In a step closer to banning Chinese router giant TP-Link from selling in the United States, the U.S. Department of Commerce has reportedly received support from multiple agencies, including the Department of Justice, the Department of Homeland Security, and the Department of Defense, after months of review, as reported by The Washington Post on Thursday, October 30th.
This move clears obstacles for the Commerce Department to initiate the ban process. Initially, the Department will notify TP-Link, requesting a response within 30 days. Subsequently, the Department will have an additional 30 days to consider any objections raised by the company before formally implementing the ban.
According to sources cited by The Washington Post, the Commerce Department believes that a complete ban on TP-Link sales in the U.S. is the only feasible method, citing the company’s connections to China as a national security threat to the United States.
It remains unclear when the Commerce Department will move forward with this ban, especially considering the nearing one-month shutdown of the U.S. government.
TP-Link routers hold approximately 65% market share in the U.S. household and small business router market due to their affordable pricing. They are also the preferred router brand on e-commerce platform Amazon and provide network communication services to the U.S. Department of Defense and other federal government agencies.
Following a series of attacks on routers, bipartisan lawmakers have grown increasingly concerned about potential security vulnerabilities in TP-Link routers, fearing they could be easily breached by Chinese hackers to attack U.S. networks. In May, more than ten Republican lawmakers, including Senator Tom Cotton, chairman of the Senate Intelligence Committee, urged the U.S. to halt further sales of TP-Link products.
During a hearing in March, House Intelligence Committee Democratic chief Raja Krishnamoorthi displayed a TP-Link router, cautioning against its use and stating he did not have one at home.
President Trump signed an executive order in 2019 authorizing an investigation into TP-Link. In 2024, the Biden administration officially launched the investigation, leaving further actions to Trump’s potential second term.
Reports from Bloomberg have confirmed that TP-Link routers are among the brands exploited by hackers supported by the Chinese government. These hackers have orchestrated large-scale cyber attacks named “Volt Typhoon” and “Salt Typhoon” targeting critical U.S. infrastructure such as water resources, transportation networks, telecommunication, and internet companies.
In 2024, Microsoft highlighted that since at least 2021, Chinese hackers have utilized compromised TP-Link routers to form a clandestine network to steal sensitive credentials of Microsoft customers.
Microsoft stated that multiple Chinese hacker groups have used this network for espionage. TP-Link Systems released patches in November 2024 to address vulnerabilities in these compromised devices, but it had been four months since the initial vulnerability report, and these devices had been discontinued without further updates. TP-Link stated that this action demonstrates their commitment to voluntarily resolve security issues beyond legal obligations.
Dismissing security concerns, TP-Link refuted allegations as unfounded and based on misinformation. Their router sales in the U.S. are managed by TP-Link Systems in Irvine, California, following the company’s separation from its Chinese parent company in 2022.
TP-Link Systems stated in May: “As a U.S. company, no foreign or government – including China – has the authority to access or control the design and production of our products.”
TP-Link further added: “It needs to be clarified that TP-Link is not a state-owned enterprise, has no ‘close ties’ with the Chinese Communist Party, and is entirely independent of the CCP. Accusations that malicious actors from China use our routers for network attacks are misleading and dishonest – routers from many companies have been targets of attacks.”
While other U.S. router manufacturers also rely on Chinese suppliers, U.S. officials express greater concerns about TP-Link due to Chinese laws that require companies in China to comply with intelligence agencies and report security vulnerabilities to Beijing. They suggest that TP-Link’s Chinese division may even be compelled to push software updates that could alter device functionalities.
U.S. officials worry that TP-Link Systems, separated from its Chinese parent company, may still be influenced by Beijing, potentially jeopardizing the data security of American users. Reportedly, the company still holds some assets of its former parent company in China.