Is my current Huawei or ZTE router illegal now?

No, the ban does not make it illegal to own or use existing equipment. The rules apply to the future authorization, importation, and sale of new devices from companies on the FCC's 'Covered List'. However, security experts recommend replacing these devices due to the identified risks.

Does this ban apply to all routers made in China?

No. The ban is not country-specific. It targets particular companies that the U.S. government has formally designated as national security risks, such as Huawei and ZTE. Routers from other Chinese manufacturers not on the 'Covered List' are not affected by this specific rule.

How do I know if my router is from a banned company?

Check the physical label on your router, which is usually on the bottom or back of the device. The manufacturer's name, such as Huawei or ZTE, will be clearly printed on it.

What are the main security risks of using a router from a 'Covered List' company?

The primary concerns are the potential for hidden hardware or software backdoors that could allow for unauthorized surveillance, the exfiltration of your personal data to foreign governments, and the risk that the device could be used in a coordinated cyberattack to disrupt critical services.

What router brands are considered safe to buy?

You should choose routers from reputable manufacturers that are not on the FCC's 'Covered List'. Well-regarded brands available in the U.S. include Netgear, ASUS, Linksys, and TP-Link. Always ensure you are buying from an authorized retailer.

FCC enforces ban on high-risk foreign network equipment, citing national security

Introduction: Clarifying the FCC's Targeted Action

Recent headlines have sparked significant discussion, suggesting a sweeping new ban by the U.S. Federal Communications Commission (FCC) on all foreign-made routers. While the underlying national security concerns are very real, the reality of the policy is more precise. The FCC is not blocking all routers produced abroad; rather, it is enforcing a previously established rule that prohibits the authorization, importation, and sale of *new* communications equipment from specific companies deemed an unacceptable threat to U.S. national security. This action, which stems from a unanimous FCC vote in November 2022, primarily targets Chinese telecommunications giants like Huawei and ZTE. It represents a critical and deliberate step in a multi-year effort to secure America’s digital supply chain from potential foreign adversaries.

Background: A Policy Years in the Making

The FCC's current enforcement is not a sudden development but the culmination of a long-standing bipartisan effort. The foundation was laid with the Secure and Trusted Communications Networks Act of 2019. This legislation mandated that the FCC identify and maintain a list of communications equipment and services that pose a national security risk. This became known as the "Covered List."

Initially, in 2020, the list included two prominent names: Huawei Technologies Company and ZTE Corporation. The following year, the FCC expanded the list to include Hytera Communications, Hangzhou Hikvision Digital Technology, and Dahua Technology, companies primarily known for radio and video surveillance equipment. According to an official FCC news release from November 2022, the commission voted unanimously to adopt new rules prohibiting any future equipment from these listed companies from being authorized for use in the United States. This means that while you might still see older, previously-approved models for sale until stock runs out, no new devices from these vendors can enter the U.S. market.

This policy runs parallel to the FCC's "Rip and Replace" program, which provides financial reimbursement to smaller U.S. telecom providers to remove and replace equipment from these same high-risk vendors from their core network infrastructure. Together, these actions illustrate a clear, strategic objective: to methodically purge hardware from potentially compromised manufacturers from every level of the U.S. communications network, from massive cell towers down to the humble home router.

The Technical Risks: Why This Equipment is Banned

The FCC's decision is not based on a single, publicly disclosed vulnerability or a specific ongoing cyberattack. Instead, it is a preemptive measure rooted in a risk assessment of the vendors themselves and their relationship with the Chinese government. The concerns are less about finding a specific CVE (Common Vulnerabilities and Exposures) and more about the potential for undetectable, built-in threats. Security analysts and intelligence agencies have long warned of several potential attack vectors associated with this type of equipment:

Hardware and Software Backdoors: The primary fear is that manufacturers could be compelled by their home government to insert hidden backdoors into device firmware or even the hardware itself. Such backdoors would be nearly impossible for a consumer to detect and could grant an adversary persistent, privileged access to a network. This access could be used to monitor all unencrypted traffic, modify data, or launch attacks against other devices on the network.
Supply Chain Compromise: The global electronics supply chain is notoriously complex. The ban addresses the risk that equipment could be tampered with at any point during manufacturing or distribution, introducing malicious components or altered software without the vendor's or consumer's knowledge.
Data Exfiltration: A compromised router could be programmed to siphon sensitive information—such as browsing habits, login credentials, or personal files—and covertly transmit it back to servers controlled by a foreign intelligence service. As the central traffic cop for a home or business network, a router is perfectly positioned for this type of espionage.
Weaponization for Disruption: In a geopolitical conflict, a network of compromised routers could be activated to form a massive botnet, capable of launching crippling Distributed Denial-of-Service (DDoS) attacks against critical infrastructure, financial institutions, or government services.

Because these companies are subject to the laws of their home country, which may include national security laws that compel cooperation with intelligence services, U.S. regulators have determined that the risk of such scenarios is unacceptably high.

Impact Assessment: Who is Affected?

The FCC's enforcement has cascading effects across the market. The most directly impacted are the manufacturers on the Covered List—Huawei and ZTE in particular—who are now effectively locked out of the lucrative U.S. market for new consumer networking gear.

U.S. retailers and e-commerce platforms are also directly affected. They are prohibited from importing and selling any new models from these designated companies that require FCC authorization. This requires them to adjust their supply chains and find alternative vendors for low-cost networking equipment, a market segment where the banned companies were highly competitive.

For American consumers, the immediate impact is minimal. The ban does not make it illegal to own or use existing equipment from Huawei or ZTE. However, it does mean that when it comes time to upgrade, these brands will no longer be an option. While this may slightly reduce consumer choice and potentially affect pricing at the budget end of the market, it also steers consumers toward equipment that has been vetted as posing a lower national security risk.

How to Protect Yourself: Actionable Steps for Network Security

While the FCC is handling the national supply chain, personal network security remains your responsibility. Here are concrete steps you can take to ensure your home or small business network is secure.

Identify Your Router's Manufacturer: The first step is to know what you're working with. Look at the label on the bottom or back of your router and modem. If the manufacturer is Huawei or ZTE, you are using a device from a company on the FCC's Covered List.
Consider Replacing High-Risk Equipment: If your router is from a listed company, you should make a plan to replace it. While it isn't illegal to keep using it, you are accepting a level of risk that the U.S. government has deemed unacceptable for new sales. Look for reputable brands that are not on the Covered List, such as Netgear, Linksys, ASUS, or TP-Link.
Practice Strong Router Hygiene (Regardless of Brand):
- Change Default Credentials: Immediately change the router's default administrator username and password. Use a long, complex, and unique passphrase.
- Keep Firmware Updated: Your router's firmware is its operating system. Enable automatic updates if available, or manually check the manufacturer's website for updates regularly. These updates often contain critical security patches.
- Use Strong Wi-Fi Encryption: Ensure your network is protected with WPA3 encryption if your devices support it, or WPA2 at a minimum. Avoid the outdated and insecure WEP standard.
- Disable Unnecessary Features: Turn off features you don't use, such as Universal Plug and Play (UPnP), WPS (Wi-Fi Protected Setup), and remote administration, as these can be exploited by attackers.
Encrypt Your Traffic: For an added layer of security that protects your data regardless of your router's origin, using a reputable hide.me VPN is a wise decision. A VPN creates an encrypted tunnel for your internet traffic, making it unreadable to anyone who might be snooping on your network, whether it's an ISP or a compromised device.

Ultimately, the FCC's enforcement action is a high-level policy designed to mitigate a national-level threat. It serves as a powerful reminder that cybersecurity extends beyond software to the physical hardware that powers our digital lives. By understanding the risks and taking proactive steps to secure our own networks, we can align our personal security posture with this national security imperative.