You’ve probably heard the US government has banned foreign-made consumer Wi-Fi routers over national security fears.
You might be wondering: WTF is going on?
Just another day in America under Donald Trump and FCC chairman Brendan Carr. You’re probably fine for now, but if you want to know why there’s so much chaos, read on.
The government’s not taking away my router, right?
No, you can keep using your router in the United States of America no matter where it was made — the FCC is crystal-clear about that. You can even go buy a replacement: “Consumers will continue to be able to purchase previously authorized routers,” it writes.
Is there a recall on “vulnerable” routers? Do I need to patch them?
Nope, despite the alleged national security threat, no action is required. “Consumers currently using covered routers in small and home offices do not need to do anything,” writes the FCC. There are no restrictions on existing routers whatsoever, it adds.
What about outside of the home? Will the government stop using vulnerable routers?
No, the FCC says the government can keep using them. And US agencies do buy products from companies it has claimed to be worried about: for example, The Department of Defense and NASA have purchased TP-Link equipment, which has been investigated by the government but still controls at least a third of the market for US consumer routers.
That’s a whole lot of nothing. So just how bad is this threat?
Here’s a document attempting to justify the ban. Hackers have been able to “carry out direct attacks against American civilians in their homes,” steal intellectual property, create botnets to disrupt US communications, and more, it claims.
“Additionally, routers produced abroad were directly implicated in the Volt, Flax, and Salt Typhoon cyberattacks which targeted critical American communications, energy, transportation, and water infrastructure.”
Sounds bad. But if they’re not recalling the routers, and they’re not fixing them… what the heck is the government actually doing?
It’s banning future routers that haven’t been made yet.
You’re not making a lot of sense.
I warned you this was a story about Brendan Carr, known dummy and anti-consumer FCC chairperson! Specifically, the FCC is keeping new, previously unannounced, foreign-made consumer routers out of the US… unless it decides to exempt them. For reasons. We’ll get to those.
How does keeping us from buying newer routers keep us safe?
What an astute question! Stick with The Verge, I think you’ll like it here.
Is it because the US government plans to audit the security of new routers before letting them in?
Not as far as we can tell. The FCC says nothing of the sort. Mostly, it suggests we’d all be safer if routers were made in the US instead. Don’t take my word for it: you can read the whole filing here.
Can I buy American? Netgear and Google Nest and Amazon Eero and Ubiquiti are US brands...
The FCC isn’t banning routers from foreign companies, it’s banning routers made in foreign countries — which is practically all routers. Every one of those US companies produces their routers in Asia, the same way Apple makes all but half a Mac overseas. Even Elon Musk’s Starlink, the one company that does seem to make routers in the US, also produces hardware in Vietnam and didn’t answer our emails asking what percentage is made domestically.
What about routers designed in Asia but manufactured in the US?
The FCC says routers are foreign if any major stage of development, including design or assembly, happened abroad. Routers are not foreign just because they contain foreign-made components, though, unless that component is a “modular transmitter.”
(The modular transmitter rule is new as of October 2025; it theoretically lets the FCC crack down on products that merely contain radios from companies deemed a security risk.)
Does the FCC have proof that foreign routers are more vulnerable than domestic ones?
No, because again, those domestic consumer routers generally don’t exist. While the FCC’s National Security Determination claims that “foreign-produced routers present additional and unacceptable risks to Americans,” it’ll be pretty tough to provide proof of “additional” risks because there’s nothing to compare to. Certainly it didn’t include any comparisons in the document.
Are foreign companies’ routers more vulnerable, then?
The FCC doesn’t present evidence for that either. While the same document links to a number of scary stories about Chinese hackers compromising routers like Volt Typhoon and Salt Typhoon, those stories implicate US companies’ products too — like Netgear and Cisco. The hackers might have been Chinese, but that doesn’t mean the routers were.
So any time a government says “foreign routers are a security risk,” they just mean “routers are a security risk?”
But if US-designed routers are actually made by Chinese manufacturers, maybe they left backdoors for Chinese spying?
Sure, it’s a risk, but that’s not how our biggest cybersecurity snafus have gone down. The real issue is lazy telecom companies.
Veteran telecom reporter Karl Bode tells The Verge:
When we looked at coverage of the Salt Typhoon hack, arguably one of the biggest attacks on America’s cybersecurity infrastructure, one of the core problems wasn’t foreign routers. It was a lack of oversight and regulation of telecom monopolies. A lot of these monopolies had gotten so lax with their privacy and security standards that they forget to change default admin passwords on a lot of their routers.
Karl has previously blogged about how the Trump administration and Brendan Carr have dismantled cybersecurity in the United States after telecom lobbyists insisted. Trump’s DHS even disbanded the group investigating the Salt Typhoon hack, and two major telecoms reportedly stopped looking for evidence because they were afraid of what they’d find.
It’s not just crappy passwords: some of the biggest router hacks exploited vulnerabilities that were fixed years earlier — but either router makers or owners never bothered to patch. That’s partly because companies don’t tell consumers when they stop updating routers, writes Consumer Reports’ Stacey Higginbotham:
These companies create a doorway into your home, knowing they will stop locking the door. But when they stop locking the door, they don’t tell consumers. It’s like if you could buy milk without an expiration date. Except unlike milk, which smells when it’s no longer safe, your router gives no sign.
I’ve heard the FCC may stop companies from issuing security updates to routers after March 1st, 2027. What’s up with that?
The FCC says it’s issuing a waiver that lets all existing routers keep getting software and firmware updates “that mitigate harm to US consumers at least until March 1st, 2027.” But in that same announcement, the FCC admits that companies do not need to file documents when they issue those updates, so there’s nothing that the FCC would be blocking or approving to begin with — unless they issue updates that also change their radios’ performance. Here’s the law on those sorts of changes.
How can the FCC ban routers?
No device with a radio can be imported, sold, or marketed in the US unless the FCC authorizes it first. It’s usually just checking to ensure devices don’t release too much harmful interference or radiation. But in 2019, Trump and Congress came out against Chinese telecom infrastructure gear, creating a mechanism called the “covered list” that’s now being used against consumer products like drones and routers.
The Secure and Trusted Communications Act of 2019 establishes that list; if the government decides any piece of gear “poses an unacceptable risk to the national security of the United States or the security and safety of United States persons,” they can add it to the list. The Secure Equipment Act of 2021 — signed by Biden — bars the FCC from authorizing any gear on that list.
The ban is just on consumer routers, right? What about the routers and cable modems my ISP rents me, my pocket hotspot, my network switch, my Wi-Fi extender?
It could affect all of those or none of those.
The FCC is banning “consumer-grade routers” as defined in NIST Internal Report 8425A. These are routers “intended for residential use and can be installed by the customer.” But it also defines routers loosely as devices that “forward data packets, most commonly Internet Protocol (IP) packets, between networked systems.” That could cover every piece of gear you use to connect to the internet or even your home network.
Companies get to self-certify whether they’re adhering to the rules, can claim whatever they want, and then it’s up to the US government to inspect at customs or not.
So that’s it? No more new home routers in the United States?
Router companies have two paths. Like DJI, the Chinese dronemaker, they could decide to stop shipping their new routers into the US while still selling older products here. You won’t be able to buy a future Wi-Fi 8 router from those companies, but existing Wi-Fi 5, 6, and 7 routers can be sold if they were already approved by the FCC.
Or, router companies can apply for a “conditional approval” to keep getting new products cleared for the US.
What if I buy one of those newer routers in Canada and bring it back home?
The FCC’s magic 8 ball says, “no,” but good luck enforcing that, Brendan.
Will the FCC require improved security to get that conditional approval?
Nope! While applicants have to answer a long list of questions, not a single one is about the kind of security that prevents hacks.
The only thing the Trump administration seems to care about is location, location, location — where the device is made and assembled and tested, where its owners live, where its components come from, whether any foreign governments have influence.
And tellingly, the FCC is asking for a plan to manufacture those routers in the US instead. The plan must include how much money the company will commit to US manufacturing over the next five years.
If it’s not about security, why is the Trump administration doing this?
The stated goal of Trump’s isolationist policies is to bring back US manufacturing, create US jobs, and use that independence to ensure the US can make things — if, say, China invades Taiwan and severs the entire tech supply chain that relies on Taiwanese chips.
But practically, this looks a lot more like the latest shakedown. The Trump administration has repeatedly used nebulous national security claims to extract tariffs, personal flattery, and billions of dollars in fees, and this feels like the latest attempt at Gangster Tech Regulation that uses xenophobia as a cudgel. Remember when a ban on Nvidia selling AI chips to China was about national security, yet later Trump approved those sales for 15 percent now 25 percent of the proceeds?
“Companies having to go beg the Trump administration to do basic business in America — there’s no reason we should suddenly look upon a policy like that and unilaterally declare it’s credible or genuinely going to be used to actually improve cybersecurity standards,” says Bode.
So are the router makers ready to kiss Trump’s ring and invest in US manufacturing?
It’s hard to read Netgear’s statement any other way, via third-party spokesperson Sarah Grubbs:
We commend the Administration and the FCC for their action toward a safer digital future for Americans. Home routers and mesh systems are critical to national security and consumer protection, and today’s decision is a step forward. As a U.S.-founded and headquartered company with a legacy of American innovation, NETGEAR has long invested in security‑first design, transparent practices, and adherence to government regulations, and we will continue to do so.“
After all, the ban doesn’t seem to care where you’re founded or headquartered, it cares whether you’ll help Trump convince the world that manufacturing can return to the US. It didn’t tell us whether it would invest, though.
TP-Link, currently thought to be the leader in US router sales with at least a third of the consumer market, provided the following statement via third-party spokesperson Ricca Silverio:
Virtually all routers are made outside the United States, including those produced by U.S.-based companies like TP-Link, which manufactures its products in Vietnam. It appears that the entire router industry will be impacted by the FCC’s announcement concerning new devices not previously authorized by the FCC.
TP-Link is confident in the security of our supply chain and we welcome this evaluation of the entire industry.
Like Netgear’s statement, the second half of the TP-Link statement sounds silly because the FCC isn’t asking about “security.” TP-Link did not reply when we asked if it would manufacture routers in the US.
Amazon (Eero), Asus, Google (Nest), and Ubiquiti (Unifi, Amplifi) didn’t respond to our requests for comment.
