Skip to main content
CybersecurityInfrastructure

US Tightens Router Security with Ban on Foreign-Made Devices

US Tightens Router Security with Ban on Foreign-Made Devices

"Foreign‑produced routers introduce 'a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense' and 'pose a severe cybersecurity risk that could be leveraged to immediately and severely disrupt U.S. critical infrastructure and directly harm U.S. persons,'" the Executive Branch determination states — and with that language a new limit on foreign‑made consumer routers has arrived.

What changed

The Executive Branch has set a new rule that affects only new devices: any router manufactured outside the United States now must receive Federal Communications Commission approval before it can be imported, marketed, or sold in the country. The announcement explicitly says consumers do not have to throw away existing routers already in use.

What the Executive Branch said

The determination frames foreign‑produced routers as both a supply‑chain vulnerability and a cybersecurity threat. It explicitly states that such routers can create a supply chain vulnerability "that could disrupt the U.S. economy, critical infrastructure, and national defense." It further characterizes them as posing "a severe cybersecurity risk that could be leveraged to immediately and severely disrupt U.S. critical infrastructure and directly harm U.S. persons."

Why this matters

At its core, the action ties market access for foreign‑made consumer routers to a federal radio‑spectrum and communications regulator's approval. By making FCC approval a precondition for importation, marketing, or sale, the determination places supply‑chain and cybersecurity concerns at the center of commercial access to U.S. consumer networking markets. The Executive Branch's language highlights national‑scale consequences — economy, critical infrastructure, and national defense — alongside direct risks to individuals.

Different perspectives, one set of facts

  • Users: The determination expressly reassures that existing routers do not need to be discarded, limiting immediate consumer disruption to devices already deployed.
  • Policymakers and regulators: The policy links device approval and market access to national security and infrastructure resilience, by requiring FCC sign‑off for new foreign‑made routers before they enter the U.S. market.
  • Security analysts and supply‑chain observers: The determination labels foreign‑produced routers as a supply‑chain vulnerability and a severe cybersecurity risk capable of immediate and severe disruption to critical infrastructure and harm to persons.
  • Potential adversaries: The Executive Branch text warns that the identified risks could be "leveraged" to cause disruption and harm, language that frames the policy as defensive against exploitation.

The decision alters the pathway by which new foreign‑made consumer routers reach U.S. buyers, tying commercial entry to a national regulator's approval on grounds of supply‑chain and cyber risk. It leaves intact current devices in consumers' homes, while channeling future imports through regulatory review intended to address the vulnerabilities the Executive Branch spelled out. Will the approval process and its standards satisfy both security concerns and market needs? The determination poses that practical question without answering it.

https://www.schneier.com/blog/archives/2026/04/us-bans-all-foreign-made-consumer-routers.html