Table of Contents
In today’s fast-evolving technology landscape, security concerns are increasingly shaping the future of connectivity products. One such concern comes from the U.S. Department of Defense (DoD), which maintains a growing list of companies that pose potential national security threats. This list—the 1260H List—has recently gained attention in the 5G space, particularly after Quectel, a leading modem module manufacturer, was added to it in January 2025.
But what exactly is the 1260H List? Why do companies end up on it? How does it differ from the well-known TAA (Trade Agreements Act) compliance list? And most importantly: does it matter if you’re buying a 5G router today?
Let’s break it all down.
What Is the 1260H List?
The 1260H List (formally titled the “Department of Defense List of Chinese Military Companies Operating in the United States”) is a product of Section 1260H of the National Defense Authorization Act (NDAA). It identifies companies that the DoD believes are “Chinese military companies” operating within the U.S. or linked to the Chinese military-industrial complex.
It’s not a ban, per se, but it sends a strong signal: these entities may be involved in espionage, data collection, or other activities contrary to U.S. national interests. Once a company appears on this list, U.S. federal agencies and contractors are discouraged—or sometimes prohibited—from doing business with them. It can also trigger investment restrictions, reputational damage, and downstream scrutiny for companies that rely on their components.
Why Do Companies Get Added?
Companies are added for a variety of reasons, but typically due to:
- Direct ties to the Chinese military
- Suspicion of surveillance or data collection capabilities
- Opaque ownership structures
- Lack of transparency or cooperation with U.S. regulatory agencies
These determinations are made based on intelligence and inter-agency reviews. Being headquartered in China is not automatically a disqualifier—but ties to the Chinese Communist Party (CCP), military interests, or questionable ownership structures raise red flags.
What Happens After a Company Is Listed?
Being added to the 1260H List can have serious consequences:
- Federal purchasing restrictions may follow, making the company’s components off-limits for government contracts.
- Private sector customers—especially in defense, critical infrastructure, and telecom—often drop listed vendors to avoid risk.
- Investors may withdraw, as the Department of Treasury may link the listing to sanctions or executive orders.
- U.S. tech companies may stop sourcing parts from the listed company to maintain eligibility for public-sector contracts.
Companies can challenge their inclusion, but it’s a long, difficult legal and diplomatic process.
Can a Company Get Off the 1260H List?
Yes—but it’s rare. A company must provide compelling evidence that it does not meet the criteria laid out in the NDAA. This often involves proving:
- Independent ownership (free from military or government control)
- Transparency in operations and data handling
- Compliance with U.S. regulatory frameworks
Most companies appeal via formal petitions and legal channels. Some even launch PR campaigns to sway public opinion and influence government review.
The Case of Quectel: Added in 2025
In January 2025, the DoD added Quectel Wireless Solutions Co. Ltd. to the 1260H list. Quectel is a Shanghai-based global manufacturer of wireless communication modules—including 4G and 5G modems that power everything from IoT devices to enterprise-grade routers.
The listing raised eyebrows across the industry because Quectel modules are found in millions of devices globally.
Why was Quectel added?
- Allegations have long circulated that Quectel modules could be used for data exfiltration or remote surveillancedue to their firmware-level access and backend cloud tools.
- U.S. lawmakers and security experts have raised concerns about firmware backdoors, cloud management tools that phone home to China, and supply chain opacity.
Quectel has denied all allegations and claims it is not affiliated with the Chinese military. In fact, the company is currently challenging its inclusion and asserting its independence, security certifications, and compliance with international laws.
What Happens If Quectel Stays on the List?
If Quectel remains on the 1260H list:
- Government agencies and contractors may be banned from using equipment containing Quectel modules.
- Router manufacturers that use Quectel modules may face procurement pushback or market resistance.
- IT security teams in the private sector may begin auditing and replacing devices that include Quectel components.
- Reputation and support from U.S. partners may deteriorate, affecting firmware updates and long-term viability.
Which 5G Router Brands Use Quectel Modules?
At the time of writing, here’s a breakdown:
✅ Router Manufacturers That Use Quectel Modules
- Teltonika (some models)
- Cudy
- Milesight
- MOFI
- Some entry-level generic brands on Amazon or Alibaba
These brands often use Quectel for cost-effective 4G/5G modules in certain router lines.
❌ Router Manufacturers That Do Not Use Quectel
- Peplink – Uses Sierra Wireless, MediaTek, or Qualcomm-based modules.
- Cradlepoint – Uses Qualcomm modules.
- Digi – Uses Sierra Wireless or Qualcomm.
- Inseego – Develops its own modems or uses Qualcomm/Sierra Wireless.
Peplink and Cradlepoint have explicitly marketed their security and supply chain integrity, often citing TAA complianceand U.S.-based firmware development.
TAA Compliance vs. 1260H List: What’s the Difference?
These are two completely different frameworks:
| Feature | 1260H List | TAA Compliance |
|---|---|---|
| Managed by | U.S. Department of Defense | U.S. General Services Administration (GSA) |
| Purpose | National security risk due to military ties | Trade regulation and procurement |
| Applies to | Military and critical infrastructure risk | Federal procurement eligibility |
| Outcome | May lead to bans or investment blocks | Required for GSA contract sales |
| Can include same companies? | Possibly, but not always | Not necessarily tied to national security |
You can be TAA compliant and still be flagged by the DoD—or vice versa. For example, a router could be manufactured in Vietnam (TAA compliant), but still include a Quectel module flagged under the 1260H rule.
Should You Avoid Quectel-Based Routers?
It depends. If you are:
- A government agency or contractor → Yes. Avoid Quectel-based routers entirely to remain compliant.
- A private company in critical infrastructure → Likely. It’s best to err on the side of caution.
- A residential or small business user → Possibly not a major concern yet, but the risk of reduced support or potential bans should be weighed.
What Should You Do if You’re Shopping for a 5G Router Now?
At 5Gstore.com, we recommend:
- Know what’s inside – Don’t just look at brand names; ask what modem module is used in the router.
- Look for transparency – Brands like Peplink and Cradlepoint offer public documentation about their security and module choices.
- Plan for longevity – If you’re investing in infrastructure, choose a router from a manufacturer that is TAA compliant, has no ties to the 1260H list, and has a history of long-term firmware support.
- Ask us – Our team is happy to help you determine which routers meet your organization’s compliance or security needs.
Final Thoughts
The addition of Quectel to the DoD’s 1260H list is more than just a bureaucratic move—it has real implications for the future of 5G networking, especially in government and enterprise settings. While the long-term outcome of Quectel’s appeal remains to be seen, buyers should stay informed and cautious, especially when security, data privacy, or public contracts are at stake.
At 5Gstore.com, we stay on top of these developments so you don’t have to. Whether you’re outfitting a fleet, securing a data center, or upgrading remote infrastructure, we’re here to help you choose the right hardware—with zero guesswork. 5Gstore is working on updating our internal database, so you can shop by module type.
