On March 23, 2026, the FCC’s Public Safety and Homeland Security Bureau (PSHSB) enacted a significant update to its “Covered List,” impacting the FCC certification and importation of consumer-grade routers. This action, released under Public Notice DA 26-278, follows a thorough review by a White House-convened Executive Branch interagency body. The FCC determined that routers produced in foreign countries pose an unacceptable risk to U.S. national security, critical infrastructure, and the safety of U.S. persons.
This action is tied to several active dockets, including WC Docket No. 18-89, ET Docket No. 21-232, and EA Docket No. 21-233. It effectively halts the equipment authorization of new foreign-produced router models, fundamentally shifting the regulatory landscape for manufacturers and importers.
What is the FCC Covered List?
The FCC’s Covered List is a registry of communications equipment and services deemed to pose an unacceptable security risk to the United States or its citizens. Under Section 2 of the Secure and Trusted Communications Networks Act of 2019, the FCC updates this list based on determinations made by national security authorities.
Equipment identified on this list is prohibited from receiving FCC equipment authorization, meaning new models cannot be imported, marketed, or sold within the United States.
Defining “Foreign-Produced” for FCC Compliance
The FCC’s definition of “produced in a foreign country” is broad and intentionally inclusive, focusing on the location of production stages rather than the nationality of the producing entity. For this determination, “routers” are defined by NIST Internal Report 8425A as consumer-grade networking devices primarily intended for residential use.
Production includes any major stage of the process:
- Design and Development: If the technical architecture was developed abroad.
- Manufacturing and Assembly: If the physical unit was put together in a foreign country.
- Component Integration: While a U.S.-produced router containing generic foreign components is generally not “covered,” the use of foreign-produced modular transmitters (under 47 CFR §§ 2.903(b), 15.212) will trigger a “covered” status for the entire device.
The FCC noted that routers produced abroad could provide foreign entities with a “built-in backdoor” to American homes and businesses, enabling large-scale network surveillance and intellectual property theft.
Impact on FCC Equipment Authorization and SDoC
The most immediate impact is the ban on new equipment authorizations. Pursuant to Section 2.911 of the Commission’s rules, all applicants seeking certification for any router must now self-certify, in good faith, that the device is not “covered equipment” produced in a foreign country.
Key Compliance Takeaways:
- SDoC Prohibition: All newly-covered devices are prohibited from using the streamlined Supplier’s Declaration of Conformity (SDoC) process.
- No New Authorizations: Any “new” model of a foreign-produced router is ineligible for an FCC ID. Unauthorized models cannot be imported for personal use.
- Self-Certification: Manufacturers bear the responsibility of proving a device’s domestic production origin through sufficient evidence during the filing process.
Technical Nuances: Modular Transmitters and R&D Exemptions
To prevent overreach and support domestic innovation, the FCC has clarified two critical distinctions:
- The “Component” Rule: A router produced in the U.S. does not become “covered” simply because it contains foreign-made passive components, provided the core radio architecture (the modular transmitter) remains non-covered.
- R&D Exemptions: Under 47 CFR § 2.1204(a)(3), manufacturers may still import small batches of unauthorized, foreign-produced routers solely for product development, evaluation, and pre-compliance testing, provided these units are never marketed or sold.
Exemptions and “Conditional Approvals”
The FCC has provided a narrow pathway for exemptions through the Department of War (DoW) or the Department of Homeland Security (DHS).
Entities may apply for a “Conditional Approval” valid for up to 18 months. To qualify, manufacturers must submit a full Bill of Materials (BOM) and a time-bound U.S. Manufacturing and Onshoring Plan with required quarterly progress updates.
Navigating Lifecycle Compliance for Existing Devices
It is important to note that this update is not retroactive.
- Existing Models: Routers that already hold a valid FCC ID may continue to be imported and sold.
- Maintenance: A waiver allows these devices to continue receiving basic software and firmware updates to maintain security.
Conclusion: The Future of Secure Market Access
The addition of foreign-produced routers to the Covered List highlights the increasing intersection of cybersecurity and regulatory compliance. Manufacturers must now treat the “country of origin” as a primary compliance hurdle. As the FCC continues to prioritize supply chain integrity, staying ahead of Covered List updates is a requirement for successful Global Market Access.
Navigate the FCC Covered List with Confidence. From pre-compliance testing to onshoring strategies, we help you secure your U.S. market access.