In a far-reaching ruling this week, the FCC added all consumer-grade routers produced in foreign countries to its existing Covered List–effectively blocking any new foreign-made router model from receiving FCC equipment authorization. Without FCC authorization, no new foreign-made routers can be imported or sold into the US market. Nearly 100% of consumer-grade routers are manufactured or assembled outside the United States, which means the FCC has significantly limits on new router imports and sales until approvals or waivers are granted.
Previously authorized devices are not affected and can continue to be imported, sold, and used. Firmware support for these models is expected to continue through at least March 1, 2027, with a possible extension.
For broadband providers, existing CPE deployment and inventory remain in place. However, the policy introduces uncertainty around the timing and availability of next-generation equipment.
Cybersecurity Concerns Could Hurt Broadband Providers
In its decision, the FCC cited cybersecurity concerns that foreign-made routers were implicated in the Volt, Flax, and Salt Typhoon targeting vital U.S. infrastructure. All of those were serious and very concerted efforts at cyber espionage, and all have been tied back to China. The consumer routers that were targeted in each of these attacks were from multiple brands, including Cisco, D-Link, Netgear, Asus, and others, all of which generally split manufacturing and assembly between Taiwan, the Philippines, Malaysia, and Vietnam, among others. Some of these companies even have US-based corporate headquarters or major US sales offices. But for the FCC, the focus of its decision is not on the corporate nationality, but on the country of production.
For broadband operators, the implications could be meaningful. Many ISP-supplied gateways and mesh systems are assembled by global original design manufacturers (ODMs), including Sercomm, Arcadyan, Askey, Compal, and Wistron NeWeb. There is currently not enough domestic manufacturing capacity of residential CPE and routers to fill in the supply gap ISPs now face, since the vast majority are manufactured in other countries.
Cable operators running managed Wi-Fi programs—such as Comcast’s xFi, Charter’s Spectrum Wi-Fi—are particularly exposed, since those programs depend on a steady pipeline of certified gateway hardware to provision new subscribers and replace aging CPE in the field. A freeze on new model authorizations could not only limit the availability of new DOCSIS 4.0 and Wi-Fi 7 units, but also the limit the new revenue associated with the managed Wi-Fi services these operators are providing.
The FCC established a Conditional Approval pathway, which may require disclosure of management structure, supply chain details, and potential plan for to US manufacturing. However, there is no published timeline for how long that process takes, and no precedent for how many applications the relevant agencies can process in parallel.
Few, if any, brands known for consumer-grade routers currently build products stateside. Standing up domestic manufacturing lines—even for final assembly—is a capital-intensive, multi-year undertaking. Beyond the amount of time, it would take to get domestic manufacturing up and running is the cost to do so. CPE margins are incredibly slim to begin with, which makes it almost impossible that these companies would even consider onshoring manufacturing, where input costs are significantly higher than in Southeast Asia.
In the near term, the US residential router market will now stratify in ways that may not serve the underlying security objectives. Inventory of previously-authorized models will be rationed, prices will rise, and innovation cycles — particularly the transition to Wi-Fi 7 and Wi-Fi 8 — will slow in the U.S. market relative to the rest of the world. Whether that outcome makes American networks more secure, or simply more expensive, is an open question.
