FCC Foreign Router Ban 2026: What Your Business Needs to Know

by Mar 24, 20260 comments

The FCC Just Banned Foreign-Made Routers. Here Is What Every Business Needs to Know.

On March 23, 2026, the Federal Communications Commission made a sweeping move that will ripple through every office, branch location, and server room in America. The agency updated its Covered List to include all consumer-grade routers produced outside the United States, effectively banning the import and sale of any new foreign-made router models that have not already received FCC equipment authorization.

The framing is national security. The implications go well beyond your home Wi-Fi box.

If your business is overdue for a hardware refresh, planning an office expansion, or running SD-WAN infrastructure across multiple sites, this ruling deserves your attention now.

What the FCC Actually Did

The FCC’s Covered List is a catalog of communications equipment deemed to pose unacceptable risks to U.S. national security. Once a device category lands on the list, new models cannot receive FCC equipment authorization. Without that authorization, a device cannot legally be imported, marketed, or sold in the United States.

Previously, the list targeted specific companies — mainly Huawei and ZTE. This ruling is categorically different. It targets an entire product class regardless of the manufacturer’s nationality. American companies are caught in this net alongside Chinese ones.

The action followed a determination by a White House-convened interagency body that foreign-produced routers introduce a supply chain vulnerability that could disrupt critical infrastructure and national defense, and pose a severe cybersecurity risk to Americans. The FCC specifically cited the Volt Typhoon, Flax Typhoon, and Salt Typhoon cyberattacks as evidence of the threat.

What Is and Is Not Affected

Before you panic, here is the practical breakdown.

✅ What Is NOT Affected

  • Any router already in use at your office or home is completely unaffected. You do not need to replace it.
  • Existing router models that already carry an FCC equipment authorization ID can continue to be imported, sold, and supported through the supply chain.
  • Software and firmware updates for devices already on the market are allowed to continue through at least March 1, 2027.

⚠️ What IS Affected

  • New router models that have not yet received FCC authorization cannot be imported or sold in the U.S.
  • Any planned hardware refresh that counted on newer models from major brands may face delays or limited options.
  • Pricing on existing authorized inventory will almost certainly rise as supply tightens.

The Brands Caught in the Middle

This is where the ruling gets complicated — and where businesses need to pay closest attention.

Virtually every major router brand manufactures overseas. That includes well-known consumer names like TP-Link, ASUS, D-Link, Linksys, Netgear, Amazon Eero, and Google Nest Wifi. They build their hardware across China, Taiwan, Vietnam, and Thailand.

But the impact does not stop at the consumer aisle.

Cisco, one of the most widely deployed enterprise networking vendors in the world, manufactures its Meraki MX appliances and other SD-WAN hardware in Taiwan and China. Fortinet, a U.S.-based company, manufactures its FortiGate appliances primarily in China and Taiwan. Ubiquiti, popular in SMB and managed service deployments, also produces its hardware in Asia.

Key ambiguity: The FCC’s ruling focuses on “consumer-grade” routers as defined by a NIST standard — devices primarily intended for residential use that can be installed by a customer. Many small and mid-size business appliances walk that line closely, and the legal ambiguity has not been resolved.

At the moment, there is one clear winner. The Starlink Wi-Fi router manufactured by SpaceX in Texas is the only major router product confirmed to have domestic manufacturing at scale.

The Exemption Path and What It Requires

The ruling does include a path for manufacturers to seek Conditional Approval from the Department of Defense or Department of Homeland Security. Getting there is not simple.

Applicants must disclose their company’s full management structure and supply chain details, and provide a credible plan for shifting at least some manufacturing to the United States. No Conditional Approvals have been granted as of publication. No processing timeline has been announced.

And given the infrastructure investment required to stand up domestic router manufacturing, some brands may choose to exit the U.S. market entirely rather than attempt the transition — as DJI did following the drone ban.

What This Means for Your Business

For most businesses currently running on existing hardware, this is a planning issue, not an emergency. But it becomes more urgent in a few specific scenarios.

Hardware Refresh Cycles

If your network gear is aging and you were planning a refresh in the next 12 to 24 months, the window to buy authorized existing models at reasonable prices is open now. That window may close faster than expected as inventory is drawn down and pricing climbs.

SD-WAN Deployments and Expansions

Businesses deploying or expanding SD-WAN across branch locations need to know which appliances are affected and which are not. The enterprise ambiguity around vendors like Cisco Meraki and Fortinet is real and unresolved. Working with a technology advisor who tracks these developments closely is more important than ever.

Remote Work Infrastructure

Even if enterprise appliances are ultimately carved out from the ruling’s scope, the home routers used by your remote workforce are squarely in the crosshairs. If your employees are using foreign-made consumer routers at home to connect to your corporate environment, that is a supply chain and security consideration worth discussing with your IT team.

Multi-Location Businesses

Franchises, retail chains, healthcare networks, and any organization managing connectivity across multiple sites should audit their current hardware inventory and understand what authorized alternatives exist before planning their next expansion.

A Note on the Broader Security Picture

The FCC’s rationale is grounded in real threats. Volt Typhoon, Flax Typhoon, and Salt Typhoon are documented Chinese state-sponsored operations that exploited vulnerabilities in networking hardware to compromise U.S. critical infrastructure. Foreign-produced consumer routers were implicated.

But it is worth noting what this ruling does not do. It does not address the software vulnerabilities that made those attacks possible. It does not mandate patching schedules or firmware security standards. And cybersecurity experts have pointed out that the Salt Typhoon attacks frequently targeted Cisco hardware — which is designed in the United States.

Moving to domestically manufactured hardware addresses one category of risk. It does not eliminate the need for a comprehensive cybersecurity posture, regular vulnerability assessments, and proactive network monitoring.

ABOUT THE AUTHOR

MoJo Tech Group is a vendor-neutral technology advisory firm with access to over 400 providers. We help organizations make smarter technology decisions — at zero advisory cost.

STAY CONNECTED

Get Technology Insights Delivered to Your Inbox

Join business leaders who trust MoJo for vendor-neutral technology guidance. No spam. Just insights that matter.

No spam. Unsubscribe anytime.

NEED HELP?

Talk to a Technology Advisor

400+ providers. Zero advisory fees. Get a recommendation tailored to your business.

Get a Free Assessment

CONTACT US

MoJo Tech Group
info@mojotechgroup.com
(855) 234-9800
Arlington, VA • Chicago, IL

READY TO MAKE A MOVE?

Every Great Technology Decision Starts with a Conversation

MoJo Tech Group evaluates 400+ technology providers on your behalf — at zero cost. Whether you need connectivity, cybersecurity, cloud, or communications, we find the right fit for your business.

Schedule a Free Consultation