Dear Reader,
With the proposed Chip Security Act (“the Act”, Senate bill S.1705 and H.R. 3447), currently under discussion in the United States, the elevation of specialised AI chips to a critical geopolitical asset is all but complete. The Act itself mandates location-tracking mechanisms in export-controlled AI chips to address significant diversion risks. With this, Since the 2022 and 2023 chip export controls came into effect, reports indicate that, despite existing export control regimes, advanced U.S.-manufactured AI chips are being illicitly smuggled to unauthorised nations, where they are purportedly integrated into state-directed AI initiatives. Smuggling or diversion mechanisms often involve sophisticated networks utilising shell companies and transhipment points to circumvent U.S. regulations. Most recently, the success of DeepSeek’s R1 frontier large language model has been attributed to a significant number of smuggled NVIDIA H100 GPUs obtained through such illicit channels.
To that end, the Act marks a dramatic shift from traditional point-of-sale export restrictions to active technological surveillance. Unlike existing or prior export controls that restricted destinations and end-users, this bipartisan legislation creates ongoing monitoring obligations for exporters throughout a chip’s entire lifecycle, enabling the real-time detection of diversions to adversary countries, such as China. It represents the most invasive export control mechanism on high-technology so far.
Political Overview
The Act enjoys a surprising degree of bipartisan support across both chambers of Congress, and representatives from key committees, including the House Select Committee on China, the House Intelligence Committee, and the House Foreign Affairs Committee, have cosponsored the legislation. Even as the bill’s introduction follows the regulatory vacuum created by the Trump administration’s rescission of Biden’s AI Diffusion rules and Executive Order. 14110, this kind of broad congressional consensus on semiconductor security concerns increases the likelihood of the bill’s passage regardless of party control. Whether the White House signs it into law after passage is anyone’s guess.
Core Provisions
The Act (pdf) mandates the implementation of “chip security mechanisms” on all export-controlled chips under Export Control Classification Numbers (ECCNs) 3A090, 3A001.z, 4A090, and 4A003.z within 180 days of enactment. A chip security mechanism can be a software, firmware, hardware-enabled or a physical security mechanism that implements location verification before the chip is “exported, re-exported, or transported within or to a foreign country.” Licensed exporters are also required to mandatorily notify the BIS if they detect that chips have been diverted to prohibited locations or users, or have been subject to any tampering attempts to circumvent location verification.
Chips covered under ECCN 3A090 are considered to have a critical role in AI applications and include not just high-end processors that match the US Bureau of Industry and Security’s (BIS) “Total Processing Power” thresholds, but also memory chips such as High Bandwidth Memory (HBM) modules. ECCN 3A001.z, 4A090, and 4A003.z extend definitions of controlled chips to include computer systems or electronic assemblies and products that meet or exceed the thresholds mentioned in 3A090. Therefore, these requirements will apply to both standalone chips and any products containing these components, encompassing a wide range of AI processors and accelerators, server solutions, and even high-end consumer gaming GPUs (such as NVIDIA’s RTX 5090 and RTX 4090, which are already banned from export to China).
The Act initially empowers the Secretary of Commerce to approve the exact manner in which chip security mechanisms are implemented so long as it is “feasible and appropriate at the time of enactment.” While the wording is vague, the intent of the Act appears to be limited to tracking advanced chips and systems and plug leakages in the export-control regime, rather than implementing some sort of backdoor or kill switch in these chips. However, within a year of enactment, the Act also requires that the Secretaries of Commerce and Defense explore and periodically establish specific requirements for chip designers to adhere to as they design secondary security mechanisms in the future (such as workload verification and functionality modification of controlled chips). These requirements are not far off from being considered within the ambit of the definition of a “kill switch”.
However, through this provision, the Act also establishes an incentive structure for nations willing to align themselves with the US’ goals for a ‘trusted technology ecosystem’; it allows for the Department of Commerce to recommend favourable modifications to export controls and offer more flexibility for countries that accept and receive chips with these secondary security mechanisms. In a nutshell, if a country wishes to acquire larger volumes of advanced chips and/or more powerful chips, it is more likely to receive BIS approval if it opts for chips with more intrusive and comprehensive secondary security mechanisms.
The Underpinnings of Geotracing Mechanisms
Previous export control regimes enforced restrictions at the point of export through licensing and paperwork; the proposed system under the Act will enable post-export verification and remote compliance checking. This “techno-legal” integration now creates unprecedented obligations for industry participants, extending beyond merely the exporters and end-users. It shifts compliance costs upstream by placing design obligations directly on designers and foundries. To be clear, we have seen similar real-time verification mechanisms be implemented on exports of military or dual-use products, particularly in the case of F35 fighter jets. However, the scope is now being extended beyond these categories to consumer and commercial computing products not traditionally subject to such controls.
We have seen similar export control regimes since the Cold War-era Coordinating Committee for Multilateral Export Controls, which had created comprehensive restrictions on early semiconductor exports from the US and its allies. But subtracted from subdomains such as military electronics or supercomputing, semiconductors were treated mainly as commercial rather than strategic goods, as globalisation dispersed supply chains for decades. However, while the addition of Huawei to the Entity List in 2018 prominently marks the return of strategic technology controls on chips, a brief historical analysis reveals that the core idea of embedding mechanisms within the exported product itself that can restrict its use or ensure compliance with U.S. controls is not new.
The most direct historical precedent for technology-embedded enforcement was the Clinton Administration's Clipper Chip initiative. In the factory, any new telephone or other device with a Clipper chip would be assigned a cryptographic key, which would then be provided to federal agencies in escrow, acting as ‘trusted third parties’. If it had gotten traction, this would have created a technological enforcement regime whereby the US government could access encrypted communications when authorised by a warrant, effectively building the operational part of the compliance mechanism into the hardware itself.
Hardware Digital Rights Management (DRM) such as AACS have been famously used by Blu-Ray disk players that allow an industry consortium to “achieve total control over the distribution and playback of high-definition optical disks”, and prevent unauthorised playback of disks on players that do not meet specific hardware requirements.
Firmware/software-enabled mechanisms that remotely verify hardware and then limit or brick it if it doesn’t have the requisite credentials are not merely a proof-of-concept either. A few years ago, Intel had reportedly planned to introduce “Software Defined Silicon” to lock its datacenter CPU features behind subscriptions. Customers’ consumption of the full capabilities of their silicon was predicated on Intel providing a remotely verifiable license on clients' data centre servers.
More recently, John Deere's remote disable capability made headlines when Russian forces stole agricultural equipment in Ukraine; John Deere tracked the tractors via GPS and pushed software updates to disable key features needed to operate the tractors. This kind of security mechanism was possibly implemented by revoking licenses for the tractors’ firmware.
At this point, it is decently established that the technological feasibility of adding location verification elements within System-on-Chip (SoC) designs is not an insurmountable obstacle, nor is it particularly costly if designed from the ground up. However, the Act’s imposition of a six-month timeframe for chip designers to begin implementing location verification mechanisms is highly unrealistic. This compressed timeline will be challenging for designers and fabricators of advanced chips, who typically require 2-3 years for major modifications to chip architecture. Adding any new hardware component to a chip design consumes valuable silicon real estate and affects the overall thermal and power envelope of a chip; therefore, hardware chip security mechanisms will incur high overhead costs.
U.S. think tanks, the RAND Corporation, and the Centre for a New American Security (CNAS), published similar research papers last year, exploring hardware-enabled governance mechanisms. The RAND policy paper proposes cryptographically authenticated “Offline Licensing” that controls chip usage even without a network connection (akin to the Blu-ray player example above), as well as hardware limits on high-end consumer GPUs that can prevent them from being aggregated into large supercomputing clusters for AI model training.
Therefore, if the bill becomes law in its current form, most chip designers will likely resort to software-based chip security mechanisms. The CNAS paper estimated that such a location verification mechanism is “feasible and relatively cheap” and could cost less than a million dollars to develop. The Act’s core provisions directly reflect the ideas articulated in both these papers, and far from being a spontaneous legislative reaction to China’s use of smuggled GPUs, it draws its intellectual lineage from an established school of thought at the highest levels of US foreign and defense policy.
The Implications
There are a few implications borne of the fact that the reasoning informing this legislation is becoming the new normal in Washington.
First, the major US semiconductor designers - NVIDIA, Intel, AMD - are central to the success of the Act’s mandates. Integrating secure and reliable geotracing mechanisms into their highly complex chip architectures is not a trivial task and would almost certainly require redesigns of sensitive semiconductor IP and alterations in their established global supply chains.
For example, NVIDIA’s current chip architectures are not designed for post-sale tracking, and the company has indicated that adding such a capability would likely delay product launch schedules and increase development costs. For now, instead of altering its silicon design, NVIDIA is attempting to avoid running afoul of US export controls by continuing to develop China-specific GPU solutions. Its latest B40 AI GPU is cheaper and less powerful than the now-banned H20 GPU, and also eschews HBM modules in favour of much less performant GDDR7 memory (which was a key reason for the H20 ban - HBM memory enables much faster AI inference workloads due to its high bandwidth)
These companies will remain wary of the significant engineering efforts, financial costs, and negative impacts on their product roadmaps. They will likely lobby against the Act’s passage in its current form.
Second, the core provision of the Act - geotracing and security mechanisms in exported chips - compromises technological sovereignty. Even US-allied nations may legitimately question their dependence on chips that can be monitored, even if passively, by a (somewhat unpredictable) US government. Besides the fear of potential misuse of a secondary security mechanism that can render chips useless, nations will also consider it a slippery slope towards more intrusive forms of surveillance or control (like the kinds of workloads being run on them which can give away indicators of potential military or other strategic applications).
In the long term, the Act’s geotracing mandate could be extended not only to finished AI chips but also to critical semiconductor manufacturing equipment, or even chip IP cores (reusable blocks of logic that can be licensed and reused in larger chip designs). India’s emphasis on the importance of technological self-reliance (Atmanirbhar Bharat) and semiconductor supply chain resilience is starting to yield results, with multiple projects having been greenlit under the India Semiconductor Mission. The potential for a foreign power, in this case the United States, to mandate and implement geotracing on critical technology components used within India's borders raises significant concerns for its technological sovereignty.
The (now rescinded) U.S. AI Diffusion rules, which placed India in a Tier 2 category with caps on AI chip imports and restrictions on the deployment of compute power by U.S. cloud providers in India, had already sparked apprehension within Indian policy circles. If advanced U.S.-origin chips embedded with location-tracking technology are deployed in India's critical infrastructure, from digital services and economic platforms, to defense and security systems, it will imply a degree of visibility for the U.S. government into the disposition of these assets.
As such, increasingly intrusive US export control measures inadvertently fuel nations' desires to seek complete domestic control over the entire AI stack, from data and chips to the talent and energy that power it. Countries like India, which have had a clear imperative to develop their indigenous semiconductor capabilities in partnership with the US, may now seek to diversify their sources of critical inputs to the semiconductor stack to non-US suppliers. Trust is going to be difficult to maintain when one party holds a persistent, technologically embedded surveillance capability over another, and the very act of embedding chip security mechanisms may undermine the ‘trusted partnerships’ the US seeks to cultivate. The US will need to achieve international consensus for such measures but the current administration has indicated a preference for unilateral imposition of trade and foreign policy measures regardless of their effects on international alliances.
It is now clear that we are now in uncharted geopolitical and trade waters. For countries like India especially therefore, it becomes imperative to develop domestic chip design and manufacturing capabilities to keep control of their own economic destinies. In the meantime however, there don’t seem to be any good choices for the world.
- Satya