CES Organizer Warns: FCC's Ban on Foreign-Made Routers Could Leave a Large Number of Devices Vulnerable for a Long Time
The Consumer Technology Association (CTA) recently urged the Federal Communications Commission (FCC) to reconsider certain provisions of its ban on foreign-made routers, particularly the prohibition of continued software and firmware updates for foreign-made routers already approved for use in the United States. The CTA, the organizer and owner of the International Consumer Electronics Show (CES), stated in a filing with the FCC that this practice could leave millions of routers deployed in homes and offices vulnerable to security flaws in the coming years.
According to documents submitted to the FCC, CTA representatives met with FCC officials last week regarding this “ban on foreign-made routers.” The CTA emphasized its support for the current Trump administration’s overall goal of strengthening controls over devices and services deemed to pose “unacceptable security risks” for national security reasons. However, the association pointed out that prohibiting software and firmware updates for devices already in use could likely backfire – not only failing to improve security but also accumulating new security vulnerabilities over time.
Currently, the FCC has issued a temporary exemption allowing foreign-made routers previously authorized for sale and use in the United States to continue receiving software and firmware updates, including security patches and compatibility fixes, until at least March 1, 2027. The CTA hopes the regulatory agency will revoke this “deadline” or at least extend it further. The organization emphasized to the FCC that continuous updates are often one of the most effective ways to address security risks, especially for devices already deployed at end-user locations that cannot be replaced wholesale in the short term.
The CTA warned that cutting off these updates after the exemption expires will instantly create a huge number of “unmaintained” routers, which will continue to operate and remain connected to the internet but will no longer receive any security fixes. In this case, they will become increasingly attractive targets for botnet operators and state-sponsored hackers, thereby amplifying the overall network environment risk.
According to an FCC statement in March of this year, the agency plans to include routers manufactured in certain foreign countries on its “Covered List.” Once listed, new foreign-made consumer routers will not be able to obtain FCC authorization unless first conditionally approved by the Department of Defense or the Department of Homeland Security. This means that the threshold for new products to enter the US market will be significantly raised, while continued support for existing equipment will depend on exemptions and policy adjustments.
Despite the overall tightening of regulations, some manufacturers have already obtained exceptions. Netgear was one of the first brands to be exempted, covering its Nighthawk and Orbi series routers, as well as some wired gateways and modems, with an exemption valid until October 1, 2027. Adtran’s Service Delivery Gateway-class routers have also been approved, with the exemption expiring on the same date.
Recently, Amazon’s eero LLC also received a conditional exemption, allowing its eero, eero Pro, eero Max, eero PoE, eero Outdoor, eero Signal, and Amazon Leo-coded routers to continue receiving updates until October 31, 2027. Meanwhile, TP-Link, which has a large share of the US consumer router market, is actively seeking its own exemption. The company has repeatedly emphasized that although it originated in China, its headquarters are now located in Irvine, California, and should therefore be considered a US company.
The FCC stated that it will reassess the temporary update exemption before it expires. However, the CTA believes that waiting until close to the deadline to make a decision will leave consumers, device manufacturers, and retailers facing significant uncertainty in the coming years. In the eyes of many users, home and office routers are often viewed as long-term devices that can be used “for many years.” Once the update policy changes suddenly, it may be difficult for the supply chain and user security preparations to keep up in time.