The Consumer Technology Association (CTA) recently urged the Federal Communications Commission (FCC) to reconsider some of its ban on foreign-made routers, especially the provision that prohibits foreign-made routers that have been approved for use in the United States from continuing to receive software and firmware updates. CTA, the organizer and owner of the International Consumer Electronics Show (CES), said in a filing with the FCC that this approach may expose millions of routers already deployed in homes and offices to security vulnerabilities in the next few years.
According to documents submitted to the FCC, CTA representatives met with the FCC last week regarding this "foreign router ban." The CTA emphasized that it supports the current Trump administration’s overall goal of strengthening controls on equipment and services deemed to present “unacceptable security risks” on the grounds of national security. However, the association pointed out that if software and firmware updates are prohibited for devices already in use, the result is likely to be the opposite of the original intention - not only will security not be improved, but new security risks will continue to accumulate in the future.
Currently, the FCC has issued a temporary exemption that allows foreign-made routers that have been previously authorized for sale and use in the United States to continue to receive software and firmware updates, including security patches and compatibility fixes, until at least March 1, 2027. The CTA wants the regulator to revoke this "deadline" or at least extend it further. The organization emphasized to the FCC that continuous updates are often one of the most effective ways to deal with security risks, especially for equipment that has been deployed at end-user sites and cannot be replaced as a whole in the short term.
The CTA warns that cutting off such updates after the exemption period expires will instantly create a huge number of "unmaintained" routers. These devices will continue to operate and stay connected, but will no longer receive any security fixes. In this case, they will become increasingly attractive targets for botnet operators as well as state-sponsored hackers, thereby amplifying the risk of the overall network environment.
According to the FCC's instructions in March this year, the agency plans to add routers produced in some foreign countries to its "Covered List." Once listed, new foreign-made consumer-grade routers will not be able to obtain FCC authorization without first receiving conditional approval from the U.S. Department of Defense or Department of Homeland Security. This means that the threshold for new products to enter the US market will be significantly increased in the future, while subsequent support for existing devices depends on exemptions and policy adjustments.
Although overall supervision has become stricter, some manufacturers have taken the lead in obtaining exception qualifications. Among them, Netgear is one of the first brands to be exempted. Its exemption covers Nighthawk and Orbi series routers as well as some wired gateways and cable modems. The exemption is valid until October 1, 2027. Adtran's Service Delivery Gateway-class router was also approved, and the exemption period also ends on that date.
Recently, Amazon's eero LLC also received a conditional exemption. Its product line of eero, eero Pro, eero Max, eero PoE, eero Outdoor, eero Signal, and routers code-named Amazon Leo are allowed to continue to be updated until October 31, 2027. Meanwhile, TP-Link, which has a huge share of the U.S. consumer router market, is still actively seeking its own exemption. The company has repeatedly emphasized that although it originated in China, the company is currently headquartered in Irvine, California, and therefore should be regarded as an American company.
The FCC said it would re-evaluate the temporary renewal exemption before it expires. However, the CTA believes that waiting until closer to the deadline to make a decision will cause consumers, equipment manufacturers and retailers to face huge uncertainty in the next few years. In the eyes of many users, home and office routers are often viewed as long-term devices that can be used "for many years." Once update policies suddenly change, both the supply chain and user security preparations may have difficulty keeping up.