The FCC added all consumer-grade routers produced in foreign countries to its Covered List on March 23, effectively banning new foreign-made router models from the US market. No new model can receive FCC equipment authorization, which means it cannot legally be imported, marketed, or sold. The justification: Chinese state-sponsored hackers — operating under names like Volt Typhoon and Salt Typhoon — have been exploiting home and small office routers to attack US critical infrastructure, telecoms, and even congressional offices.

1. This Is Overdue (National Security Hawks, FCC, Cybersecurity Analysts)

Chinese state hackers used consumer routers to penetrate US infrastructure. The door needed closing.

The Typhoon campaigns proved the threat was real and ongoing. Salt Typhoon hacked over 200 companies across 80 countries, according to the FBI. It penetrated US telecoms, infiltrated House committee systems, and gave Beijing surveillance access to critical networks. Volt Typhoon embedded itself in US infrastructure for potential sabotage. A 2024 congressional inquiry found that Chinese hackers specifically targeted TP-Link routers because of their "unusual degree of vulnerabilities."

The feds will grant exemptions for allied nation manufacturers. Companies can apply for Conditional Approval, reviewed by the Department of Defense and DHS. Allied-nation manufacturers — Japanese, Korean, Taiwanese, European — will likely clear the process. The ban's real target is firms with documented ties to Chinese state hacking operations, and the broad scope ensures no backdoor gets missed.

2. This Is Just More of Trump's Protectionism (Trade Groups, Consumer Advocates, Industry Critics)

They banned every foreign router on Earth to target one Chinese company.

The ban applies to anything foreign. The FCC didn't ban TP-Link. It banned all foreign-made routers. Instead of targeting specific companies with proven vulnerabilities — which the government has done successfully before — the FCC applied the restriction to every manufacturer outside the United States. CyberScoop called it a "big swing" that creates massive supply chain uncertainty. The new federal approval program so broad that it would require enormous resources to administer.

Consumers will pay for this. TP-Link controls an estimated 65% of the US home and small business router market. Asus, Netgear, D-Link, Linksys, and Google Nest WiFi all manufacture overseas and now need conditional approval for every new model. Supply disruptions and price increases are expected. The people least able to absorb higher router costs are the same people most dependent on affordable home internet — exactly the users who weren't being targeted by Chinese intelligence.

3. The Ban Doesn't Fix the Actual Problem (Cybersecurity Researchers, Open Source Advocates)

Routers aren't insecure because they're foreign. They're insecure because nobody patches them.

The Typhoon campaigns exploited known vulnerabilities in routers that hadn't been updated. Salt Typhoon used known, publicly documented flaws in firewalls, routers, and VPN products to gain initial access. The problem wasn't that the hardware was Chinese — it's that router manufacturers ship products with minimal security defaults and consumers never update the firmware. A US-made router with the same patching neglect is just as vulnerable.

Banning foreign hardware is a hardware solution to a software problem. What would actually reduce router-based attacks: mandatory security update requirements, minimum firmware support periods, secure-by-default configurations, and vulnerability disclosure mandates. The EU's Cyber Resilience Act takes this approach — requiring manufacturers to provide security updates for the product lifecycle. The FCC chose the blunter instrument.

Where This Lands

Chinese hackers exploited home routers to penetrate telecoms and congressional offices — the security threat is documented and real. But the FCC's response bans all foreign-made routers rather than targeting the specific firms and vulnerabilities responsible. Where this lands depends on whether the exemption process works smoothly enough that allied manufacturers keep selling in the US — or whether American consumers end up paying more for routers that are just as vulnerable to the software flaws the ban doesn't address.

Sources