The Chip Security Act mandates security mechanisms on advanced integrated circuit products exported from the U.S. to protect national security and prevent unauthorized use.
Tom Cotton
Senator
AR
The Chip Security Act mandates the implementation of security mechanisms on advanced integrated circuit products before they are exported to protect U.S. national security interests. This requires the Secretary of Commerce to ensure chips include features verifying location and reporting unauthorized use or tampering. Furthermore, the Act calls for an assessment and potential rollout of secondary security features to enhance export control compliance and prevent misuse by adversaries. The goal is to maintain the U.S. competitive edge by securing sensitive hardware sent to allies and partners.
Chip Security Act Mandates Location Tracking on Exported Advanced AI Hardware Within 180 Days
The Chip Security Act is all about making sure the United States keeps a tight grip on its most advanced semiconductor technology—the stuff powering AI and high-performance computing. Essentially, Congress is saying, “If it’s American-made tech, it should be the foundation for the world’s AI systems, and we need to make sure it doesn't fall into the wrong hands.” This bill targets specific, high-end chips and computer products (those covered under ECCNs like 3A090 and 4A090) that are critical for national security and foreign policy goals.
The New GPS for Your Processor
The biggest and most immediate change is found in Section 4. Within 180 days of this bill becoming law, the Secretary of Commerce will require that any covered advanced chip being exported, re-exported, or transferred overseas must have a “chip security mechanism” built in. This mechanism must be capable of verifying the chip’s location using technology that is available today. Think of it like a mandatory, built-in GPS tracker for high-end processors. If you’re a company that exports these chips, you now have a new compliance hurdle: you must verify that the tech you ship out is trackable.
This isn’t just about tracking, though; it’s also about accountability. If you’re the license holder, you must immediately report to the government if you find out the chip ended up in a different location, with a different person than intended, or if someone tried to tamper with the security features—including faking location data. This puts the burden of policing the hardware squarely on the shoulders of the exporting company, which could mean significant new compliance costs and liability risks.
The Long Game: Tamper-Proofing the Future
Beyond the immediate location tracking, the bill sets up a process to develop even tougher security measures. Within one year, the Secretary of Commerce, working with the Secretary of Defense, must assess what stronger, secondary security features should be required. They are looking into ways to stop tampering, verify workloads (making sure the chip is only running authorized programs), and even potentially change the chip’s function if it’s illegally obtained. They have to study the costs, performance hits, and security vulnerabilities of these new features.
If these secondary features are deemed necessary, the Secretary can require them to be installed within two years of the initial assessment. This is where things get interesting for the tech industry and researchers. If security mechanisms start limiting what the chip can do or how it performs—for example, slowing down processing speed or introducing new security flaws—it could affect the usability of the hardware for legitimate research and commercial purposes abroad. The goal is national security, but the practical challenge is implementing these controls without crippling the technology itself.
Who’s Watching the Watchers?
This Act grants the Secretary of Commerce significant new authority. The Secretary can now check the ownership and location of any covered chip shipped abroad and demand information from license holders to maintain a detailed record of the hardware. For foreign recipients, this means a new reality: the high-performance computing hardware they bought is subject to ongoing monitoring and tracking by the U.S. government. While the intent is to prevent theft by adversaries, this level of oversight could create friction with allies who might view it as an infringement on their sovereignty or a backdoor for continuous U.S. surveillance of their technological infrastructure.
However, there’s a carrot alongside this stick. Congress suggests that if these security mechanisms are effective, the U.S. might gain more flexibility in its export controls. In other words, if the government is confident it can track and disable the chips if they go astray, it might be willing to send larger, faster shipments to a wider range of partners. For the domestic industry, this could eventually mean smoother, less restrictive international business, provided they can handle the initial compliance lift.