The US is banning imports of new models of foreign-made consumer Internet routers, with exemptions available for approved companies. The order from the Federal Communications Commission (FCC) cites “an unacceptable risk to national security”, and the ban is along similar lines to one already in place for drones.

The ban includes all “consumer-grade routers produced in foreign countries”, without any mention of China, which is estimated to control at least 60 per cent of the US market for home routers.

Consumers and businesses connect wired Internet lines to routers to create Wi-Fi networks for computers, phones, televisions, cameras and other internet-enabled devices.

The FCC said companies may apply for exemptions, but the order is expected to disrupt the router market, most of which relies on overseas manufacturing. The order does not affect any previously purchased consumer-grade routers. Since most consumer routers are manufactured outside the US, the move is likely to block a significant share of new devices from entering the US market.

Router vulnerabilities have surfaced periodically, making them easy targets for hackers and botnets. The China-founded company TP-Link is a major player in the US consumer market, but it has been distancing itself from China, splitting from its Chinese entity in 2022. It has maintained a global headquarters in California since 2024.

“TP-Link is confident in the security of our supply chain, and we welcome this evaluation of the entire industry,” a company spokesperson told Bloomberg. Other major router makers include Netgear, Cisco Systems, Linksys and Asustek Computer, many of which manufacture their products overseas.

Manufacturing routers domestically does not necessarily make them safer. In 2024, hackers linked to Volt Typhoon compromised hundreds of Cisco and Netgear routers, many of which were outdated models no longer supported by manufacturer updates or security patches.

The FCC has cited a National Security Determination from March 20. “Recently, malicious state- and non-state-sponsored cyber attackers have increasingly leveraged vulnerabilities in small and home office routers produced abroad to carry out direct attacks against American civilians in their homes... Additionally, routers produced abroad were directly implicated in the Volt, Flax and Salt Typhoon cyberattacks, which targeted critical American communications, energy, transportation and water infrastructure.”

“While the rule does not name China, the direction of travel is pretty clear, and it raises the stakes for how the US approaches connected devices going forward,” said Craig Singleton, a senior fellow at the Foundation for Defence of Democracies. The development is reminiscent of the ban on smartphones developed by Chinese companies, including Huawei Technologies.