides transparency and community security review that proprietary firmware can’t match. Enable automatic firmware updates. Segment IoT devices onto separate network VLANs from critical systems. Monitor outbound traffic for anomalies.
The OpenWRT project recently released the OpenWRT One, purpose-built repairable hardware designed specifically for open firmware. That’s the direction router security should go—transparency, user control, and community oversight. Not blanket bans based on where circuit boards get soldered.
Key Takeaways
- The FCC banned ALL foreign-made routers on March 23, 2026, including those from allied nations like Japan, UK, and South Korea—not just China
- No domestic U.S. consumer router manufacturing exists to fill the gap; even American brands like Cisco and Netgear manufacture overseas
- Manufacturers can apply for “Conditional Approvals” but criteria are unpublished and the process is opaque, raising regulatory capture concerns
- The security threats (Volt, Flax, Salt Typhoon attacks) were real but targeted poor security practices, not geographic production location
- Existing routers are grandfathered; focus on actual security (OpenWRT firmware, network segmentation, monitoring) rather than country of origin
