Electronics Industry Says FCC's Foreign-Made Router Policy Is a Bit of a Mesh

The FCC’s recent Covered List amendment marks a dramatic pivot from traditional cybersecurity standards toward a supply‑chain‑centric approach. By requiring foreign router makers to secure DoD or DHS clearance and submit a detailed plan to shift production to the United States, the agency aims to mitigate perceived national‑security threats. However, the Global Electronics Association points out that the most damaging intrusions, such as the Salt Typhoon campaign, exploited domestically produced gear with unpatched software, underscoring that risk is not confined to any single country of origin. This mismatch between threat perception and policy design raises questions about the rule’s effectiveness.

Practically, the new approval pathway adds layers of bureaucracy that could choke the fast‑moving router market. DoD and DHS have never managed consumer‑electronics certification at the scale required for dozens of annual model launches, and the only comparable precedent—a 2025 drone ban—yielded just four approvals in three months. With over 100 million consumer routers currently deployed, the inability to introduce fresh, security‑hardened devices could force users to cling to aging hardware, increasing exposure to exploits. Moreover, manufacturers like Qualcomm, MediaTek and Broadcom may prioritize launches in Europe or Asia where certification is quicker, leading to delayed Wi‑Fi 7 rollouts, reduced model variety, and higher prices for U.S. buyers.

Beyond routers, the rule’s broad language sets a concerning template for future restrictions on other internet‑connected products. Industry advocates suggest a more nuanced strategy: enforce mandatory security baselines, require timely patching, and establish end‑of‑life management, rather than imposing blanket bans that disrupt markets. Such targeted measures would address genuine vulnerabilities while preserving the competitive dynamics essential for innovation and consumer choice.