Blog

Are TP-Link routers safe to use in India? What the US ban means for India?

Are TP-Link routers safe to buy and use in India right now? Yes, as of mid-2026, there is no restriction on buying, selling, or using TP-Link routers in India. No Indian regulatory body has taken action against TP-Link, and the routers continue to be widely sold through authorized channels, including ours at FGTech.

What has happened is in the United States, and understanding the specifics matters because the headlines can be misleading. The US action is broader than most people realize (it covers all foreign-made routers, not just TP-Link), the security concerns are real but contested, and the impact on Indian buyers is, at this point, indirect. This blog lays out what we know, what we don't, and what you should actually consider before buying.

What happened in the US?

On March 23, 2026, the US Federal Communications Commission (FCC) added all consumer-grade routers manufactured outside the United States to its ‘Covered List’. The Covered List is the FCC's registry of equipment considered a national security risk. Equipment on this list cannot receive new FCC authorization, which means new router models produced abroad cannot be legally imported or sold in the US going forward.

This is important to understand clearly: the ban is not TP-Link-specific. It covers every foreign-made consumer router, including models from Netgear, ASUS, Linksys, Ubiquiti, and others. The FCC's published order, DA 26-278, states that the decision was based on a National Security Determination from an interagency body that concluded foreign-produced routers pose risks to US critical infrastructure.

The ban does not apply retroactively. Routers already authorized and sold in the US remain legal to own, use, and receive firmware updates. Existing inventory can still be sold. Only new models seeking FCC certification after March 23, 2026 are affected.

Why is TP-Link specifically in the headlines?

The broader ban covers all foreign-made routers, but TP-Link has been under separate, targeted scrutiny for longer. Here's the timeline of what's been reported, with sources:

The US Department of Justice opened a criminal antitrust investigation into TP-Link's pricing practices. This was first reported in April 2025 by the Wall Street Journal. Separately, the Federal Trade Commission began an inquiry into whether TP-Link misled US consumers about the degree of separation between TP-Link Systems Inc. (the US entity) and its Chinese parent company.

In February 2026, the Texas Attorney General filed a lawsuit alleging that TP-Link products had been used by Chinese state-sponsored hacking groups to launch cyberattacks against US targets, and that TP-Link's supply chain ties to China subject it to Chinese national data laws.

The cybersecurity concerns cited across these investigations center on three documented campaigns: Volt Typhoon, Salt Typhoon, and Flax Typhoon. These were Chinese state-linked hacking operations that used compromised consumer routers (among other devices) as entry points to infiltrate US infrastructure. According to a Microsoft analysis published in October 2024, thousands of compromised TP-Link routers were identified as part of one of these botnets. Check Point Research, a cybersecurity firm, identified a Chinese hacking group using compromised TP-Link routers to target European foreign affairs entities as early as May 2023.

What does TP-Link say in response?

TP-Link has publicly denied all of these allegations. The company states that TP-Link Systems Inc. is an American-headquartered company with no connections to the Chinese Communist Party. CEO Jeffrey Chao has stated publicly that he has never had connections with the CCP.

On its security commitment page (tp-link.com/us/landing/security-commitment), TP-Link states that all US-market networking products are manufactured in Vietnam, that R&D is managed from the US by TP-Link Systems engineers, and that the company controls its full supply chain rather than outsourcing to ODMs (original design manufacturers). TP-Link also publishes SBOMs (software bills of materials) for its products and uses code signing and binary signing to verify firmware integrity.

CSO Online reported in March 2025 that, at the time of the investigation, there was no public evidence that TP-Link had deliberately built backdoors into its products. The vulnerabilities exploited in the Volt Typhoon and Flax Typhoon campaigns were firmware bugs, the kind that affect routers from multiple manufacturers, not TP-Link-specific implants. Whether that distinction fully addresses the concern is a matter of ongoing debate among security researchers.

We're stating both sides here because the honest answer is that this situation is not resolved. The investigations are ongoing, the FCC exemption process is untested, and security researchers disagree on the severity of the risk.

Does any of this apply to India?

As of July 2026, no.

India's Department of Telecommunications (DoT) has not placed any restrictions on TP-Link networking hardware. The Bureau of Indian Standards (BIS) continues to certify TP-Link products. 

In May 2026, TP-Link announced it had begun manufacturing Wi-Fi 7 networking hardware in India through local EMS (electronics manufacturing services) partners under the Make in India initiative. According to reporting by TechTimes, this makes TP-Link one of the first global networking brands to produce Wi-Fi 7 hardware on Indian soil. The timing, coming two months after the FCC ban, is clearly strategic: manufacturing in India gives TP-Link a supply chain narrative that distances it from the Chinese-origin concerns driving the US action.

Whether India will independently evaluate TP-Link's security posture is an open question. India has its own history of restricting Chinese technology companies (the 2020 app bans being the most prominent example), but there has been no public signal of router-level restrictions as of mid-2026.

Should you worry about security if you already own a TP-Link router?

The practical security risk for a home user in India is worth putting in proportion.

The attacks cited in the US investigations exploited firmware vulnerabilities in routers that had not been updated, were running default credentials, or were exposed to the internet with remote management enabled. These are configuration problems, not problems unique to TP-Link's hardware design. Routers from Netgear, D-Link, ASUS, and others have had similar vulnerabilities exploited in similar campaigns over the years.

If you own a TP-Link router right now, the most effective things you can do are practical and apply regardless of brand:

Update your firmware. Log into your router admin panel and check for pending updates. TP-Link has stated that existing routers will continue receiving firmware and security updates regardless of the FCC action. Change your admin password from the default. A surprising number of routers in the field still use "admin/admin." If you haven't changed yours, do it now. Disable remote management unless you specifically need it. This closes the most common attack vector used in the campaigns cited above. Use WPA3 or WPA2 encryption (AES). If your router only supports WEP or TKIP, it's old enough that you should replace it regardless of brand.

These steps don't eliminate all theoretical risk, but they address the specific attack patterns that were documented in the Volt Typhoon and Flax Typhoon investigations.

Should you buy TP-Link in India going forward?

This is where we'll share our position as a networking reseller and be transparent about what it's based on.

We continue to stock and sell TP-Link products. Our reasoning: the US action is geopolitical and regulatory, driven by supply chain concerns about foreign manufacturing broadly, not by a discovered backdoor in TP-Link hardware specifically. The security vulnerabilities that were exploited are firmware-level issues that TP-Link has been patching, and similar vulnerabilities have affected every major router brand at various points. No Indian regulatory body has flagged TP-Link. And TP-Link's price-to-performance ratio in the Indian market remains strong, particularly in the Wi-Fi 6 and mesh categories where alternatives at the same price points are limited.

We're not dismissing the concerns. If the DOJ investigation or FTC inquiry produces evidence of deliberate compromise, that would change the calculus entirely. If India's DoT or CERT-In (the Indian Computer Emergency Response Team) issues guidance on TP-Link products, we would follow it immediately. But based on what's publicly known as of mid-2026, we don't see a basis for advising customers against buying TP-Link in India.

If you personally weigh supply chain origin heavily in your purchasing decisions, that's a reasonable position. Alternatives in the Indian market include D-Link (Taiwanese), Netgear (American-headquartered, though also manufacturing overseas), and Ubiquiti (American-headquartered). Each has its own trade-offs on price, features, and India availability.