On March 23, 2026, the FCC added all foreign-manufactured consumer-grade routers to the Covered List. New router models produced outside the United States can no longer receive FCC equipment authorization — which means they cannot be legally imported, marketed, or sold in the US. This affects the vast majority of consumer routers on the market today.
What Happened
The FCC's Covered List is a registry of communications equipment deemed to pose an unacceptable risk to US national security. The Commission updated the list following a National Security Determination issued by an Executive Branch interagency body on March 20, 2026. The determination found that consumer-grade routers produced in foreign countries pose "unacceptable risks to the national security of the United States and to the safety and security of U.S. persons."
The decision was driven by three major Chinese state-sponsored cyber campaigns — Volt Typhoon, Salt Typhoon, and Flax Typhoon — which exploited vulnerabilities in foreign-manufactured routers to infiltrate critical infrastructure, compromise telecommunications networks, and conduct surveillance on American citizens. These campaigns demonstrated that consumer routers are a national security vulnerability at scale.
Under the updated Covered List, any router "produced in a foreign country" is considered covered equipment. The FCC's definition of "production" is broad — it includes manufacturing, assembly, design, and development. This is not limited to any single country or manufacturer. It applies to all foreign-produced consumer routers regardless of the nationality of the producing entity.
What It Means for Consumers
The ban does not apply retroactively. If you already own a router, you can continue using it. Retailers can continue selling existing inventory that was imported before the ban. Manufacturers with existing FCC authorizations for specific models can continue importing those approved products.
The restriction applies to new models seeking FCC certification after March 23, 2026. If a router manufacturer wants to bring a new consumer router to the US market, that router must be produced in the United States — or obtain a Conditional Approval from the Department of Defense or the Department of Homeland Security, which requires extensive national security review.
Existing routers can continue to receive software and firmware updates through March 1, 2027, under a waiver the FCC issued alongside the ban. After that date, further updates are not guaranteed unless the waiver is extended.
Who Is Affected
The scope is enormous. The consumer router market in the United States has been almost entirely dependent on manufacturing in China and other Asian countries. The brands affected include TP-Link, GL.iNet, Netgear (most models), ASUS (most models), and effectively every consumer WiFi router, mesh system, and travel router that is manufactured outside the US.
Enterprise-grade networking equipment from companies like Cisco, Aruba, and Juniper Networks falls outside the scope of the ban. The FCC's definition uses the NIST Internal Report 8425A classification of "consumer-grade" — devices "primarily intended for residential use and can be installed by the customer." Enterprise equipment requiring professional installation is not covered.
This also has implications for federal contractors, government agencies, and anyone operating under NDAA Section 889 restrictions. Section 889 of the FY2019 NDAA separately prohibits the use of telecommunications equipment from Huawei, ZTE, Hytera, Hikvision, Dahua, and their subsidiaries in government contracts. The FCC's router ban adds a broader layer on top of Section 889 by restricting all foreign-produced routers, not just those from specific banned entities.
What This Means for the Router Market
The American consumer router market is facing a supply gap. Most of the routers sold in the US were designed and manufactured in Shenzhen, China. Domestic router manufacturing at consumer price points has been essentially nonexistent for over a decade. Rebuilding that manufacturing base — designing new products, qualifying US-based production lines, obtaining FCC certification — takes time. Twelve to eighteen months is a realistic timeline for most manufacturers to bring new US-produced models to market.
In the interim, consumers and organizations looking for new routers have limited options. They can purchase previously authorized models from existing inventory, use enterprise-grade equipment that falls outside the consumer classification, or turn to the small but growing number of manufacturers that were already producing routers with US or allied-nation supply chains.
What You Can Do
If you need a new router and want to be compliant with both the FCC Covered List and NDAA Section 889 requirements, look for products that meet these criteria:
- Produced in the United States or a TAA-designated allied nation — the FCC ban targets foreign production, so routers manufactured in the US are not covered equipment
- No Section 889 banned entities in the supply chain — no Huawei, ZTE, Hytera, Hikvision, or Dahua components
- Open-source firmware — auditable code means you can verify what the router is doing on your network, eliminating the telemetry and phone-home concerns that drove the ban in the first place
- FCC Part 15 certified — the router has been tested and authorized to operate in the United States
For those who need a router today and cannot wait for the broader market to catch up, OpenWrt-based platforms built on US or allied-nation hardware represent the most practical path. OpenWrt is a fully open-source Linux-based router operating system with over 8,000 installable packages, full VPN support (WireGuard, OpenVPN), network-wide ad blocking, and the kind of transparency that proprietary firmware cannot offer.
AtlasGate: NDAA-Compliant Routers from BlackAtlas
BlackAtlas designed AtlasGate specifically to address this gap. AtlasGate is an NDAA-compliant router product line built on hardware sourced exclusively from TAA-designated allied nations, running open-source OpenWrt firmware with the BlackAtlas admin interface.
Every component in the signal chain — processor, WiFi module, Ethernet controller — is sourced from the United States, United Kingdom, Taiwan, or the Netherlands. There are no components from any entity banned under Section 889. There are no waivers needed. AtlasGate is FCC Covered List compliant because it is not produced in a foreign country.
AtlasGate comes in two tiers:
AtlasGate Home (from $499) is designed for personal use, emergency preparedness, and ham radio operators. It delivers dual-band WiFi 6, 2.5 Gigabit Ethernet, WireGuard VPN, network-wide ad blocking, and optional 4G/5G cellular with automatic multi-carrier failover. It runs the same OpenWrt firmware with full root access — you can install any of 8,000+ packages, run Docker containers, or flash mainline OpenWrt at any time.
AtlasGate Pro (from $1,299) is a Made-in-USA tactical edge gateway built on a US-manufactured industrial single board computer with ISO 9001 and AS9100 quality certifications. It features M.2 5G cellular, dual Gigabit Ethernet, optional TPM 2.0, wide voltage input (8–60VDC), PoE support, and an operating temperature range of -40°C to +85°C. Designed for federal contractors, public safety agencies, and field operations where compliance and reliability are non-negotiable.
Both tiers include native integration with the broader BlackAtlas ecosystem — TAK/CoT output for ATAK and WinTAK, Meshtastic mesh radio bridging, offline map serving via GridDown Maps, ADS-B and Remote ID monitoring, and APRS gateway capabilities.
AtlasGate is currently in development. Join the waitlist at info@blackatlas.tech or visit blackatlas.tech/atlasgate for details.
The Bigger Picture
The FCC router ban is part of a broader trend in US telecommunications policy. The Covered List previously targeted Huawei and ZTE equipment in 2021, then UAS and drone-critical components in late 2025, and now consumer routers in 2026. Each expansion has followed the same pattern: a National Security Determination by Executive Branch agencies, followed by FCC implementation through the Covered List mechanism established by the Secure and Trusted Communications Networks Act.
For individuals and organizations that take network security seriously, this is an opportunity to reassess what's running on your network. The router is the single point through which all your network traffic flows. If that device is running proprietary firmware from a manufacturer with opaque ties to a foreign government, the risk is real — as Volt Typhoon, Salt Typhoon, and Flax Typhoon demonstrated.
Open-source firmware, domestically sourced hardware, and full auditability aren't just compliance checkboxes. They're the foundation of a network you can actually trust.
AtlasGate — NDAA-Compliant Routers
Secure networking. American made. Zero compromises. Join the waitlist — from $499.
View AtlasGate