FCC Router Ban Creates Security Update Uncertainty for Millions
The FCC's ban on foreign-manufactured routers, despite recent waivers, risks leaving millions of home routers without critical security updates, potentially impacting home security systems.

The U.S. Federal Communications Commission (FCC) has granted Verizon Communications a one-year waiver from its ban on foreign-made consumer routers. This exemption is the latest in a series of carve-outs that cybersecurity experts warn could leave millions of home routers vulnerable by preventing essential security updates.
Similar one-year waivers have recently been issued to members of the cable industry association NCTA, equipment manufacturers Sercomm and Arcadyan Technology, and AT&T. These exemptions permit limited hardware modifications to previously certified routers that are on the FCC's "Covered List." The FCC's March decision to add all consumer-grade routers "produced in a foreign country" to this list was intended to address supply chain and cybersecurity vulnerabilities exploited by threat actors.
Without these waivers, the ban would effectively halt security patches for devices already deployed in homes. FCC regulations prohibit "Class I permissive changes," which include the routine software and firmware updates necessary to patch security flaws, for devices on the Covered List. While the FCC initially provided a blanket waiver for updates mitigating harm to consumers through March 2027, later extended to January 2029, the piecemeal approach with company-specific grants is raising concerns.
Electronic security experts criticize the current approach, arguing that the exemptions are too narrow and temporary. They contend that these waivers do not address the larger pool of already-authorized router models once the exemptions expire. The Global Electronics Association, representing the international electronics industry, echoed these concerns in an April report, stating that the ban focuses on the router's manufacturing origin rather than the exploitable flaws themselves. The association highlighted that end-of-life equipment running unpatched software poses the most significant risk.
More than 100 million consumer routers are currently in use across the United States, with approximately 70% supplied by broadband providers. The vast majority of these devices are not manufactured entirely within the U.S. The Global Electronics Association predicts that the ban, coupled with the limited availability of domestically produced alternatives, could lead to increased prices, reduced consumer choice, and delays in the rollout of new Wi-Fi standards like Wi-Fi 7.
While the FCC frames the restrictions as a necessary response to documented state-sponsored threats, and assures consumers they can continue using existing routers and that previously authorized models can still be sold, the long-term implications for device security remain uncertain. The agency did not respond to requests for comment regarding the potential impact of these waivers on ongoing security update availability for millions of home networking devices.