July 2025
The “Chip Security Act” hopes to bolster U.S. national security by tracking the location of advanced integrated circuits and computing hardware used for artificial intelligence. The bill seeks to protect these from diversion, theft, and unauthorized use by mandating “chip security mechanisms“ for advanced semiconductors. It requires that within 180 days of the bill’s enactment, such products must include location verification capabilities. In fact, the bill and companion legislation in the House will damage American leadership in semiconductors. There are better ways to reduce diversion risk without harming American security and competitiveness.
The bills have serious implementation issues. First, the bills’180 day deadline is unrealistic even if we put aside increased cost and potential damage to performance. While it can take three months (on average) to make a chip, to design and test a new one can take two years or more (according to industry sources). The bills repeats the errors of the AI Diffusion Rule and add a few new ones. The bills assume that policymakers are better placed to determine chip design. This can be rejected out of hand. The Act assumes, incorrectly, that the best way to ensure a U.S. lead in GPUs and AI is to try to deny capabilities to others. Both Huawei’s Ascend and DeepSeek are examples of the shortcomings of a denial strategy, and the bills will not prevent future Chinese AI advances produced by indigenous Chinese capabilities. Underestimating China only ensures more technological surprises. China already leads in hypersonic missiles, drones, shipbuilding, and manufacturing overall. These are much bigger problems than access to GPUs and other advanced chips
If the goal is to prevent diversion, there are better and proven ways to do this. The precedent comes from the export controls designed for non-proliferation, where diversion (of parts for missiles or nuclear weapons, for example), was stamped out. The first step is to expand “Know Your Customer” (KYC) requirements for GPU exporters. KYC requires exporters to become knowledgeable about their customers, transactions, and potential risks of misuse. The second is to expand “know or is informed” authorities. These allow Commerce, based on intelligence information, to deny exports. KYC and “is informed” are well-established for technologies used for weapons of mass destruction. Both have been used for years to prevent exports of proliferation-related items to the wrong end-users or uses. Penalties for violations include loss of export privileges, a severe consequence that companies will work hard to avoid. The best response to GPU diversion is to expand these authorities and increase funding for Commerce’s Bureau of Industrial Security’s enforcement functions.
Instead of requiring a new global monitoring infrastructure network, preventing diversion risk can take advantage of the connections that are already a feature of data centers using American GPUs. Data centers depend on GPU manufacturers through a complex supply chain. Data center operators and GPU cloud providers have direct relationships and strategic partnerships with chip manufacturers and rely on them for support, including technical assistance, replacement parts, and on-site service. Manufacturers regularly release essential firmware and software updates for GPUs and servers to improve performance, add features, and address security vulnerabilities. The U.S. should make it easy to buy American-made chips since customers rely on the manufacturers throughout the chip’s lifecycle. Unauthorized use would be detectable and the ability to deny assistance and updates would provide control. This provides an enforceable, market-friendly, means to control diversion, instead of a requirement for untested networks that have yet to be built.
Many of the proposed solutions rely on technologies that are unproven. A demonstration in a controlled environment does not count, since what works in the lab may not work in a more complex environment. Nor is a global network of “trusted servers” more than a concept. While some chips already have locational capabilities (like “find your phone”), these are for consumer devices, not infrastructure equipment. Of particular concern, some of the suggested changes could undermine cybersecurity by introducing potential vulnerabilities. Finding overseas locations for the “trusted server” network will be difficult (these cannot simply be wished upon Embassies, for example) and we cannot assume seamless, uninterrupted, and cost-free connectivity at all chip locations and for all controlled chips. Firewalls, privacy rules, enforcement, and other issues complicate and potentially subvert the system. There is a hint of Rube Goldberg in all this.
Redesigning chips for a complex and untested network to ping yet-to-be built “trusted servers” is unnecessary. Dealing with diversion risk can take advantage of precedents from WMD diversion and from the connectivity that is already a feature of data centers using American GPUs. Data centers connect to GPU manufacturers through a complex supply chain. Data center operators and GPU cloud providers have direct relationships or strategic partnerships with chip manufacturers and rely on them for support, technical assistance, replacement parts, and on-site service. The U.S. should make it easy to buy American- made chips since customers rely on the manufacturers throughout the chip’s lifecycle. Unauthorized use would be detectable and the ability to deny assistance or updates would provide control. This provides an enforceable, market-friendly, means to control diversion instead of a requirement for untested networks that have yet to be built.
There is a precedent, and it is not encouraging. The Clipper Chip was an attempt by the U.S. to redesign chips and require companies to add security features. While the goal was laudable, the means to achieve it were flawed. Clipper was touted as inexpensive. It was not, and the hypothetical estimates of cost created to justify the Chip Security Act also understate costs and complexity. Clipper would have killed the U.S. lead in internet technologies and a location mandate could do the same for GPUs and AI.
All this suggests that legislation requiring an adequate assessment of any location scheme is the best place to start. The current bills already mandate an assessment within one year to identify and develop chip security mechanisms to prevent unauthorized use and detect smuggling and analyze the feasibility, costs, benefits, and susceptibility to tampering, of various security methods. Any assessment should be assigned to the National Institute of Standards and Technology (NIST), a respected and neutral source of expertise, and any new restrictions or requirements should await completion of the assessment. Given the failed Clipper precedent, the limited research supporting these proposals, and the potential risk to America’s security, a study is the least harmful outcome to identify better alternatives.
Diversion is not new and the U.S. has dealt with it successfully in the past by creating reporting requirements, establishing end-use and end user restrictions, and providing enforcement resources to ensure restrictions are observed. Creating a new and cumbersome system for GPUs and AI is counterproductive and could encourage potential customers to buy from a less regulation-based China – one of the mistakes of the Diffusion Rule was believing that superior performance gave America a chips monopoly. Chinese AI is closing rapidly, even if chips made there still have somewhat lower performance. Now is not the time for unnecessary burdens. KYC and connectivity are better solutions that redesigning chips so they can call home. Law and policy should seek to reinforce American leadership, not undercut it.