The Federal Communications Commission has designated all consumer routers manufactured outside the US as a security risk, a decision announced Monday that will reshape one of the world's most consolidated technology markets. Those familiar boxes that sit in millions of homes and offices, quietly managing everything from work emails to smart home devices, have become the unlikely battleground for a much larger struggle over manufacturing, supply chains, and geopolitical control.
The policy itself is straightforward in its scope. New foreign-made product models for network routers will land on the Covered List, a set of communications equipment seen as having an unacceptable risk to national security. But previously purchased routers can still be used and retailers can still sell models that were approved by the prior FCC policies. This technical distinction matters enormously; it allows time for the market to adjust without leaving Americans without functional home networks.
The decision rests on real security incidents. Foreign-made routers were involved in the Volt, Flax, and Salt Typhoon cyberattacks targeting vital US infrastructure. These were not abstract threats. Cyberattacks through routers have disrupted hospitals, energy grids, and communications systems. When government agencies point to actual breaches, the security argument carries weight.
Yet beneath the specific security concern lies a more ambitious vision. The move stems from a goal in the White House's 2025 national security strategy that reads: "the United States must never be dependent on any outside power for core components—from raw materials to parts to finished products—necessary to the nation's defence or economy". This articulates something beyond cybersecurity: a doctrine of technological independence.
Here is where the policy becomes complicated. Few, if any, brands known for consumer-grade routers currently build products stateside. In addition to Chinese tech giants like TP-Link, US companies will also be affected. NetGear, Eero and Google Nest are all headquartered domestically but have manufacturing in Asia. To receive conditional approval for new products, businesses must provide a plan for shifting at least some of their manufacturing to the US. No one has announced plans to do this yet.
The logic underlying the policy is defensible. A government has legitimate interests in ensuring it does not rely on any single foreign power for critical infrastructure. Networks are infrastructure. Manufacturing matters. But the policy also illustrates a genuine tension: between security and practical reality. The move forces the manufacturing of routers to be moved to the US rapidly, particularly since it's not clear that any consumer routers are currently made in the US.
The immediate consequence is likely to be no new router models on shelves while companies scramble to relocate production or seek exemptions. For consumers wanting to upgrade, this creates friction. For manufacturers, it creates enormous upfront costs to establish US factories. The government is effectively saying: you can either accept this constraint or abandon the largest consumer market in the world.
Critics, particularly those concerned with bureaucratic overreach, might argue this is command-and-control regulation masquerading as security policy. A more nuanced criticism is that the policy treats all foreign manufacturing as equally risky, lumping together companies making routers in Taiwan (a longtime US ally with whom relations have historically been strong) with those in China. At least some of that manufacturing activity happens in regions like Taiwan that have historically been on good terms with the US.
There is also merit to the counterargument that American supply chain vulnerability is real and longstanding. Manufacturing capacity takes years to build. Starting now, even if it seems heavy-handed, may reflect the genuine time costs of rebuilding domestic production. The security lapses were real. The attacks happened.
Routers included on the Covered List can continue to receive updates at least through March 1, 2027, although the date could potentially be extended. This grace period is not insignificant. It allows for some orderly transition rather than immediate upheaval.
The fundamental question is whether this approach actually makes Americans more secure or simply makes them less dependent—and whether those are the same thing. A company relocating router manufacturing to the US might still source components from abroad. Supply chains are not factories; they are networks spanning continents. True independence, if it is even possible, requires far more than moving final assembly home.
What is clear is that Washington has decided the era of outsourcing critical technology components is ending. Whether this makes America more resilient or simply more expensive remains to be seen. The market will test that claim over the coming months, as companies decide whether to comply, challenge the rule in court, or retreat from the US market altogether.