The FCC Adds New Foreign-Made Consumer Routers to its List of Banned Foreign Devices
A New Chapter in Supply Chain Security
Effective March 23, 2026, the Federal Communications Commission (FCC) has added foreign-made consumer routers to its Covered List, prohibiting the authorization and use of newly produced covered routers unless a conditional approval is granted by the US Department of War (DoW) or the US Department of Homeland Security (DHS).
This new action represents the second time in three months that the FCC has categorically expanded the Covered List. The first such action involved all foreign-made Uncrewed Aircraft Systems (UAS or drones) and their critical components, signaling an accelerating trend in the use of the Covered List as a tool for addressing perceived national security risks.
What Devices Are Affected?
This action specifically covers consumer-grade networking devices that are primarily intended for residential or small office/home office (SOHO) use and can be installed by the customer, rather than enterprise-grade routing infrastructure. The distinction is important: enterprise and carrier-grade equipment procured through established vendor relationships is not the target of this particular action.
The types of devices affected include:
- Home Wi-Fi routers marketed to individual consumers
- Small office/home office (SOHO) networking equipment available through retail channels
- Customer-installable networking devices that do not require professional installation or configuration
Consequences of Placement on the Covered List
Devices placed on the FCC’s Covered List face significant restrictions that effectively remove them from the US market:
- Marketing and importation: Covered devices cannot be marketed or imported into the United States.
- Federal subsidies: These devices cannot be purchased, maintained, or operated using FCC-administered subsidies, including Universal Service Fund programs.
- Annual certification: Companies must annually certify to the FCC that their products are not prohibited covered equipment, creating an ongoing compliance obligation.
For consumers and small businesses, this means that affected foreign-made routers will no longer be available for purchase through US retail channels. Existing devices already in use are not subject to immediate removal, but replacement parts and continued support may become increasingly difficult to obtain.
A Pattern of Categorical, Entity-Agnostic Actions
What makes this action particularly noteworthy is its categorical and entity-agnostic nature. Rather than targeting specific manufacturers or entities – as has been the traditional approach with the Covered List – this action applies broadly to an entire product category based on country of origin. This mirrors the approach taken with the earlier UAS action and suggests a deliberate shift in regulatory strategy.
The recent substitution of Commerce’s Executive Order 13873 supply chain risk tools with the FCC Covered List as a means to address perceived national security risks and advance US domestic manufacturing and supply chain policy priorities leaves open the possibility of further actions that might take a similar categorical and industry-specific, entity-agnostic approach. Organizations should be watching closely for signals about which product categories or industry sectors might be next.
What This Means for Critical Infrastructure Stakeholders
While this action targets consumer-grade devices, the implications extend to critical infrastructure protection in several ways:
Supply Chain Awareness
Organizations that rely on SOHO networking equipment for remote workers, branch offices, or operational technology environments should audit their equipment inventories. Devices that fall under the new restrictions may need to be replaced or migrated to approved alternatives.
Policy Trajectory
The shift from entity-specific to category-wide restrictions signals a broader policy direction. Critical infrastructure operators should anticipate that similar categorical restrictions could eventually extend to other classes of networking equipment, industrial control systems, or IoT devices.
Compliance Requirements
Companies that manufacture, distribute, or deploy networking equipment must ensure their annual FCC certifications accurately reflect the new restrictions. Non-compliance carries significant regulatory risk.
Looking Ahead
The pace of Covered List expansions – two categorical actions in three months – suggests that this regulatory tool is becoming a preferred mechanism for addressing supply chain security concerns. The entity-agnostic, category-wide approach lowers the barrier for future actions and may be applied to additional product categories as supply chain policy continues to evolve.
Organizations involved in critical infrastructure should proactively review their supply chains, monitor FCC actions, and engage with industry groups and government partners to stay ahead of these regulatory changes.
Additional Resources
- FCC Covered List: The FCC maintains the official list of covered communications equipment and services on its website.
- CISA Supply Chain Resources: The Cybersecurity and Infrastructure Security Agency provides guidance on supply chain risk management for critical infrastructure sectors.
- InfraGard: Connect with fellow members through the InfraGard portal to share insights on supply chain security developments and their impact on your sector.
Related Posts
General OverviewsThe Role of InfraGard NCR in Washington: Strengthening Critical Infrastructure Partnerships
InfraGard NCR fosters collaboration between the FBI and private sector stakeholders, enhancing information sharing and …
EnergySecuring the Nation's Energy Infrastructure: A Focus on Energy Infrastructure Protection
The security of our nation's energy infrastructure is a critical concern. Protecting these systems from physical, cyber, …
Government FacilitiesUnderstanding PPD-21: Strengthening Critical Infrastructure Resilience and Security
Explore the impact of Presidential Policy Directive 21 on critical infrastructure. Learn how to bridge the gap between …