Dive Brief:
- Congressional Republicans called on the U.S. Department of Commerce to prohibit the Chinese networking equipment company TP-Link from selling its products in the U.S.
- The letter from 17 lawmakers, led by Senate Intelligence Committee Chair Tom Cotton (R-Ark.), cites the national security risks of embedding Chinese technology in U.S. supply chains.
- President Donald Trump gave Commerce far-reaching powers to restrict U.S. technology purchases on cybersecurity grounds in his first term, and his current team sees Beijing as the U.S.’s most formidable adversary.
Dive Insight:
Cotton’s letter reflects the appetite among many congressional Republicans for strict controls on Chinese companies’ ability to access the U.S. market, especially when their products could jeopardize U.S. national security. “TP-Link’s deep ties to the Chinese Communist Party (CCP), use of predatory pricing to eliminate trusted U.S. alternatives, and role in embedding foreign surveillance and destructive capabilities into our networks render it a clear and present danger,” the lawmakers wrote to Commerce Secretary Howard Lutnick.
The letter’s signatories pointed to the dangers of security flaws in TP-Link’s small office/home office routers, a popular target of the Chinese hackers behind alarming breaches of U.S. critical infrastructure.
Over the past decade, administrations of both parties have tried to address the cybersecurity vulnerabilities created by the U.S.’s use of technology supplied by companies based in adversarial nations. In 2017, the first Trump administration banned the Russian antivirus software maker Kaspersky from federal government networks, and in 2024, the Biden administration followed up with a total nationwide ban on Kaspersky use. Both administrations also prohibited various purchases of telecommunications and surveillance technology from Chinese firms Huawei and ZTE.
Those companies were relatively easy to block from the U.S. TP-Link’s products are much more popular, however, so a ban may be more difficult. Critics of the company point to its market share as evidence of the risk it poses; the company recently disputed claims about its hold on the U.S. market, calling them “grossly inflated.”
TP-Link has also disputed other allegations that the congressional letter repeats, including that the company is subject to intrusive Chinese data-access laws, that its products are uniquely riddled with security flaws and that it has rejected industry efforts to combat Chinese botnets.
The company told Cybersecurity Dive in a statement that the latest letter made “categorically false” allegations. “TP-Link has been the victim of a smear campaign, driven by the goal of removing a competitor from the marketplace,” the company said. “The Commerce Department does not have legal authority to immediately prohibit sales of TP-Link products. But we are confident that any … investigation will lead the Commerce Department to recognize the security of TP-Link’s operations and products.”
Lawmakers on both sides of the aisle have repeatedly urged the U.S. government to ban TP-Link. But the true extent of the risk that the company poses remains unclear.
“This is nice to have, but not essential,” said Paul Rosenzweig, a former Department of Homeland Security official, who argued that TP-Link was “much less of a risk” than Huawei. In addition, Rosenzweig said, banning the company “seems inconsistent” with Trump’s attempts to negotiate a trade deal with China.
The Trump administration has yet to announce a plan for addressing supply-chain security risks. Its decision on a TP-Link ban could provide a hint of how it intends to balance national security and global trade concerns.
