Foreign Consumer Routers Added to U.S. FCC Restricted List

The U.S. Federal Communications Commission (fcc) officially issued an announcement on March 23, 2026, explicitly adding foreign-manufactured consumer routers to its Covered List of restricted equipment. The implementation of this measure marks a critical policy upgrade by the United States in the fields of communications equipment supply chain security and cybersecurity protection, and will exert a profound impact on the global network communications industry.

National Security Considerations: Routers Emerge as Key Cybersecurity Risk Points

According to a joint security assessment conducted by the FCC and U.S. executive branches, foreign-manufactured consumer routers have been determined to pose unacceptable national security risks, which are mainly reflected in three aspects:

• Weak links in the supply chain may pose potential threats to the stability of the U.S. domestic economy and the security of critical infrastructure.

• The devices themselves may contain cybersecurity vulnerabilities that can be exploited by malicious actors to carry out cyberattacks, intelligence theft and other malicious activities.

• Such devices have been confirmed to be involved in multiple major cyberattack incidents, including known campaigns such as Volt, Flax, and Salt Typhoon.

In addition, foreign-manufactured routers may serve as a breach point for cyber attackers, who can use these devices to infiltrate the internal networks of households, enterprises, and even government agencies, leading to severe consequences such as sensitive data leakage and paralysis of critical infrastructure.

Impact of the New Rule: Ban on New Foreign-Manufactured Routers Obtaining fcc certification

Pursuant to the latest regulations issued by the FCC, the relevant restrictions focus primarily on the equipment certification phase, with specific provisions as follows:

• All foreign-manufactured routers included in the Covered List shall no longer be eligible to obtain new FCC Equipment Authorization.

• This restriction directly results in new models of foreign-manufactured consumer routers being unable to enter the U.S. market for sale.

However, the following three categories are exempt from the new rule and retain their original rights:

• Foreign-manufactured router products that have been officially launched for sale or have successfully obtained FCC certification.

• Normal usage rights of foreign-manufactured routers currently in use by consumers remain unrestricted.

• Existing inventories of foreign-manufactured routers in the market may continue the sales process.

Exception Mechanism: Conditional Approval for Transitional Arrangements

To balance national security needs and the transitional requirements of industrial development, the FCC has simultaneously introduced an exception mechanism of Conditional Approval, with specific rules as follows:

• Relevant foreign router manufacturers may submit applications for Conditional Approval to the U.S. Department of Defense (DoD) or the Department of Homeland Security (DHS).

• Manufacturers whose equipment is verified as free of national security risks following rigorous assessment by the aforementioned departments may continue to obtain FCC Equipment Authorization and enter the U.S. market normally.

• A single Conditional Approval shall have a maximum validity period of 18 months, providing a buffer for manufacturers to adjust their supply chains and optimize product designs.

Transitional Measures: Software Update Rights for Existing Devices Extended to 2027

Meanwhile, the FCC’s Office of Engineering and Technology (OET) has issued supporting transitional measures to protect the legitimate rights and interests of existing users and equipment security, including the following:

• Foreign-manufactured routers that have obtained FCC authorization may still conduct regular software and firmware updates (i.e., Class I permissive changes).

• The scope of updates covers core content such as security vulnerability patching and system compatibility optimization, ensuring the devices maintain basic cybersecurity protection capabilities.

• This transitional measure is a temporary policy valid until March 1, 2027, after which relevant rules will be adjusted based on actual conditions.

Industrial Impact and Future Development Trends

The FCC’s router restriction policy is not an isolated equipment control measure, but will exert multi-dimensional and in-depth impacts on the global network communications industry, which can be divided into short-term impacts and long-term trends:

(1) Short-Term Impacts

• Market access barriers for foreign-branded routers to the U.S. market will rise sharply, with significantly increased certification difficulty and compliance costs.

• U.S. domestic testing laboratories and fcc certification processes (including fcc id applications) will undergo adaptive adjustments to comply with the new rule.

• The OEM/ODM supply chain system of the global router industry will need re-evaluation, with focused adjustments to product origin layout and design processes to meet U.S. compliance requirements.

(2) Long-Term Trends

• It will promote the onshoring process of the U.S. communications equipment industry and accelerate the restructuring and optimization of the global network communications supply chain.

• Secure-by-Design will become the core design standard for routers and various communications equipment, with cybersecurity capability emerging as a core competitiveness of manufacturers.

• The United States will further strengthen supervision over communications equipment, with supply chain transparency and cybersecurity protection capabilities becoming key regulatory priorities.

This FCC policy update clearly reflects that global communications equipment has gradually evolved from pure technical consumer goods to critical infrastructure in the national security system. In the future, global communications equipment manufacturers must integrate cybersecurity protection and supply chain transparency into core product design, in addition to complying with traditional technical specifications such as radio frequency (RF) and electromagnetic compatibility (EMC), to adapt to the trend of global regulatory upgrading and achieve sustainable development.