Operators must urgently reassess their supply chains following the Federal Communications Commission’s new ban on foreign-made consumer routers.
The FCC has updated its Covered List to bar authorization of consumer-grade routers produced in certain foreign countries. This update follows an Executive Branch interagency determination that these devices pose unacceptable risks to U.S. national security and public safety.
These hardware restrictions require operators to re-evaluate vendor relationships immediately. Procurement teams must adapt quickly to remain compliant, protect against espionage, and safeguard intellectual property. Historically, threat actors have exploited vulnerabilities in overseas-manufactured routing equipment to disrupt networks; foreign-made hardware was implicated in incidents such as the Volt, Flax, and Salt Typhoon attacks that targeted critical infrastructure.
Incorporating new procurement criteria into daily operations often creates friction. Network service providers commonly distribute white-label routers to millions of residential and business customers. With foreign routers now restricted from new authorisations, sourcing teams will need to pivot toward domestic manufacturers or otherwise vetted alternatives. Under the updated rules, new non-compliant hardware will not receive authorization.
The Cybersecurity and Infrastructure Security Agency (CISA) recommends organisations use the FCC Covered List directly as part of their risk-management and regulatory compliance processes.
Aligning the supply chain with the FCC ban on foreign routers
The policy emphasizes domestic resilience. The 2025 National Security Strategy states that the United States should not rely on external powers for core components—ranging from raw materials to finished products—necessary for national defense or the economy, and must restore independent, reliable access to critical goods.
To support that goal, the new equipment-authorization restriction prevents new foreign-produced router models from entering the U.S. market. Current deployments retain business continuity protections: previously approved units may still be sold and existing consumer equipment may continue to operate without interruption.
Manufacturers can seek exemptions through a Conditional Approval process. The Departments of Defense or Homeland Security may grant such exemptions if they determine a specific device does not present an unacceptable security threat. Hardware producers pursuing this route should submit applications to [email protected].
This regulatory approach follows precedents for other categories of equipment. The commission previously restricted certain foreign-produced unmanned aerial vehicles (UAVs) and related components after similar national-security determinations.
FCC Chairman Brendan Carr said he welcomed the Executive Branch’s national security finding and supported adding foreign-produced routers to the FCC’s Covered List, citing the need to protect U.S. cyberspace, critical infrastructure, and supply chains.
In response to the FCC update, U.S. telecom operators and businesses should immediately assess their dependence on foreign suppliers for core equipment such as routers and begin testing compliant alternatives. Updating requests for proposals to require hardware not listed on the Covered List will help protect long-term investment and reduce regulatory risk. Building transparent, secure procurement pipelines will minimise future compliance disruptions.
See also: What telecom operators are learning from deploying AI agents at scale
Want to learn more about cybersecurity from industry leaders? Consider attending Cyber Security & Cloud Expo in Amsterdam, California, and London. The event is part of TechEx and runs alongside other major technology conferences, including the AI & Big Data Expo.
Telecoms is produced by TechForge Media. Explore other enterprise technology events and webinars organized by the publisher.