172/69 Thursday, March 26, 2026
The Federal Communications Commission (FCC) has announced a major escalation in cybersecurity measures by adding consumer-grade routers manufactured outside the United States to its Covered List. This move means that new router models not produced domestically will no longer be eligible for authorization to be marketed or sold in the U.S. The decision follows national security assessments indicating that such devices could serve as vulnerabilities within the supply chain. State-sponsored threat groups such as Volt Typhoon, Flax Typhoon, and Salt Typhoon have previously been linked to exploiting network devices to infiltrate critical infrastructure, posing risks to both national systems and the personal data of U.S. citizens.
However, the policy does not constitute a complete ban. Instead, the FCC has introduced a conditional approval pathway for manufacturers seeking access to the U.S. market. Vendors must undergo rigorous and transparent vetting processes, including disclosure of ownership structures, ties to foreign governments, detailed supply chain information, and the origins of all software and firmware components. Additionally, manufacturers are expected to present clear plans for onshoring critical production components to the United States, ensuring that devices used in households are not susceptible to external control or manipulation.
For consumers, the immediate impact is expected to be limited, as existing router models already on the market or in use will not be affected. However, in the near future, users may experience delays in new product releases or a reduction in available options, as stricter compliance requirements could increase manufacturing costs. This may eventually lead to higher retail prices. Experts view this initiative as a foundational step in strengthening national cybersecurity, aiming to mitigate risks associated with insecure or non-compliant network devices amid the growing intensity of global cyber warfare.