What the FCC Router Ban Means for Your Business Network (And What to Do About It)

On March 23, 2026, the FCC updated its Covered List to ban new equipment authorizations for all consumer-grade routers manufactured outside the United States. The ruling affects every major brand: TP-Link, Asus, Netgear, Linksys, Eero, Google Nest Wi-Fi — and Ubiquiti UniFi, which manufactures in Vietnam and China.

Existing authorized models from all of these brands — including UniFi's Dream Router 7, Dream Machine Pro Max, and UDM SE — remain legal to buy and fully supported. But new models from any foreign-manufactured brand face the same Conditional Approval requirements going forward. This guide covers what the ban does, who it affects, what remains uncertain, and the practical steps your business should consider.

TL;DR:

• The ban blocks new FCC authorizations for consumer-grade routers made outside the US. Existing authorized stock from all brands can still be purchased and used.
• Every major brand is affected — including UniFi. No mass-market consumer router is currently manufactured in the US.
• There is no immediate emergency. Your current router still works, authorized stock is still on shelves, and firmware support continues at least until March 2027. This is a situation that calls for informed planning, not panic buying.

What Does the FCC Foreign Router Ban Actually Do?

The FCC ban prevents new foreign-made consumer routers from receiving equipment authorization, which blocks their import and sale in the US going forward.

The FCC's March 23, 2026 update to the Covered List targets the production origin of the hardware, not the brand's headquarters. The FCC references NIST Internal Report 8425A to define "routers" as consumer-grade networking devices primarily intended for residential use that can be installed by the customer. If such a device is manufactured, assembled, or designed outside the United States, it cannot receive new authorization. However, the ruling includes important exemptions for existing hardware:

• You can keep your current router. Devices already running on your network are legal to operate indefinitely.
• Retailers can sell existing stock. Routers that received FCC authorization prior to March 23 remain legal to purchase. Authorized hardware from all major brands is still widely available at retailers and manufacturer stores.
• Updates continue at least until 2027. The FCC issued a companion OET waiver (DA-26-286) allowing authorized routers to continue receiving security patches until at least March 1, 2027. Whether this waiver is extended beyond that date remains to be seen.
• Used and refurbished gear remains legal. Previously authorized routers can still be resold on the secondary market. The ban applies to new equipment authorizations, not to devices that already hold authorization — whether sold new, refurbished, or secondhand.

If you're unclear on the difference between a modem and a router and how the ban affects each, our explainer covers the basics.

Does the FCC Ban Affect ISP-Provided Routers and Gateways?

ISP-leased gateways from Comcast (xFi), AT&T, and Spectrum are also manufactured overseas and subject to the same authorization framework. The difference is that large ISPs have the procurement scale and legal resources to pursue Conditional Approvals or negotiate alternative sourcing arrangements. If you lease your gateway from your ISP, the compliance burden falls on the provider, not your business. However, if you own a separately purchased router behind your ISP's modem, that device falls under the same consumer router rules described above.

How ISPs will respond to the ban in the long term is still an open question. We may see changes to ISP equipment programs over the coming months.

Why Did the FCC Ban Foreign-Made Routers?

The FCC's national security determination cites three cyberattack campaigns that exploited router vulnerabilities to access U.S. critical infrastructure.

• Volt Typhoon targeted telecommunications, energy, and water systems using compromised SOHO routers as operational relay points. The campaign, attributed to a Chinese state-sponsored group, went undetected for months.
• Flax Typhoon built a botnet of over 200,000 compromised devices — primarily routers and IoT hardware — for espionage operations.
• Salt Typhoon compromised major U.S. telecom providers, exploiting router vulnerabilities to intercept communications data.

These incidents are well-documented and represent a legitimate security concern. At the same time, the practical tension the networking industry has raised is worth acknowledging: a blanket ban without domestic manufacturing alternatives immediately available could lead to consumers and businesses keeping older, unpatched routers in service longer — which is itself a security risk.

For small businesses, it is worth keeping this in proportion. These campaigns targeted critical infrastructure and telecom providers, not typical small office networks. The more relevant concern for most SMBs is the general security hygiene of keeping network hardware patched and up to date — something that was true before the ban and remains true regardless of how the regulatory situation develops.

What Are the Potential Compliance Implications?

If the firmware waiver is not extended past March 2027, businesses running unpatched network hardware could face compliance questions worth understanding now — even if the full regulatory picture is still developing.

The firmware update waiver (DA-26-286) allows security patches until at least March 1, 2027. The FCC has not indicated whether this will be extended. If it is not, and manufacturers stop patching foreign-made routers, businesses in certain regulated industries may need to consider the implications:

• PCI-DSS compliance. PCI-DSS Requirement 6.3.3 requires that system components are protected with current security patches. If a router no longer receives patches and is part of a network handling cardholder data, that could raise compliance questions during an assessment. The specifics would depend on your environment and your assessor's interpretation.
• Cyber liability insurance. Many cyber insurance policies require "reasonable security measures" as a condition of coverage. Whether running unpatched network infrastructure after a known firmware cutoff would affect a claim is a question worth raising with your insurer proactively.
• HIPAA-covered entities. The HIPAA Security Rule requires maintaining the security of network infrastructure carrying protected health information. An unpatched router on such a network could be flagged as a gap, though enforcement would depend on the broader context of your security posture.

These are potential concerns, not certainties. The waiver may be extended, manufacturers may continue patching independently, or the Conditional Approval process may resolve the supply question before it becomes a practical issue. That said, if your business is subject to PCI-DSS, HIPAA, or cyber insurance requirements, it is worth factoring this timeline into your planning conversations.

Which Router Brands Are Affected by the FCC Ban?

The FCC ban impacts virtually every major consumer and small business router brand on the market.

The vast majority of consumer and small business routers sold in the United States are manufactured outside its borders — primarily in China, Vietnam, and Taiwan. The ban is categorical, not brand-specific. Any router where a major production stage happens outside the United States falls under the new Covered List rules:

It is worth emphasizing that UniFi is in the same position as every other brand on this list. Ubiquiti's contract manufacturing is primarily in China, Vietnam, and Taiwan (per its SEC filings). The currently authorized lineup — Dream Router 7, Dream Machine SE, Dream Machine Pro Max, Cloud Gateway Ultra, Cloud Gateway Fiber — is available for purchase. But new models face the same Conditional Approval requirements as TP-Link, Netgear, and everyone else.

We've compared UniFi and Eero in depth and UniFi vs. TP-Link Omada for business use. Both comparisons remain relevant for existing authorized hardware.

The only mass-market consumer router currently exempt by manufacturing location is the Starlink Wi-Fi router, built at SpaceX's facility in Texas — though it requires Starlink satellite service and is not a general-purpose business gateway. The Conditional Approval pathway exists for manufacturers to apply through conditional-approvals@fcc.gov, but as of this writing, no mass-market approvals have been granted.

Does the Ban Apply to Enterprise Firewalls and Routers?

Based on the NIST definition the FCC references, the ban specifically targets consumer-grade routers — devices primarily intended for residential use that can be installed by the customer. Enterprise-grade firewalls and routers appear to fall outside this definition, though exactly where the line falls is one of the grey areas of this regulation.

Enterprise firewalls from Fortinet (FortiGate series), SonicWall (TZ and NSa series), and Netgate (pfSense appliances) are generally classified as business/enterprise security appliances, not consumer-grade routers. Under the current interpretation of the Covered List, they are not subject to the ban regardless of where they are manufactured.

This matters for businesses that need routing features beyond what consumer-grade products offer — BGP/OSPF support, granular firewall rules, SSL/TLS inspection, or dedicated physical interfaces for multiple WAN connections. Enterprise firewalls remain fully available without the Conditional Approval process. We cover the pfSense vs. UniFi decision in our pfSense vs. UDM Pro comparison.

That said, the consumer-grade vs. enterprise distinction has grey areas. Products like UniFi gateways are marketed to both home users and businesses. How the FCC classifies specific products in edge cases has not been fully clarified. If your business is concerned about where a specific device falls on the consumer-vs.-enterprise spectrum, prioritize products marketed exclusively for rack-mount or managed environments, or those that require professional licensing — these are easier to justify as enterprise-class in a compliance context. Enterprise firewalls also carry higher price points and configuration complexity — a Netgate 4200 ($499) or 6100 (~$849) requires more networking expertise than a consumer-grade gateway. For most small businesses, existing authorized consumer-grade equipment remains a practical and available option.

How Should Small Businesses Respond?

There is no immediate action required, but understanding the timeline helps with planning. Your best approach depends on where you are today.

If You Need a New Router Now

Authorized stock from all major brands is still on shelves and legal to purchase. Any router you buy today that already holds FCC authorization will continue to receive firmware updates through the 2027 waiver deadline.

If you are already considering specific brands, here are a few options across different ecosystems:

• UniFi Dream Router 7 ($279) — Wi-Fi 7 all-in-one gateway. Good fit for small offices under 30 employees. See our full review.
• TP-Link Omada (EAP772, ER8411) — A capable and more budget-friendly cloud-managed option if you're already in the TP-Link ecosystem.
• Aruba Instant On — Another cloud-managed alternative with strong access point coverage, though gateway options are more limited.

For larger deployments, the UniFi Dream Machine SE ($499) or Dream Machine Pro Max ($599) are worth evaluating. Our gateway comparison guide and UDR7 vs. UX7 vs. UCG Fiber breakdown cover the differences by use case.

If you're already running TP-Link, Netgear, or Aruba hardware and it meets your needs, buying additional authorized stock from your current vendor is a perfectly reasonable path. There is no need to switch ecosystems because of this ban.

If You're Planning a Refresh in the Next 6–12 Months

It is reasonable to think about your hardware timeline, but there is no reason to rush. Authorized inventory is still widely available, and it is possible (though not guaranteed) that the Conditional Approval process or a waiver extension will resolve the supply question before current stock becomes scarce.

If you were already planning a network upgrade, factoring in the current gateway purchase sooner rather than later is a sensible precaution. Cloud-managed networking — UniFi, Meraki, Aruba — is the direction most SMB infrastructure is heading regardless of the ban.

If You Own Existing TP-Link, Asus, or Netgear Gear

Your hardware is not going anywhere. It is legal to continue using it, and it will keep working exactly as it does today. Nothing about the ban forces you to replace equipment you already own.

The main date to keep in mind is the 2027 waiver deadline. After that date, continued security patching for foreign-manufactured routers is not guaranteed under current FCC guidance — though the waiver may be extended. As discussed in the compliance section above, businesses in regulated industries should consider this timeline as part of their broader technology planning.

A reasonable next step is to revisit your options around Q4 2026, when the Conditional Approval landscape and waiver status should be clearer.

What Should SMBs Watch for Next?

This is a developing situation. The Conditional Approval process is the bridge between the current ban and the next generation of networking hardware available in the US market, but how quickly it moves is an open question.

Manufacturers submit applications to conditional-approvals@fcc.gov, and the FCC forwards them to the Department of War and DHS for case-by-case security evaluation. Products that clear this review can proceed with standard FCC equipment authorization. A few things worth watching:

1. Manufacturer responses. As of this writing, none of the major affected brands — Ubiquiti, TP-Link, Netgear, Asus — have issued detailed public statements on their Conditional Approval plans. Watch for announcements on manufacturer forums, investor communications, and industry press.
2. TP-Link's US manufacturing investment. TP-Link has publicly indicated investment in US-based manufacturing, but no Conditional Approval or new FCC authorization has been confirmed yet.
3. Firmware waiver extension. Whether the FCC extends the March 2027 firmware update waiver is arguably the most important near-term question for businesses that currently own foreign-made routers.
4. Wi-Fi 8 timeline. The next generation of Wi-Fi hardware (802.11bn) will be the first product cycle fully subject to this framework. The first Wi-Fi 8 routers are expected in late 2026 or early 2027, which will test the Conditional Approval process at scale.

We will update this article as the situation develops. For longer-term infrastructure planning that extends beyond any single product cycle, our office network future-proofing guide covers the decisions that matter most.

---

Related Resources

• Cloud-Managed Networks Guide — UniFi, Meraki, and Aruba compared for SMB deployments.
• Future-Proof Your Office Network — Infrastructure decisions that outlast any single product cycle.
• pfSense vs. UniFi Dream Machine Pro — Enterprise firewall comparison for businesses needing advanced routing.
• UniFi vs. TP-Link Omada — Multi-gig business comparison for existing authorized hardware.
• UniFi vs. Eero Comparison — How these two ecosystems compare.
• UniFi Gateway Selection Guide — Current UniFi gateways compared by use case and scale.