In March 2026, the US Federal Communications Commission (FCC) made a headline-grabbing decision: it banned the import and sale of all new foreign-made consumer routers in America. The reason? They were described as posing an "unacceptable" risk to national security and the cyber safety of ordinary Americans.
You might be thinking: "That's an American problem. I'm running a small business in the UK — what's it got to do with me?" The answer, frankly, is quite a lot. Because the very same routers that worried the US government are sitting in offices, shops, warehouses, and homes across Britain right now — and the threats they enable don't stop at borders.
What Actually Happened in the US?
The FCC added all foreign-manufactured consumer-grade routers to its national security "Covered List" — a register of technology deemed too risky to use in American networks. The ban affects new models going forward, though existing devices aren't recalled. Foreign router manufacturers can apply for a conditional approval from the Department of Homeland Security, but as of writing, none have been granted.
The decision followed a formal National Security Determination from US Executive Branch agencies, which found that foreign-produced routers introduce a supply chain vulnerability capable of disrupting critical infrastructure — and pose a severe cybersecurity risk that could be exploited immediately and at scale.
In plain English: the people in charge of US national security concluded that the routers connecting millions of homes and businesses to the internet cannot be trusted.
Why Should a UK Small Business Owner Care?
Because the router sat under your desk, or in the back room of your shop, or at the heart of your office network, is almost certainly one of those foreign-made devices. And the threats the US government identified aren't hypothetical — they've been actively exploited.
State-sponsored hacker groups, most notably those linked to China and tracked under names like Volt Typhoon, Flax Typhoon, and Salt Typhoon, have been using compromised routers as stepping stones to break into networks. They don't need to target you directly. Instead, they quietly take over thousands of vulnerable routers and stitch them together into a botnet — a hidden army of hijacked devices — which they then use to launch attacks on bigger targets, steal credentials, or spy on internet traffic passing through.
Your router could be enlisted into one of these botnets without you ever knowing. You'd see no slowdown, no warning light, no invoice. It would just silently participate in attacks on other businesses, government systems, or even critical infrastructure — all while your business carries the legal and reputational exposure of being part of it.
The Supply Chain Problem Hiding in Plain Sight
Here's the part that often surprises people: the risk isn't just about hackers exploiting a software bug after you've plugged the router in. The concern with foreign-manufactured hardware runs deeper than that.
When network hardware is produced in countries with different regulatory standards — or where the government can compel manufacturers to cooperate — there is an inherent risk that the device itself could arrive with hidden functionality already baked in. A backdoor that phones home. A firmware feature that enables remote access. Software that was never meant to protect you, but to monitor you.
This is why the phrase "supply chain vulnerability" keeps appearing in security briefings. The risk isn't always introduced by a hacker after the fact. Sometimes it's built in from the start.
What This Means in Practice for Your Business
You don't need to be paranoid, but you do need to be aware. Here's what the router sitting on your network actually controls:
- Every file transfer, email, and video call your staff makes passes through it
- Your payment terminal traffic routes through it if you take card payments
- Your cloud backups, your accounting software, your customer data — all of it travels through that one device
- If it's compromised, an attacker can see everything, redirect your traffic, or lock you out entirely
A compromised router is essentially a compromised business. And unlike a virus on a single laptop, you might never know it's happened.
What Can You Do About It?
You don't need to rip out every router in your building tomorrow. But you do need a plan, and that plan should include the following:
1. Know What You Have
Find out who manufactured your routers and network equipment. If you're not sure, ask your IT supplier or managed service provider. The brand name on the box is often a reseller — find out where it's actually manufactured.
2. Keep Firmware Updated
Many router vulnerabilities are patched by the manufacturer — but only if you apply the updates. Set a monthly reminder to check for firmware updates on all your network hardware, or ask your IT support to do it for you.
3. Segment Your Network
If you're using a single flat network — where your guest Wi-Fi, your staff laptops, your CCTV cameras, and your payment system are all on the same network — you're one compromised device away from everything being exposed. Separate them.
4. Monitor What's On Your Network
You should know what devices are connected to your network and what traffic they're generating. Unusual outbound connections — particularly to overseas IP addresses in the middle of the night — are a red flag.
5. Consider Where Your Security Hardware Comes From
This is where the US ban sends a wider signal. When choosing any network security hardware — firewalls, intrusion detection systems, network monitors — the country of manufacture and the trustworthiness of the supply chain matters. Not because foreign-made automatically means compromised, but because provenance is now a legitimate part of the risk assessment.
"The vulnerabilities introduced into networks and critical infrastructure resulting from foreign-manufactured routers are unacceptable." — US National Security Determination, March 2026
A Note on SOC in a Box: Made in Britain
We want to be transparent here, because it's relevant. SOC in a Box is a security monitoring appliance — not a router — but we're aware it could be superficially perceived as similar hardware sitting on a network. The difference matters enormously in terms of function: our device monitors your network for threats rather than routing your traffic. But the supply chain point stands just as strongly.
SOC in a Box is designed, built, and supported in Britain. We don't manufacture in jurisdictions with conflicting state interests, and we don't have undisclosed relationships with foreign governments. When you put a SOC in a Box on your network, you know exactly what it does, who built it, and where it came from. In a world where the provenance of network hardware is now a national security question, we think that matters — and we think UK small businesses deserve to know it.
The Bigger Picture: Hardware Trust Is Now a Boardroom Issue
For years, cybersecurity conversations for small businesses focused almost entirely on software: antivirus, firewalls, password managers, phishing awareness. Those things still matter enormously. But the US ban on foreign routers signals a shift in how governments and security professionals are thinking about risk. The hardware layer — the physical devices that underpin your entire digital operation — is now under the same scrutiny.
The UK's National Cyber Security Centre (NCSC) has published guidance on supply chain security and continues to update its recommendations as the threat landscape evolves. It's worth reading, and it's worth asking whether your current IT setup would pass a basic supply chain review.
The Bottom Line
The US router ban isn't a piece of American regulatory trivia. It's a signal — from the highest levels of a major allied government — that the hardware connecting our businesses to the internet has become a frontline in an ongoing, largely invisible conflict. UK small businesses aren't immune to the same risks. State-sponsored attackers don't only target governments and large corporations; they build botnets from exactly the kind of devices sitting in small business offices across Britain.
You don't need to panic. But you do need to ask questions about what's on your network, where it came from, and who might be watching through it.
Find Out How Secure Your Network Really Is
SOC in a Box gives UK small businesses enterprise-grade network monitoring in a single British-built appliance. Know what's on your network, detect threats in real time, and sleep a little easier at night.
See how it works