Despite its best efforts, TP-Link is still facing the heavy possibility of a ban in the U.S.
Why Is TP-Link Up for a Ban
The U.S. government has been mulling a ban on TP-Link since December of last year due to the company’s Chinese ties. This type of action would mirror actions taken against other Chinese firms including Huawei and more recently TikTok (though the latter has been working towards a deal to ensure it can continue to operate in the U.S).
Concerns mainly center on TP-Link’s origins: the company was founded in Shenzhen, China, in 1996 by brothers Jeffrey (Jianjun) Chao and Jiaxing Zhao.
TP-Link Has Attempted to Address Security Concerns
In 2024, amid congressional scrutiny, TP-Link split into two entities — TP-Link Technologies (based in Shenzhen) and TP-Link Systems (headquartered in Irvine, CA). The latter, owned by Chao and his wife, employs roughly 500 people in the U.S. and 11,000 in China, and manages the company’s American sales and operations.
In April 2025, TP-Link joined the Common Vulnerability and Exposures (CVE) program to further alleviate security concerns. As a CVE Numbering Authority (CNA), TP-Link made itself responsible for investigating and disclosing cybersecurity vulnerabilities and publishing detailed information about them.
However, that proactiveness on TP-Link’s part hasn’t seemed to sway the U.S. government’s concerns yet.
What’s Changed
This week, the Commerce Department’s proposed action against TP-Link gained backing from several federal agencies — including the Departments of Justice, Homeland Security, and Defense — according to The Washington Post.
Officials reportedly concluded that nothing short of a ban would adequately mitigate the risks posed by TP-Link’s networking equipment, which they claim could be subject to Chinese jurisdiction or influence.
“Commerce officials concluded TP-Link Systems products pose a risk because the U.S.-based company’s products handle sensitive American data,” The Washington Post wrote, citing unnamed sources briefed on the matter.
Why the TP-Link Ban Could Be Big for Integrators
Despite the scrutiny, TP-Link remains a dominant player in the U.S. router market. According to The Wall Street Journal, the brand’s share grew from roughly 20% of router sales in 2019 to as high as 65% by 2025.
Another analysis by IT-management firm Lansweeper found that about 12% of home routers currently in use across the U.S. are TP-Link-branded.
More than 300 internet service providers reportedly issue TP-Link routers to subscribers, underlining the scale of potential impact should a ban be enacted.
TP-Link Refutes Claims
TP-Link has repeatedly dismissed U.S. allegations as politically motivated and unsupported by evidence.
“As a U.S. company, no foreign country or government — including China — has access to or control over the design and production of our products,” TP-Link Systems told PCMag earlier this year.
The company emphasized that it is “not state-sponsored” and has “no deep ties” to the Chinese Communist Party.
Additionally, the company has refuted its suggested market dominance, in addition to claims of predatory pricing for its products. The latter of which is a claim currently being examined by a Justice Department antitrust investigation.
Cybersecurity Issues Stated Are Not Singular to TP-Link
While the cybersecurity concerns laid out so far are cause for concern, they are not wholly singular to TP-Link and its products. Cybersecurity researchers have pointed out that router vulnerabilities are an industry-wide concern, not unique to TP-Link.
In the report The Dragon Who Sold His Camaro: Reversing a Custom Router Implant, cybersecurity researcher Itay Cohen noted while discussing a case regarding TP-Link the implanted components weren’t even unique to TP-Link and instead were firmware agnostic.
Additionally, a recent revisit of the Pixie Dust exploit, a vulnerability found in wireless networks decades ago, found that many pieces of associated firmware still had the vulnerability present. Tomas Pace, CEO of NetRise described the situation as “a case study in how insecure defaults and weak patching processes persist in firmware.”
