On March 23rd, 2026, the Federal Communications Commission (FCC) officially announced the inclusion of "foreign-made consumer routers" in its "Covered List", explicitly prohibiting new models of such products from obtaining FCC equipment certification. This move is based on the national security certification of the US administrative department, which means that the export and sales of all foreign-made consumer routers in the United States will meet new regulatory requirements, and relevant enterprises need to attach great importance to and adjust compliance strategies in time.
01 policy core
Only new products are controlled, and the stock is completely exempted.
This FCC ban is not a "one-size-fits-all" comprehensive restriction. The scope of control is strictly limited to the new models of foreign-made consumer-grade routers that have not been authorized by FCC equipment. The core includes two hard bans, and the existing products are explicitly exempted. The specific rules are as follows:
★ New authorization ban: the new model of foreign-made router cannot be authorized by FCC equipment through any channel, and neither the FCC ID path requiring third-party certification nor the SDoC process will be accepted;
★ Import sales ban: it is forbidden to import the above-mentioned unauthorized new models for the purpose of use and sales in the United States; Only small quantities of unauthorized equipment used for product research and development are allowed to be imported, and such equipment is strictly prohibited from being put on the market for sale.
★ Total exemption of stock products: FCC has made it clear that this list update is not retrospective and does not set mandatory recall requirements; The compliant stock products can circulate normally, such as:
◆ Products that have been listed or certified.
◆ Consumer's right to use existing equipment
◆ Existing inventory sales in the market.
02 firmware update special exemption
In order to ensure the safe operation of existing equipment, FCC simultaneously issued the exemption announcement DA 26-286, which released the software and firmware update restrictions for foreign-made consumer routers authorized by FCC, and the exemption period was fixed until March 1, 2027.
The exemption scope mainly includes the necessary updates to ensure the continuous and safe operation of the equipment, namely:
◆ Network security vulnerability patching firmware update
◆ Equipment basic function maintenance class optimization
◆ Compatibility adaptation update of terminal operating system
Important reminder: It is strictly forbidden to upgrade the product function or iterate the performance by firmware update in disguise, so as to avoid the control requirements of new models, otherwise it will touch the compliance red line.
03 Enterprise compliance operation guide
1, suspend the application for new model certification.
For new router models that have not been authorized by FCC, all export preparations to the United States should be suspended immediately; Unauthorized new models of equipment will face the risk of seizure when entering the United States, and enterprises need to adjust product planning in time to avoid unnecessary losses.
2. Firmware update compliance management
For the existing models authorized by FCC, the firmware update should be "compliant and traceable", that is:
◆ Only three types of updates are carried out: security vulnerability patching, basic function maintenance and operating system compatibility adaptation.
◆ It is strictly forbidden to upgrade functions or improve performance through firmware update.
◆ Keep FCC authorization certificate, firmware update log and compliance operation record completely.
3. "Conditional approval" application
Enterprises wishing to continue to introduce new models in the US market can apply for "Conditional Approval" from the US Department of Defense (DoD) or the Department of Homeland Security (DHS) according to FCC policies. This is the only legal way to break through the new product ban at present, but its application materials are extremely demanding, and it is usually necessary to submit:
◆ Enterprise ownership structure and actual beneficiary information
◆ Complete supply chain list (including BOM and origin analysis)
◆ Detailed American manufacturing schedule, with quarterly update report required.
Important reminder: the validity period of approval usually does not exceed 18 months.
04 Why do routers become the "risk focus" of US national security?
From a technical point of view, it is not accidental that the router is included in the control list, but it is based on the joint determination of the US national security agency. The core points to two types of "unacceptable risks", which is also the direction that enterprises should pay attention to in subsequent product design and compliance layout:
1. Supply chain security risks
As the core hub connecting home and Internet, the security of router is very important. The FCC quoted the conclusion of the national security review initiated by the White House that foreign-made routers may be used by malicious actors, thus interfering with critical infrastructure in the United States, conducting espionage or stealing intellectual property rights.
2. Risk of network security vulnerabilities
According to the reports of the US Cyber Security and Infrastructure Security Bureau (CISA), the Federal Bureau of Investigation (FBI) and other departments, attackers are increasingly taking advantage of the vulnerabilities of foreign-made small and home office routers to launch direct attacks on American civilians. Invaded routers are often used to build botnets and implement distributed denial of service (DDoS) attacks. As the gateway device of network traffic, once the router falls, it means that the attacker can directly eavesdrop, hijack and tamper with all the passing network data, which is extremely harmful.
Suggestions on enterprise compliance
1. Comprehensively sort out the existing assets: immediately take stock of the models on sale, the inventory quantity and the list of certified products in the US market, accurately assess the impact of the ban on the company's revenue and market share, and adjust the US market operation strategy;
2. Set up a special compliance team: deploy core personnel such as technology, legal affairs and market, deeply study the application process, material requirements and audit points of FCC's "conditional approval", prepare application materials in advance, and strive to submit them as soon as possible;
3. Strengthen product safety design: In view of the supply chain security and network security vulnerabilities concerned by American regulators, optimize product hardware design and firmware security architecture, improve vulnerability detection and repair mechanism, and enhance product compliance;
4. Do a good job in the management of certification filing: For the certified products in stock, continue to maintain the FCC authorization certificate and keep the firmware update records, and regularly carry out compliance self-inspection to avoid triggering regulatory penalties due to irregular operation.
Warm tips
Facing the continuous tightening of global network equipment supervision, compliance is the core premise for enterprises to go to sea. ZRLK will continue to pay attention to the FCC policy update and the changes in the US market access rules, provide timely, professional and accurate testing, certification and compliance services for enterprises, and help router enterprises break through regulatory barriers and steadily explore the US market. If you need it, please feel free to contact us, and our engineers will serve you at the first time!
