Netgear Wins Unexpected Reprieve From U.S. Import Restrictions on Foreign-Made Routers
In an about-face that has baffled industry analysts, the Federal Communications Commission (FCC) has granted Netgear a conditional green light to continue importing its consumer networking gear into the United States for almost three more years. The approval, which covers a wide range of Nighthawk and Orbi routers as well as cable modems and gateways, runs through October 1, 2027—even though Netgear still manufactures those products in Asia and has made no public commitment to move production onshore.
What the FCC decided
The FCC’s order, issued this week, allows Netgear to keep shipping the following product lines to U.S. retailers and broadband providers:
- Nighthawk consumer mesh, mobile and standalone routers (R, RAX, RAXE, RS, MK, MR, M and MH series)
- Orbi consumer mesh, mobile and standalone routers (RBK, RBE, RBR, RBRE, LBR, LBK and CBK series)
- Cable gateways (CAX series)
- Cable modems (CM series)
Under the policy adopted last year, any new foreign-made routers introduced after the rule took effect were supposed to face an import ban unless the manufacturer submitted—and followed through on—a “detailed, time-bound plan” to establish U.S. manufacturing capacity. That plan must also outline projected capital expenditures, financing arrangements, and other investments dedicated specifically to building or expanding American factories. The FCC says Netgear has been given a waiver because the Department of Defense concluded the company’s devices do not pose a national-security threat.
Why the move is puzzling
On paper, the entire impetus for the foreign-router restriction was security. The rule cited incidents such as Volt Typhoon—a hacking campaign attributed to Chinese actors that exploited off-the-shelf routers, including units made by Netgear—to justify curtailing imports. Security experts, however, noted that those breaches succeeded largely because many users failed to change default passwords or apply firmware updates, not because the hardware itself contained backdoors.
The conditional approval raises several immediate questions:
- Why Netgear? The FCC’s public announcement offers no technical explanation beyond the Pentagon’s assessment. Other foreign-manufactured routers remain under the cloud of a potential ban.
- Where is the U.S. factory? The agency’s own rules require a concrete domestic-production roadmap, yet Netgear’s filings do not mention any such plan.
- Has security really improved? Nothing in the FCC’s notice suggests Netgear altered its firmware, hardened its supply chain, or adopted stricter cybersecurity audits to satisfy regulators.
Netgear’s public filings tell only part of the story
Because the decision could materially affect its revenue prospects, Netgear was obliged to notify shareholders via the U.S. Securities and Exchange Commission (SEC). The company did so, disclosing that it had obtained a conditional waiver and that, in its interpretation, the waiver frees Netgear to deliver firmware updates to old and new routers alike beyond 2027. That assertion is somewhat misleading: the FCC never required advance approval for pure security patches, only for updates that alter radio performance parameters.
Netgear’s SEC correspondence is otherwise silent on any capital spending for domestic manufacturing, an omission that has only deepened suspicions that no such investment is forthcoming. Companies are legally required to report material outlays, suggesting one of two scenarios: either Netgear does not plan to build or expand any U.S. plant substantial enough to affect its financial results, or the company believes its spending will be minimal and therefore non-material.
Potential impact on consumers and the market
For consumers, the short-term effect is straightforward: Netgear’s newest Wi-Fi 7 and DOCSIS 4.0 products will remain available on store shelves. Retailers and internet-service providers also avoid a supply disruption that could have limited options and raised prices during the transition to next-generation home networking equipment.
Competitors, however, might see the decision as creating an uneven playing field. Router makers facing the same rules may question why Netgear received clearance without disclosing a U.S. manufacturing path while they must invest heavily or risk losing access to the world’s largest consumer market. The result could encourage a lobbying race in which companies argue their devices are likewise safe, diluting the policy’s original focus on domestic production.
Imagem: Sean HollisterCloseSean HollisterSenior
How the router ban first emerged
The “foreign router” rule originated in the wake of high-profile intrusions that exploited small-office and home routers as launchpads for wider attacks on critical infrastructure. Citing those breaches, lawmakers pressed the FCC to prevent potentially compromised hardware from entering the country. The agency responded by framing national security as a supply-chain problem: if devices were built abroad, malicious actors could theoretically sabotage them before they left the factory.
Critics pointed out that routers shipped to the United States, regardless of origin, already undergo FCC equipment authorization testing to verify they do not radiate outside approved frequencies. The router ban added a second hurdle: a requirement that manufacturers relocate production or assemble at least a substantial portion of finished goods on U.S. soil.
Yet the FCC’s conditional-approval process contains no cybersecurity checklist. Applicants are not asked to prove their firmware is secure, demonstrate a vulnerability-management program, or adopt a secure-boot process. Instead, the evaluation centers on supply-chain location, a fact that Netgear’s chief executive alluded to—albeit in a somewhat different framing—when he applauded the government for “strengthening safety and security standards.” Industry observers argue that if cybersecurity were truly paramount, the FCC would tie waivers to measurable improvements in code quality, patch cadence, and support lifespan rather than to where a router’s plastic shell is molded.
Questions that remain unanswered
- Did Netgear submit a domestic-manufacturing timeline? The FCC will not say, and Netgear has provided no timetable, cost estimate, or potential site location.
- Will the conditional approval set a precedent? Router vendors with similar supply chains may cite the decision to request their own exemptions, potentially weakening the entire import restriction.
- Is the waiver permanent? No. The FCC can revoke the approval at any time if the Pentagon changes its assessment or if Netgear violates any terms that have not been disclosed publicly.
- What about firmware updates? Netgear claims continued ability to push updates even after the approval expires. Existing FCC guidance suggests basic security patches were never at risk.
- Have security best practices actually improved? Neither the FCC nor Netgear has announced any new mandatory password requirements, automatic update mechanisms, or end-of-life patch guarantees.
Until the agency publishes the non-confidential portion of Netgear’s application—or the company decides to reveal its roadmap—stakeholders are left to speculate on what convinced federal authorities. One possibility is that the Pentagon, briefed by intelligence agencies, determined current Netgear models do not incorporate suspect components. Another is that the FCC, under pressure to avoid consumer backlash during the transition to Wi-Fi 7, opted for regulatory pragmatism. Either way, the decision underscores the tension between national-security rhetoric and the practicalities of globalized supply chains.
The waiver’s expiration date also aligns with broader timelines. By 2027, the first large-scale U.S. semiconductor fabrication projects funded under the CHIPS and Science Act should be operational, and legislators have hinted at coupling future telecom-equipment rules to that domestic capacity. If enough router makers have moved at least final assembly stateside by then, the FCC may allow Netgear’s waiver to lapse or renew it only if the company can point to tangible bricks-and-mortar investments.
For now, consumers shopping for a new router will notice no immediate change. But behind the scenes, the FCC’s opaque waiver has injected fresh uncertainty into an already complex policy debate over how to balance cybersecurity, supply-chain resilience, and fair competition.
FAQ
- What exactly did the FCC approve?
Netgear received conditional approval to import specific Nighthawk and Orbi routers, as well as CAX-series cable gateways and CM-series cable modems, through October 1, 2027. - Does the waiver mean Netgear will build routers in the United States?
Not necessarily. The FCC’s rules require a manufacturing plan, but Netgear has not publicly disclosed any factory plans or timelines. - Are existing Netgear routers affected?
No. The original import restriction applied only to new models introduced after the policy took effect. Older devices already in the market were never in jeopardy. - Can Netgear still update the software on its routers?
Yes. The FCC does not require approval for routine security patches or bug fixes. Only firmware changes that alter radio-transmission characteristics need sign-off. - Is security the main criterion for the waiver?
Surprisingly, no. The conditional-approval process focuses on supply-chain location rather than cybersecurity features. The Pentagon’s assessment that the devices are not a security risk appears to have been sufficient. - Could the FCC reverse the decision?
Yes. Conditional approvals can be revoked if circumstances change or if a company fails to meet undisclosed conditions. - What happens after October 1, 2027?
Netgear would need another waiver or would have to demonstrate compliance with the domestic-manufacturing requirement to continue importing new router models.
