HR 3447
Chip Security Act
Take action
Record your position on this measure.
Sign in to record your position, submit testimony, or contact your legislator.
Sign in to take action- Introduced
- Passed House
- Passed Senate
- To President
- Became Law
Bill overview
The Chip Security Act requires the Secretary of Commerce to establish standards for security mechanisms in integrated circuit products, often referred to as ‘chips.’ Specifically, it mandates that covered integrated circuits be outfitted with location verification technology before they are exported or transferred to another country. The bill also directs the Secretary to assess and potentially implement additional security measures, and to regularly evaluate new chip security technologies to ensure ongoing protection against unauthorized use and exploitation.
Key provisions
- Requires covered integrated circuits to include location verification technology before export.
- Directs the Secretary to assess and potentially implement additional chip security mechanisms.
- Mandates reporting of suspected diversion or tampering of covered integrated circuits.
- Requires the Secretary to conduct an annual assessment of new chip security mechanisms.
- Establishes a process for the Secretary to recommend modifications to export controls based on new technologies.
- Defines key terms related to chip security and export controls.
- Requires notification to Congress regarding assessment findings and proposed secondary requirements.
- Authorizes the Secretary to verify product ownership and location.
Who is affected
- Manufacturers of integrated circuits
- Companies exporting or reexporting integrated circuits
- Government agencies involved in export controls
- Foreign governments and entities receiving integrated circuits
Sponsors
Official sponsors from legislative records.
Primary sponsor
Cosponsors
Arguments in favor
Reasons to support this legislation.
No arguments in favor have been submitted.
Submit yoursArguments opposed
Reasons to oppose this legislation.
No arguments opposed have been submitted.
Submit yoursRead the latest version inline or switch to a previous version.
119th CONGRESS — 1st Session
H. R. 3447
IN THE HOUSE OF REPRESENTATIVES
A BILL
To require the Secretary of Commerce to issue standards with respect to chip security mechanisms for integrated circuit products, and for other purposes.
This Act may be cited as the Chip Security Act
.
It is the sense of Congress that—
technology developed in the United States should serve as the foundation for the global ecosystem of artificial intelligence to advance the foreign policy and national security objectives of the United States and allies and partners of the United States;
the United States can foster goodwill, strengthen relationships, and support innovative research around the world by providing allies and partners of the United States with advanced computing capabilities;
advanced integrated circuits and computing hardware that is exported from the United States must be protected from diversion, theft, and other unauthorized use or exploitation in order to bolster the competitiveness of the United States and protect the national security of the United States;
implementing chip security mechanisms will improve compliance with the export control laws of the United States, assist allies and partners with guarding computing hardware, and enhance protections from bad actors looking to access, divert, or tamper with advanced integrated circuits and computing hardware; and
implementing chip security mechanisms may help with the detection of smuggling or exploitation of advanced integrated circuits and computing hardware, thereby allowing for increased flexibility in export controls and opening the door for more international partners to receive streamlined and larger shipments of advanced computing hardware.
In this Act:
The term appropriate congressional committees
means—
the Committee on Banking, Housing, and Urban Affairs of the Senate; and
the Committee on Foreign Affairs of the House of Representatives.
The term chip security mechanism
means a software-, firmware-, or hardware-enabled security mechanism or a physical security mechanism.
The term covered integrated circuit product
means—
an integrated circuit classified under Export Control Classification Number 3A090 or 3A001.z;
a computer or other product classified under Export Control Classification Number 4A090 or 4A003.z; or
an integrated circuit or computer or a product containing an integrated circuit or computer that is classified under an Export Control Classification Number that is a successor or substantially similar to the numbers listed in subparagraphs (A) and (B).
The term export
has the meaning given that term in section 1742(3) of the Export Control Reform Act of 2018 (50 U.S.C. 4801(3)).
The term in-country transfer
has the meaning given that term in section 1742(6) of the Export Control Reform Act of 2018 (50 U.S.C. 4801(6)).
The term reexport
has the meaning given that term in section 1742(9) of the Export Control Reform Act of 2018 (50 U.S.C. 4801(9)).
The term Secretary
means the Secretary of Commerce.
Not later than 180 days after the date of the enactment of this Act, the Secretary shall require any covered integrated circuit product to be outfitted with chip security mechanisms that implement location verification, using techniques that are feasible and appropriate on such date of enactment, before it is exported, reexported, or in-country transferred to or in a foreign country.
Not later than 180 days after the date of the enactment of this Act, the Secretary shall require any person that has received a license or other authorization under the Export Control Reform Act of 2018 (50 U.S.C. 4811 et seq.) to export, reexport, or in-country transfer a covered integrated circuit product to promptly report to the Under Secretary of Industry and Security, if the person obtains credible information that the product—
is in a location other than the location specified in the application for the license or other authorization;
has been diverted to a user other than the user specified in the application; or
has been subjected to tampering or an attempt at tampering, including efforts to disable, spoof, manipulate, mislead or circumvent location verification mechanisms or other chip security mechanisms.
Not later than one year after the date of the enactment of this Act, the Secretary shall—
conduct an assessment to identify what additional mechanisms, if any, should be added to the primary chip security mechanisms required under subsection (a)(1)—
to enhance compliance with the requirements of the Export Control Reform Act of 2018;
to prevent, hinder, and detect the unauthorized use, access, or exploitation of covered integrated circuit products;
to identify and monitor smuggling intermediaries; and
to achieve any national security or foreign policy objective of the United States that the Secretary considers appropriate; and
if the Secretary identifies any such mechanism, develop requirements for outfitting covered integrated circuit products with that mechanism.
The assessment required by paragraph (1) shall include—
an examination of the feasibility, reliability, and effectiveness of—
methods and strategies that prevent the tampering, disabling, or other manipulating of covered integrated circuit products;
workload verification methods;
methods to modify the functionality of covered integrated circuit products that have been illicitly acquired; and
any other method the Secretary determines appropriate for the prevention of unauthorized use, access, or exploitation of covered integrated circuit products;
an analysis of—
the potential costs associated with implementing each method examined under clause (i), including an analysis of—
the potential impact of the method on the performance of covered integrated circuit products; and
the potential for the introduction of new vulnerabilities into the products;
the potential benefits of implementing the methods examined under clause (i), including an analysis of the potential increase—
in compliance of covered integrated circuit products with the requirements of the Export Control Reform Act of 2018; and
in detecting, hindering, and preventing unauthorized use, access, or exploitation of the products; and
the susceptibility of the methods examined under clause (i) to tampering, disabling, or other forms of manipulation; and
an estimate of the expected costs to implement at-scale methods to tamper with, disable, or manipulate a covered integrated circuit product, or otherwise circumvent the methods examined under clause (i).
Not later than one year after the date of the enactment of this Act, the Secretary shall submit to the appropriate congressional committees a report on the results of the assessment required by paragraph (1), including—
an identification of the chip security mechanisms, if any, to be included in the requirements for secondary chip security mechanisms; and
if applicable, a roadmap for the timely implementation of the secondary chip security mechanisms.
The report required by paragraph (1) shall be submitted in unclassified form, but may include a classified annex.
If any mechanisms are determined by the Secretary to be appropriate, the Secretary shall, not later than 2 years after the date on which the Secretary completes the assessment required by paragraph (1), require any covered integrated circuit product to be outfitted with the secondary chip security mechanisms identified pursuant to paragraph (1)(A) before the product is exported, reexported, or in-country transferred to or in a foreign country.
In implementing requirements for secondary chip security mechanisms under subparagraph (A), the Secretary shall prioritize confidentiality.
In carrying out this section, the Secretary may—
verify, in a manner the Secretary determines appropriate, the ownership and location of a covered integrated circuit product that has been exported, reexported, or in-country transferred to or in a foreign country;
maintain a record of covered integrated circuit products and include in the record the location and current end-user of each such product; and
require any person who has been granted a license or other authorization under the Export Control Reform Act of 2018 to export, reexport, or in-country transfer a covered integrated circuit product to provide the information needed to maintain the record.
Not later than 2 years after the date of the enactment of this Act, and annually thereafter for 3 years, the Secretary shall—
conduct an assessment of new chip security mechanisms that have been developed in the year preceding the date of the assessment; and
submit to the appropriate congressional committees a report that includes—
a summary of the results of the assessment required by paragraph (1);
an evaluation of whether any of the new mechanisms assessed under paragraph (1) should be added to or replace any of the existing requirements for secondary chip security mechanisms developed under subsection (b)(1); and
any recommendations for modifications to relevant export controls to allow for more flexibility with respect to the countries to or in which covered integrated circuit products may be exported, reexported, or in-country transferred if the products include chip security mechanisms that meet the requirements developed under subsection (b)(1).