LegisTrack
Back to all bills
S 1705119th CongressIn Committee

Chip Security Act

Introduced: May 8, 2025
Defense & National SecurityTechnology & Innovation
View on Congress.gov
Standard Summary
Comprehensive overview in 1-2 paragraphs

The Chip Security Act would compel the Secretary of Commerce to establish standards requiring “chip security mechanisms” for certain integrated circuit products before export, reexport, or in-country transfer. The primary requirement, due within 180 days of enactment, is that covered IC products include mechanisms that verify location to deter diversion, theft, or unauthorized use. Licensees exporting such products would must report promptly if a product ends up somewhere other than the license terms, has been diverted, or has been tampered with. The bill also directs a one-year, Defense-Department-coordinated assessment to identify additional secondary security mechanisms (if any) and to develop implementation requirements, with a pathway to adopt them within two years. The act provides enforcement tools (verification of ownership/location, recordkeeping, and information sharing to support compliance) and mandates ongoing annual assessments for three years to evaluate new mechanisms and potential export-control flexibilities for countries that receive security-enhanced products. In short, it creates a framework to harden advanced computing hardware against tampering and export misuse, while linking security features to export-control policy and international trade.

Key Points

  • 1Primary chip security requirement: Within 180 days, all covered IC products must include mechanisms that implement location verification before export, reexport, or in-country transfer to a foreign country.
  • 2Report-and-notify rule: Within 180 days, licensees exporting or transferring such products must report to BIS if the product’s location changes, is diverted, or is tampered with.
  • 3Secondary security mechanisms: Within one year, the Secretary (with the DoD) must assess additional mechanisms, study costs, performance impacts, and vulnerabilities, and determine if any should be required.
  • 4Implementation timeline: If secondary mechanisms are identified as appropriate, they must be implemented so covered IC products are outfitted with them before export/re-export/in-country transfer within two years of completing the assessment; privacy considerations must be prioritized.
  • 5Ongoing oversight and modernization: The Secretary, with DoD, must conduct annual assessments for two more years (three years total) to review new mechanisms and potentially modify export controls to allow more flexible exports to trusted destinations when products include security measures.

Impact Areas

Primary group/area affected: U.S. manufacturers and exporters of covered integrated circuits (including products classified under ECCN 3A090, 3A001.z, 4A090, 4A003.z, or their successors), and the agencies (primarily the Department of Commerce/Bureau of Industry and Security) that oversee export controls.Secondary group/area affected: Foreign end-users and partners receiving U.S.-origin ICs, allied governments involved in export-control policy, and the broader global semiconductor supply chain that handles these products.Additional impacts: Potential increases in development and compliance costs for chip makers; changes to export licensing processes; potential impact on delivery times and pricing; privacy and confidentiality considerations in handling end-user and location data; possible influence on international diplomacy and trade with countries that may face tighter export controls or seek assurance on security mechanisms.
Generated by gpt-5-nano on Oct 7, 2025