Electronics industry says FCC's foreign-made router policy is a bit of a mesh
(2026/04/10)
- Reference: 1775835899
- News link: https://www.theregister.co.uk/2026/04/10/gea_fcc_routers/
- Source link:
The Global Electronics Association (GEA) warns that the US ban on foreign-made network routers is impractical because few are made domestically, leaving consumers with little choice and delaying access to next-gen products, just as Wi-Fi 7 adoption should be ramping up.
In a report, the body representing the international electronics industry argues that the policy is wrong-headed from the start, since vulnerabilities and security flaws are not limited to any particular geography, but appear across different brands and countries of origin worldwide.
The most damaging known intrusions to date, including [1]Salt Typhoon 's penetration of American carriers, exploited US-made equipment running unpatched software, it says.
[2]
The FCC last year [3]effectively scrapped cybersecurity rules introduced in the wake of the Salt Typhoon campaign, aimed at preventing such a recurrence.
[4]
[5]
Yet the changes introduced by the FCC to its Covered List lump together all foreign-made consumer routers, prohibiting the approval of any new models, but not blocking the import, sale, or use of any existing models already authorized.
An exemption is provided for products that the Department of Defense (DOD) or the Department of Homeland Security (DHS) have cleared of posing an unacceptable risk, which requires foreign router makers to apply via the FCC to get on the approved list.
[6]
But an additional requirement is that the vendor must commit to manufacturing that product in the US, and submit a detailed, time-bound plan in which to accomplish this, in order for that device to qualify for FCC authorization.
Others have already labeled the measure as " [7]industrial policy disguised as cybersecurity ."
The whitepaper " [8]Routers, Restrictions, and Reality: The FCC's Latest Supply Chain Curveball " [PDF] warns that the approval process for foreign-produced routers to reach the market is "untested at the scale the router industry requires."
[9]
The sole precedent for this is the 2025 drone ban, it claims, which delivered only four approvals in three months, while router makers launch dozens of new models each year. The bottleneck is compounded by the fact that approval must be granted not by the FCC, but by the DOD and DHS, neither of which has previously staffed or resourced a process designed around consumer electronics product cycles.
The GEA points out that the FCC uses the definition of a router defined by NIST Internal Report 8425A, which covers consumer-grade networking devices primarily intended for residential use and installable by the customer. But it makes no distinction between consumer-owned routers and those leased or provided by internet service providers, so all of that equipment also falls within the scope of the order.
[10]FCC says it's making it easier for US telcos to ditch legacy lines
[11]AI companies lick their chops as FCC proposes forcing call center onshoring
[12]Country that put backdoors into Cisco routers to spy on world bans foreign routers
[13]O say, can you see: FCC pushes patriotic programming for US 250th
It estimates there are over 100 million consumer routers currently in active use across the US, and the FCC's order impacts the replacement cycle for every one of these devices, as new models cannot be authorized unless they secure Conditional Approval and agree to onshoring requirements.
The existing channel inventory of previously authorized router models will absorb initial demand, but that buffer is finite, and if the Conditional Approval process cannot achieve sufficient throughput within 6 to 12 months, consumers and ISPs will face a constrained selection, the GEA says.
The upshot will be that many will not be able to replace aging and outdated routers, which is more likely to leave them vulnerable to attackers taking advantage of any security flaws in them.
Firms that make router silicon such as Qualcomm, MediaTek, and Broadcom operate on global roadmaps, the report states. If the US certification pathway becomes slower or less predictable than equivalent processes in Europe or Asia, then vendors will prioritize launches in those markets, the report claims. US consumers would see delayed availability of new Wi-Fi 7 models, reduced model selection, or higher prices as companies have to cover compliance costs across fewer units sold.
But a major concern of the GEA is that this could be the thin end of the wedge. The Covered List was originally entity-based, targeting specific companies such as Huawei and ZTE because of specific intelligence concerns. Extending it to ban a whole category of products makes it a framework that can be used for any internet-connected product category where foreign manufacturing dominates and a national security rationale can be articulated.
In other words, the FCC could soon be coming for other device categories, banning foreign-made products under the pretense of national security.
The GEA calls for the FCC to abandon this approach in favor of a more precisely targeted one. Such measures could combine mandatory security baselines, enforceable patching and disclosure requirements, plus end-of-life management obligations to address vulnerabilities. This would avoid the market disruption, consumer cost increases, and availability delays that it says US buyers will face with the current FCC scheme. ®
Get our [14]Tech Resources
[1] https://www.theregister.com/2024/10/11/us_lawmakers_salt_typhoon/
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/personaltech&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2adkepm8XOs64Vu-YFb-fkAAAANY&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://www.theregister.com/2025/11/24/fcc_salt_typhoon_rules/
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/personaltech&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44adkepm8XOs64Vu-YFb-fkAAAANY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/personaltech&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33adkepm8XOs64Vu-YFb-fkAAAANY&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/personaltech&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44adkepm8XOs64Vu-YFb-fkAAAANY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[7] https://www.theregister.com/2026/03/24/fcc_foreign_routers/
[8] https://emails.ipc.org/links/Global-Electronics-Association-routers-report26.pdf
[9] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/personaltech&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33adkepm8XOs64Vu-YFb-fkAAAANY&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[10] https://www.theregister.com/2026/03/30/fcc_copper_line_rules/
[11] https://www.theregister.com/2026/03/26/ai_companies_lick_their_chops/
[12] https://www.theregister.com/2026/03/24/fcc_foreign_routers/
[13] https://www.theregister.com/2026/02/23/fcc_patriotic_programming/
[14] https://whitepapers.theregister.com/
In a report, the body representing the international electronics industry argues that the policy is wrong-headed from the start, since vulnerabilities and security flaws are not limited to any particular geography, but appear across different brands and countries of origin worldwide.
The most damaging known intrusions to date, including [1]Salt Typhoon 's penetration of American carriers, exploited US-made equipment running unpatched software, it says.
[2]
The FCC last year [3]effectively scrapped cybersecurity rules introduced in the wake of the Salt Typhoon campaign, aimed at preventing such a recurrence.
[4]
[5]
Yet the changes introduced by the FCC to its Covered List lump together all foreign-made consumer routers, prohibiting the approval of any new models, but not blocking the import, sale, or use of any existing models already authorized.
An exemption is provided for products that the Department of Defense (DOD) or the Department of Homeland Security (DHS) have cleared of posing an unacceptable risk, which requires foreign router makers to apply via the FCC to get on the approved list.
[6]
But an additional requirement is that the vendor must commit to manufacturing that product in the US, and submit a detailed, time-bound plan in which to accomplish this, in order for that device to qualify for FCC authorization.
Others have already labeled the measure as " [7]industrial policy disguised as cybersecurity ."
The whitepaper " [8]Routers, Restrictions, and Reality: The FCC's Latest Supply Chain Curveball " [PDF] warns that the approval process for foreign-produced routers to reach the market is "untested at the scale the router industry requires."
[9]
The sole precedent for this is the 2025 drone ban, it claims, which delivered only four approvals in three months, while router makers launch dozens of new models each year. The bottleneck is compounded by the fact that approval must be granted not by the FCC, but by the DOD and DHS, neither of which has previously staffed or resourced a process designed around consumer electronics product cycles.
The GEA points out that the FCC uses the definition of a router defined by NIST Internal Report 8425A, which covers consumer-grade networking devices primarily intended for residential use and installable by the customer. But it makes no distinction between consumer-owned routers and those leased or provided by internet service providers, so all of that equipment also falls within the scope of the order.
[10]FCC says it's making it easier for US telcos to ditch legacy lines
[11]AI companies lick their chops as FCC proposes forcing call center onshoring
[12]Country that put backdoors into Cisco routers to spy on world bans foreign routers
[13]O say, can you see: FCC pushes patriotic programming for US 250th
It estimates there are over 100 million consumer routers currently in active use across the US, and the FCC's order impacts the replacement cycle for every one of these devices, as new models cannot be authorized unless they secure Conditional Approval and agree to onshoring requirements.
The existing channel inventory of previously authorized router models will absorb initial demand, but that buffer is finite, and if the Conditional Approval process cannot achieve sufficient throughput within 6 to 12 months, consumers and ISPs will face a constrained selection, the GEA says.
The upshot will be that many will not be able to replace aging and outdated routers, which is more likely to leave them vulnerable to attackers taking advantage of any security flaws in them.
Firms that make router silicon such as Qualcomm, MediaTek, and Broadcom operate on global roadmaps, the report states. If the US certification pathway becomes slower or less predictable than equivalent processes in Europe or Asia, then vendors will prioritize launches in those markets, the report claims. US consumers would see delayed availability of new Wi-Fi 7 models, reduced model selection, or higher prices as companies have to cover compliance costs across fewer units sold.
But a major concern of the GEA is that this could be the thin end of the wedge. The Covered List was originally entity-based, targeting specific companies such as Huawei and ZTE because of specific intelligence concerns. Extending it to ban a whole category of products makes it a framework that can be used for any internet-connected product category where foreign manufacturing dominates and a national security rationale can be articulated.
In other words, the FCC could soon be coming for other device categories, banning foreign-made products under the pretense of national security.
The GEA calls for the FCC to abandon this approach in favor of a more precisely targeted one. Such measures could combine mandatory security baselines, enforceable patching and disclosure requirements, plus end-of-life management obligations to address vulnerabilities. This would avoid the market disruption, consumer cost increases, and availability delays that it says US buyers will face with the current FCC scheme. ®
Get our [14]Tech Resources
[1] https://www.theregister.com/2024/10/11/us_lawmakers_salt_typhoon/
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/personaltech&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2adkepm8XOs64Vu-YFb-fkAAAANY&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://www.theregister.com/2025/11/24/fcc_salt_typhoon_rules/
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/personaltech&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44adkepm8XOs64Vu-YFb-fkAAAANY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/personaltech&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33adkepm8XOs64Vu-YFb-fkAAAANY&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/personaltech&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44adkepm8XOs64Vu-YFb-fkAAAANY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[7] https://www.theregister.com/2026/03/24/fcc_foreign_routers/
[8] https://emails.ipc.org/links/Global-Electronics-Association-routers-report26.pdf
[9] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/personaltech&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33adkepm8XOs64Vu-YFb-fkAAAANY&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[10] https://www.theregister.com/2026/03/30/fcc_copper_line_rules/
[11] https://www.theregister.com/2026/03/26/ai_companies_lick_their_chops/
[12] https://www.theregister.com/2026/03/24/fcc_foreign_routers/
[13] https://www.theregister.com/2026/02/23/fcc_patriotic_programming/
[14] https://whitepapers.theregister.com/