The US Federal Communications Commission in March banned new consumer internet routers made outside the US, saying foreign-made devices had been tied to cyberattacks on critical infrastructure. [1]
The rule covers only new Wi-Fi routers and mobile Wi-Fi or hotspot devices sold to consumers. It does not affect routers already in US homes or on store shelves. [1]
The FCC said all new foreign-made routers must get agency approval before import, marketing or sale in the US. Manufacturers can seek exemptions, and the agency has already granted a few Conditional Approvals. [1]
The commission linked the restriction to attacks it said involved foreign-made routers, including Volt, Flax and Salt Typhoon. The FCC said, "Malicious actors have exploited security gaps in foreign-made routers to attack American households, disrupt networks, enable espionage, and facilitate intellectual property theft." [1]
Security firm Bitdefender also described home routers as a key target, with Bogdan Botezatu, its director of Threat Research, saying, "Consumer routers sit at the edge of every home network, which makes them an attractive target and a strategic risk if compromised at scale." [1]
People who already bought foreign-made routers can keep using them and updating firmware until at least March 1, 2027. That deadline is the current cutoff for continued use under the FCC rules. [1]
