In brief
On March 31, 2026, the Federal Communications Commission (FCC) updated its Frequently Asked Questions providing guidance on the agency’s March 23, 2026 decision, adding “routers produced in a foreign country” to the Covered List — an action that banned approval of any new covered consumer-grade router models absent a “Conditional Approval” from the Department of War (DoW) or the Department of Homeland Security (DHS). The update implements a National Security Determination by a White House‑convened interagency body on March 20, 2026, finding that foreign‑produced routers pose supply chain and cybersecurity risks. This action is similar to the FCC’s December 2025 prohibition on foreign-made drones.
Key takeaways
- New consumer-grade router models produced outside the United States are ineligible for FCC equipment authorization, which is required before most electronic devices may be imported, marketed, or sold in the United States, unless the company obtains approval from DoW or DHS to exempt the router from the prohibition.
- A router may be considered foreign‑produced if any major stage of production — including design, development, manufacturing, or assembly — occurs outside the United States.
- Companies may apply for entity-level Conditional Approval, covering multiple router models.
- Consumers may continue to use routers previously approved by the FCC, and companies may continue to sell previously approved routers. These routers can also receive software and firmware updates that “do not degrade the characteristics” of the router, but only until March 1, 2027; the FCC has not decided what will happen after that date.1
In more detail
The FCC updated its Covered List on March 23, 2026, to include all consumer-grade routers produced in a foreign country, except routers that receive approval from DoW or DHS. The ban applies to a router if any major stage of the production process occurs in a foreign country, including manufacturing, assembly, design, or development. The location of final assembly is not determinative.
This action was prompted by a National Security Determination promulgated by a White House-convened interagency body. The Determination identified two “unacceptable risks” posed by foreign‑produced routers: (1) “introducing a supply chain vulnerability that could disrupt the US economy, critical infrastructure, and national defense”; and (2) “establishing a severe cybersecurity risk that could be leveraged to immediately and severely disrupt US critical infrastructure and directly harm US persons.” The FCC attributes the determination to the exploitation of foreign router vulnerabilities by malicious state and non-state sponsored cyber attackers, including the Volt, Flax, and Salt Typhoon cyberattacks that targeted vital US infrastructure.
The prohibition applies to new device models that require equipment authorization from the FCC. Covered List status prevents new models from entering the US market because equipment authorization is required to import and market radiofrequency devices. However, consumers may continue to use routers already acquired, and retailers may continue to sell, import, or market models previously approved through the equipment authorization process.
The FCC’s Office of Engineering and Technology (OET) issued a limited waiver temporarily lifting the otherwise applicable prohibitions in 47 C.F.R. §§ 2.932(b) and 2.1043(b) that would have barred even routine “Class I permissive changes” for covered equipment. The waiver allows previously authorized routers to continue receiving software and firmware updates — including security patches and other changes needed to maintain functionality and compatibility — through March 1, 2027. OET explained that this temporary relief is intended to avoid near-term public interest and security harms, and that it will re-evaluate prior to the expiration date whether to extend the waiver.
Manufacturers of foreign routers can apply for “Conditional Approval” from the DoW and DHS. Applications must include details about ownership, board membership, and country of origin for components, IP ownership, design, assembly, and firmware, among other things. The application requests details about the applicant’s US manufacturing and onshoring plan, signaling that approval may be conditioned on a company’s commitment to shift router production to the United States. Companies may apply for entity-level approval, covering multiple router models.
Consistent with its December 2025 restriction on foreign-made drones, the FCC’s placement of foreign produced routers on the Covered List applies to the entire product category rather than specified companies or countries and was initiated through a White House convened interagency process. This underscores how the US is using the Covered List mechanism to influence the supply chain for widely deployed connected technologies, seeking to onshore manufacturing and reduce national security risks.
The FCC published Frequently Asked Questions and answers, updated on March 31, 2026, to address issues raised by the new policy.
Companies that develop, import, or market products with features that could raise US national security considerations should closely monitor evolving regulatory and enforcement developments. Baker McKenzie supports clients in this rapidly shifting landscape by tracking policy and rulemaking trends, identifying supply‑chain risks, and designing compliance and risk‑mitigation strategies.
*****
Ethan Primeaux, Associate, has contributed to this legal update.
1 47 C.F.R. § 2.1043(b)(1).