On March 23, the Federal Communications Commission announced it would ban all foreign-made Wi-Fi routers from the US market. The reasoning? Protecting critical infrastructure from cyberattacks. The reality? It’s messier than that, and you probably shouldn’t rush out to replace your router just yet.
The move came after several high-profile breaches, particularly the Salt Typhoon attack, which exploited Cisco routers to compromise networks at major US internet providers like AT&T and Verizon. The FCC argues that routers produced abroad pose a security risk, so new foreign-manufactured models can no longer be sold here. Existing routers you already own? They’re grandfathered in.
At least for now.
The Exemption Game Has Already Started
Netgear became the first company to receive “Conditional Approval” despite having routers manufactured in Vietnam, Thailand, Indonesia, and Taiwan. The company’s US headquarters apparently mattered enough to the FCC. The irony isn’t lost on anyone paying attention.
But here’s the catch that should actually worry you: the FCC says firmware updates, which are crucial for security, can only continue “at least until March 1, 2027.” That “at least” matters. It’s wiggle room. But if your router doesn’t make it onto the exemption list by then, it basically becomes a security liability. Without patches for new vulnerabilities, you’re running an increasingly vulnerable device on your Technology network.
Nearly every router currently on US shelves has some stage of manufacturing outside the country. We’re talking TP-Link, Asus, D-Link, and countless others. According to the source reporting, about 60% of routers in the US are manufactured in China. Even Starlink’s newer models, apparently the only exception, are made in Texas. Everything else? Components sourced globally, assembly somewhere foreign.
The Supply Chain Problem Nobody Can Solve Quickly
Here’s what manufacturers won’t tell you plainly: moving production to the US is expensive and takes years. The FCC essentially created a deadline that most companies probably can’t meet, which means they’re likely just going to wait out the ban rather than overhaul their entire supply chains.
William Budington, a technologist at the Electronic Frontier Foundation, told CNET this approach uses “an extremely blunt instrument” to address a real problem. He’s right. Using a sweeping ban on foreign manufacturing is like banning all cars to prevent drunk driving. It stops the problem, sure, but the collateral damage is enormous.
The actual security vulnerabilities the FCC cited? They weren’t inherent to foreign manufacturing. They were exploited through poor security practices and outdated equipment. A US-made router with a default password left unchanged is just as vulnerable as a Vietnamese one.
What You Should Actually Do Right Now
Don’t buy a new router today. Seriously. If you purchase one now and the FCC doesn’t grant it an exemption, you’re stuck with a device that stops receiving security updates in just over a year. One expert likened it to routers turning “into pumpkins in a year unless they extend this waiver.”
If you rent your equipment from your ISP, which nearly 70% of Americans do, the pressure falls on them to stay compliant. ISPs are taking a “wait and see” approach so far. Call your provider and ask what options exist if you’re concerned, but don’t expect them to proactively replace equipment just yet. They’re not eager to spend $100 per household on upgrades.
Give it a few weeks or months for the dust to settle. Router manufacturers are already lobbying the FCC hard for exemptions. The landscape will become clearer once more companies receive conditional approval, and you’ll know which models are actually safe to buy.
The Real Security Problem Isn’t Where It’s Made
No matter where your router comes from, basic security hygiene matters infinitely more than national origin. Change your default password. Enable WPA3 encryption if your router supports it. Keep your firmware updated for as long as possible. These mundane practices do more for your security than any manufacturing location ever could.
Vulnerabilities don’t care about geopolitics. A poorly configured American router is a worse security risk than a well-maintained foreign one. The FCC’s logic, however well-intentioned, conflates national security with actual device security in ways that don’t hold up to scrutiny.
The bigger question nobody wants to answer: if the cybersecurity ecosystem is this fragile, would banning routers actually fix it, or would it just create new problems while leaving the real vulnerabilities untouched?
