[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[H.R. 3447 Introduced in House (IH)]
<DOC>
119th CONGRESS
1st Session
H. R. 3447
To require the Secretary of Commerce to issue standards with respect to
chip security mechanisms for integrated circuit products, and for other
purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
May 15, 2025
Mr. Huizenga (for himself, Mr. Foster, Mr. Moolenaar, Mr.
Krishnamoorthi, Mr. Crawford, Mr. Lieu, Mr. LaHood, and Mr. Gottheimer)
introduced the following bill; which was referred to the Committee on
Foreign Affairs
_______________________________________________________________________
A BILL
To require the Secretary of Commerce to issue standards with respect to
chip security mechanisms for integrated circuit products, and for other
purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Chip Security Act''.
SEC. 2. SENSE OF CONGRESS.
It is the sense of Congress that--
(1) technology developed in the United States should serve
as the foundation for the global ecosystem of artificial
intelligence to advance the foreign policy and national
security objectives of the United States and allies and
partners of the United States;
(2) the United States can foster goodwill, strengthen
relationships, and support innovative research around the world
by providing allies and partners of the United States with
advanced computing capabilities;
(3) advanced integrated circuits and computing hardware
that is exported from the United States must be protected from
diversion, theft, and other unauthorized use or exploitation in
order to bolster the competitiveness of the United States and
protect the national security of the United States;
(4) implementing chip security mechanisms will improve
compliance with the export control laws of the United States,
assist allies and partners with guarding computing hardware,
and enhance protections from bad actors looking to access,
divert, or tamper with advanced integrated circuits and
computing hardware; and
(5) implementing chip security mechanisms may help with the
detection of smuggling or exploitation of advanced integrated
circuits and computing hardware, thereby allowing for increased
flexibility in export controls and opening the door for more
international partners to receive streamlined and larger
shipments of advanced computing hardware.
SEC. 3. DEFINITIONS.
In this Act:
(1) Appropriate congressional committees.--The term
``appropriate congressional committees'' means--
(A) the Committee on Banking, Housing, and Urban
Affairs of the Senate; and
(B) the Committee on Foreign Affairs of the House
of Representatives.
(2) Chip security mechanism.--The term ``chip security
mechanism'' means a software-, firmware-, or hardware-enabled
security mechanism or a physical security mechanism.
(3) Covered integrated circuit product.--The term ``covered
integrated circuit product'' means--
(A) an integrated circuit classified under Export
Control Classification Number 3A090 or 3A001.z;
(B) a computer or other product classified under
Export Control Classification Number 4A090 or 4A003.z;
or
(C) an integrated circuit or computer or a product
containing an integrated circuit or computer that is
classified under an Export Control Classification
Number that is a successor or substantially similar to
the numbers listed in subparagraphs (A) and (B).
(4) Export.--The term ``export'' has the meaning given that
term in section 1742(3) of the Export Control Reform Act of
2018 (50 U.S.C. 4801(3)).
(5) In-country transfer.--The term ``in-country transfer''
has the meaning given that term in section 1742(6) of the
Export Control Reform Act of 2018 (50 U.S.C. 4801(6)).
(6) Reexport.--The term ``reexport'' has the meaning given
that term in section 1742(9) of the Export Control Reform Act
of 2018 (50 U.S.C. 4801(9)).
(7) Secretary.--The term ``Secretary'' means the Secretary
of Commerce.
SEC. 4. REQUIREMENTS FOR SECURITY MECHANISMS FOR EXPORT OF INTEGRATED
CIRCUIT PRODUCTS.
(a) Primary Requirements for Chip Security Mechanisms.--
(1) In general.--Not later than 180 days after the date of
the enactment of this Act, the Secretary shall require any
covered integrated circuit product to be outfitted with chip
security mechanisms that implement location verification, using
techniques that are feasible and appropriate on such date of
enactment, before it is exported, reexported, or in-country
transferred to or in a foreign country.
(2) Notification requirement.--Not later than 180 days
after the date of the enactment of this Act, the Secretary
shall require any person that has received a license or other
authorization under the Export Control Reform Act of 2018 (50
U.S.C. 4811 et seq.) to export, reexport, or in-country
transfer a covered integrated circuit product to promptly
report to the Under Secretary of Industry and Security, if the
person obtains credible information that the product--
(A) is in a location other than the location
specified in the application for the license or other
authorization;
(B) has been diverted to a user other than the user
specified in the application; or
(C) has been subjected to tampering or an attempt
at tampering, including efforts to disable, spoof,
manipulate, mislead or circumvent location verification
mechanisms or other chip security mechanisms.
(b) Development of Secondary Requirements for Chip Security
Mechanisms.--
(1) Assessment.--
(A) In general.--Not later than one year after the
date of the enactment of this Act, the Secretary
shall--
(i) conduct an assessment to identify what
additional mechanisms, if any, should be added
to the primary chip security mechanisms
required under subsection (a)(1)--
(I) to enhance compliance with the
requirements of the Export Control
Reform Act of 2018;
(II) to prevent, hinder, and detect
the unauthorized use, access, or
exploitation of covered integrated
circuit products;
(III) to identify and monitor
smuggling intermediaries; and
(IV) to achieve any national
security or foreign policy objective of
the United States that the Secretary
considers appropriate; and
(ii) if the Secretary identifies any such
mechanism, develop requirements for outfitting
covered integrated circuit products with that
mechanism.
(B) Elements.--The assessment required by paragraph
(1) shall include--
(i) an examination of the feasibility,
reliability, and effectiveness of--
(I) methods and strategies that
prevent the tampering, disabling, or
other manipulating of covered
integrated circuit products;
(II) workload verification methods;
(III) methods to modify the
functionality of covered integrated
circuit products that have been
illicitly acquired; and
(IV) any other method the Secretary
determines appropriate for the
prevention of unauthorized use, access,
or exploitation of covered integrated
circuit products;
(ii) an analysis of--
(I) the potential costs associated
with implementing each method examined
under clause (i), including an analysis
of--
(aa) the potential impact
of the method on the
performance of covered
integrated circuit products;
and
(bb) the potential for the
introduction of new
vulnerabilities into the
products;
(II) the potential benefits of
implementing the methods examined under
clause (i), including an analysis of
the potential increase--
(aa) in compliance of
covered integrated circuit
products with the requirements
of the Export Control Reform
Act of 2018; and
(bb) in detecting,
hindering, and preventing
unauthorized use, access, or
exploitation of the products;
and
(III) the susceptibility of the
methods examined under clause (i) to
tampering, disabling, or other forms of
manipulation; and
(iii) an estimate of the expected costs to
implement at-scale methods to tamper with,
disable, or manipulate a covered integrated
circuit product, or otherwise circumvent the
methods examined under clause (i).
(2) Report to congress.--
(A) In general.--Not later than one year after the
date of the enactment of this Act, the Secretary shall
submit to the appropriate congressional committees a
report on the results of the assessment required by
paragraph (1), including--
(i) an identification of the chip security
mechanisms, if any, to be included in the
requirements for secondary chip security
mechanisms; and
(ii) if applicable, a roadmap for the
timely implementation of the secondary chip
security mechanisms.
(B) Form.--The report required by paragraph (1)
shall be submitted in unclassified form, but may
include a classified annex.
(3) Implementation.--
(A) In general.--If any mechanisms are determined
by the Secretary to be appropriate, the Secretary
shall, not later than 2 years after the date on which
the Secretary completes the assessment required by
paragraph (1), require any covered integrated circuit
product to be outfitted with the secondary chip
security mechanisms identified pursuant to paragraph
(1)(A) before the product is exported, reexported, or
in-country transferred to or in a foreign country.
(B) Privacy.--In implementing requirements for
secondary chip security mechanisms under subparagraph
(A), the Secretary shall prioritize confidentiality.
(c) Enforcement Authority.--In carrying out this section, the
Secretary may--
(1) verify, in a manner the Secretary determines
appropriate, the ownership and location of a covered integrated
circuit product that has been exported, reexported, or in-
country transferred to or in a foreign country;
(2) maintain a record of covered integrated circuit
products and include in the record the location and current
end-user of each such product; and
(3) require any person who has been granted a license or
other authorization under the Export Control Reform Act of 2018
to export, reexport, or in-country transfer a covered
integrated circuit product to provide the information needed to
maintain the record.
(d) Annual Assessment and Report on New Chip Security Mechanisms.--
Not later than 2 years after the date of the enactment of this Act, and
annually thereafter for 3 years, the Secretary shall--
(1) conduct an assessment of new chip security mechanisms
that have been developed in the year preceding the date of the
assessment; and
(2) submit to the appropriate congressional committees a
report that includes--
(A) a summary of the results of the assessment
required by paragraph (1);
(B) an evaluation of whether any of the new
mechanisms assessed under paragraph (1) should be added
to or replace any of the existing requirements for
secondary chip security mechanisms developed under
subsection (b)(1); and
(C) any recommendations for modifications to
relevant export controls to allow for more flexibility
with respect to the countries to or in which covered
integrated circuit products may be exported,
reexported, or in-country transferred if the products
include chip security mechanisms that meet the
requirements developed under subsection (b)(1).
<all>