TP-Link routers raise cybersecurity alarm for U.S. states

In the United States, TP-Link, a China-based network equipment manufacturer, is currently under investigation by the Department of Justice regarding security and antitrust issues. This comes at a time when Congress is considering new legislation to bolster wireless network security amid concerns over foreign-made routers, particularly those from China. As of May 2025, approximately 65% of the U.S. market for routers used in homes and small businesses is controlled by TP-Link, highlighting the significant prevalence of these devices across various state and local government agencies. Barriers to federal procurement have led to states relying heavily on products from TP-Link, with publicly available data indicating considerable financial investments in these products. For instance, California state agencies have documented expenditures of at least $189,000 on TP-Link routers alone, revealing the widespread dependence on this brand despite recognized vulnerabilities. To address growing security concerns, legislations such as the ROUTERS Act and the FACT Act are being discussed by lawmakers to investigate and mitigate the risks posed by internet routers manufactured in adversarial nations. Yet, these measures primarily target federal issues, raising alarms on the vulnerability of countless state and local entities that lack solid cybersecurity frameworks. Regulations to limit routers from covered countries are suggested, but implementation across the states varies, making the cybersecurity landscape precarious. There's a pressing need for comprehensive reviews of procurement processes and for states to align their infrastructure laws with the evolving security threat posed by foreign technology products, especially in the context of escalating geopolitical tensions.