WashingtonTP-Link’s US security patch ban slips to 2029.
The Federal Communications Commission delayed the 2027 deadline; TP-Link and drone-maker DJI keep receiving patches from vendors Washington labels security risks.
No domestic alternative exists at scale; the 2029 deadline carries an “at least” qualifier.
Sources: The Record
THE MARKET REALITY
TP-Link captures roughly 60% of the US consumer and small-business router market. DJI holds an even larger share of the global commercial drone market — north of 70%. A ban without a domestic alternative is a ban that cannot actually be enforced.
WHY ROUTERS MATTER
A router sits between every device in a home or office and the internet. Compromise the router and you see every unencrypted request, can redirect traffic, and can pivot into devices behind it. It is the most privileged box on a typical network and the least frequently patched.
THE VOLT TYPHOON PRECEDENT
In 2023-24, US agencies attributed a campaign called Volt Typhoon to Chinese state actors. The group compromised hundreds of small-office routers — many of them end-of-life TP-Link and similar devices — and used them as staging infrastructure to hide attacks on US critical infrastructure. The routers themselves were not the target; they were the camouflage.
THE PATCH GAP
Most consumer routers receive security updates for 2-5 years after release, if at all. Enterprise gear from Cisco or Juniper gets 7-10 years of patches but costs 10-50x more. The economics of the consumer segment — thin margins, race-to-the-bottom pricing — make long support windows commercially unviable without subsidy or mandate.
WHY 'AT LEAST' 2029
The phrase 'at least' is the tell. It signals that domestic manufacturing capacity for low-cost networking hardware does not exist on a buildable timeline. Almost all consumer routers — including those sold under American brand names — are designed and assembled in Shenzhen and Dongguan. Decoupling requires rebuilding an ecosystem that took China twenty years to construct.
THE DJI DIMENSION
DJI's dominance in commercial drones is not just market share — it is the only vendor whose airframes, flight controllers, cameras, and software stack are vertically integrated at consumer prices. US-made alternatives like Skydio exist but cost 3-5x more and ship in far smaller volumes. Public safety agencies, surveyors, and farmers have built their workflows around hardware Washington wants them to stop buying.