If you’ve been selling managed network services with TP-Link gear, you have a problem. The same is true if your standard SMB deployment runs Asus or Netgear. The FCC officially added all foreign-made consumer routers to its Covered List on March 23, prohibiting approval of any new models. No exemptions have been granted. No alternatives are queued up. China manufactures approximately 60% of US market routers — a number that captures most of what MSPs have standardized on for years.
This is a strategy problem, not a procurement headache.
What the ban actually covers
The FCC’s order targets any router where “any major stage of the process — including manufacturing, assembly, design and development” occurs outside the US. That’s an aggressive standard. Under it, TP-Link, Asus, and Netgear all qualify as foreign-made. Starlink’s newer router models appear to be among the only exceptions currently on the market.
Existing routers aren’t pulled. You can keep using gear already deployed. But firmware updates are only guaranteed through March 1, 2027, and once a device needs replacement (hardware failure, end of support, an insurance requirement), you can’t swap it for the same model.
The FCC justified the move by pointing to three state-linked threat campaigns: Volt Typhoon, Flax Typhoon, and Salt Typhoon. Salt Typhoon is the one channel partners should study closely. That campaign specifically exploited routers to breach the networks of AT&T, Verizon, and Lumen. The routers in that case were Cisco (an American company), but the FCC’s response was to ban the foreign supply chain broadly, betting that domestic or exempted hardware is structurally harder to compromise at scale.
Whether that logic holds under scrutiny is a separate debate. The policy is real. The timeline is now.
The dead playbook
For most SMB-focused MSPs, the router strategy looked like this: pick a reliable brand (often TP-Link for cost efficiency), standardize on a model, and build service delivery around consistency. Uniform firmware. Familiar management interfaces. Predictable support workflows.
That model is done.
There’s no approved domestic replacement ready to absorb 60% of the US market overnight. The supply gap is real and isn’t closing fast. Manufacturers can apply for a “Conditional Approval” exemption from the FCC, but none have been granted yet. Until exemptions come through, MSPs standardizing new deployments have a short list: Cisco (enterprise-grade, enterprise-priced), Ubiquiti (some lines manufactured domestically — verify current production), or holding existing inventory while the market figures itself out.
The pricing math is simple. When 60% of supply disappears, the remaining 40% gets expensive. This stacks on top of an already difficult hardware cost environment where server and PC prices have surged 15-20% driven by the AI memory crunch. Margin compression is the default outcome unless you reframe what you’re selling.
The service opportunity most MSPs will miss
Here’s the read most channel publications will get wrong: this isn’t just a procurement disruption. It’s a sales conversation.
Every SMB running foreign-made routers is now operating infrastructure that the US government has formally designated an “unacceptable risk.” That language matters. It’s the same framing that drives cyber insurance requirements and compliance audits. Your clients with healthcare or finance exposure will hear about this — from their insurers, their compliance officers, or eventually from you.
The MSPs who move first can package a “FCC-Compliant Network Audit” as a proactive engagement. Identify which client sites are running covered devices. Assess the risk timeline. Build a phased refresh roadmap. That’s billable work, not a commodity service call. We’ve covered how attackers are increasingly using MSP tools themselves as the entry vector — the edge hardware securing client networks is the next front. This ban gives you the policy hook to make that conversation easy.
The short-term pain is real: supply constraints, price increases, customers pushing back on hardware refresh costs they didn’t budget for. But that friction exists whether you surface it or not. MSPs who wait for clients to raise it will be explaining themselves. The ones who bring it first will be running it.
What to do this week
Run an audit of current client hardware deployments. Flag every site running TP-Link, Asus, or Netgear equipment. That’s your exposure list.
Start conversations now. Not because there’s an immediate failure risk, but because 12-18 months of refresh planning beats emergency replacements in early 2027 when firmware support ends. Clients who’ve gone through a surprise network outage don’t forget it.
Watch the FCC’s Conditional Approvals page for new entries. That’s where alternative suppliers will show up first, and being first to know which products qualify is a genuine competitive edge.
The broader network perimeter story was already changing before this week. The FCC just added procurement urgency to a security conversation that should have been happening anyway.
The ban changed your hardware strategy. What you build around it is still your choice.