On March 23, 2026 — two days ago — the Federal Communications Commission updated its Covered List to include all consumer-grade routers produced in foreign countries. The practical meaning: no new foreign-made router model can receive FCC equipment authorization, which means it cannot legally be imported, marketed, or sold in the United States going forward.
This isn't a future policy. It went into effect immediately. And it affects virtually every major router brand on the market.
"Recently, malicious state and non-state sponsored cyber attackers have increasingly leveraged the vulnerabilities in small and home office routers produced abroad to carry out direct attacks against American civilians in their homes." The FCC cited the Volt, Flax, and Salt Typhoon cyberattacks — all of which exploited consumer routers — as driving factors in the decision.
What Brands Are Affected
The ruling covers any router produced outside the United States, regardless of where the company is headquartered. That means US-based companies manufacturing overseas are caught in this net too. Here's where the major brands stand:
An estimated 60% of home routers in the US are manufactured by Chinese companies. When you add in Taiwanese and Southeast Asian manufacturing, the vast majority of routers currently sitting in American homes were made overseas.
What It Means for Your Current Router
Here's the important nuance the headlines are glossing over. The ban applies to new models seeking FCC authorization. If your router is already in your home and carries an existing FCC ID, you can keep using it. Retailers can also continue selling existing inventory of already-authorized models.
However, there is a hard deadline buried in the ruling that matters more than the import ban itself.
Foreign-made routers will only be guaranteed to receive firmware and security updates through March 1, 2027. After that date, if a manufacturer hasn't received Conditional Approval from the Department of Homeland Security or Department of War, they cannot legally issue new security patches for their devices. That means your existing TP-Link, Eero, or Netgear router could stop receiving security updates in under a year.
This is where the real exposure is. A router that stops receiving security updates doesn't stop working — but it stops being defended. Known vulnerabilities get discovered and exploited with no patch coming. For a device that sits at the center of your entire home network — handling cameras, security systems, thermostats, door locks, and every phone and laptop in the house — that's not an acceptable risk.
Why This Happened
The FCC's decision followed a National Security Determination by a White House-convened interagency panel. The cited attacks — Volt Typhoon, Flax Typhoon, and Salt Typhoon — were state-sponsored cyberattacks that specifically exploited vulnerabilities in consumer routers to gain access to American households, critical infrastructure, and communications networks.
The logic is straightforward: if a foreign government can exploit a vulnerability in your router, they have a window into everything connected to it. In a home with a professionally integrated smart home system — cameras, locks, security sensors, climate control, AV — the router is the single most critical piece of infrastructure in the building. Everything flows through it.
Whether this ruling survives legal challenges from manufacturers is a separate question — TP-Link has already indicated it will fight, similar to how DJI challenged the drone ban. But regardless of how the legal battle plays out, the security reasoning behind it is sound. A router manufactured in a country with different interests than yours, receiving no security updates, is a liability.
The South Sound Homeowner's Situation Right Now
Most South Sound homes have one of the following router situations:
- ISP-provided router — typically a Technicolor, Sagemcom, or rebranded device manufactured overseas. These are almost universally affected.
- TP-Link or Netgear consumer router — the two most common upgrades people make themselves. Both affected.
- Eero or Google Nest WiFi mesh system — popular consumer mesh systems. Both manufactured overseas, both affected.
- Older Asus or Linksys router — affected.
If your home has any of these, you're not in immediate danger — but you're on a countdown to the March 2027 update deadline, and you're running hardware the US government has formally characterized as a national security risk.
What We Recommend: The Island Router
Island Router & Island Router Pro
The Island Router is one of the only consumer-grade routers designed and manufactured in the United States. It was built from the ground up for professional smart home and networking installations — the kind of environment where reliability, security, and performance aren't optional.
Because it's US-manufactured, it is not subject to the FCC's Covered List ruling. New models can continue to receive FCC authorization. Security updates are not at risk of being cut off under the March 2027 deadline. And it's the router we've been installing in South Sound homes because it performs at a level that consumer routers simply don't.
Island Router vs Island Router Pro — Which One?
The standard Island Router handles most residential applications — whole-home WiFi for a 2,000–4,000 sq ft home with moderate device density. The Island Router Pro is built for larger homes, higher device counts, and installations where the network is carrying significant smart home traffic alongside normal household use.
For most South Sound homes we're installing into, the pro version is the right call. When your network is managing Ajax security cameras, Ecobee thermostats, Control4 automation, and 40+ client devices simultaneously, you want headroom — not a router that's already near capacity on day one.
What to Do If You Have a Foreign Router Right Now
Your existing router isn't going to stop working tomorrow. But here's the decision framework:
- If you have a professionally installed smart home system — your network is the foundation of everything. A router that's heading toward end-of-security-update status is not the foundation you want. Start planning a replacement now, before the rush that's coming as the March 2027 deadline approaches.
- If you have a TP-Link or similar and you're happy with it — keep using it for now. But understand that it's running on borrowed time for security support, and budget for a replacement within the next 12 months.
- If you were already thinking about a network upgrade — the timing has never been better. This ruling just made the case for you, and supply of US-manufactured alternatives is currently good before the market catches up to the news.
- If you're building or doing a major remodel — spec the Island Router into the build now. There is no reason to rough in infrastructure for a router platform that can't legally be updated in 12 months.
The firmware update deadline is more urgent than the import ban. If your current router stops receiving security patches by March 2027, every device on your network becomes progressively more exposed. For a smart home where your security system, cameras, locks, and automation all live on that network — that risk is not acceptable. This is a planned upgrade, not an emergency. But the planning window is now.