The Unintended Consequence of the Chip Security Act

Next week, the House Foreign Affairs Committee will consider the Chip Security Act (S.1705/H.R.3447), which would require companies to track exported AI chips.

While there are valid commercial reasons for companies to pursue location verification, a government chip tracking mandate would create the impression of deepening U.S. government control over the American AI stack, fueling questions about the security, reliability, and privacy of U.S. technology, and pushing the very countries that should be core customers of U.S. providers toward alternatives.

ITI member companies design, build, and deliver the models, hardware, software, data centers, cloud services, networking solutions, and applications that make up the American AI stack. This gives ITI a unique perspective on how proposals like the Chip Security Act affect the competitiveness of companies up and down the technology value chain across the technology ecosystem.

We are seeing allies and partners increasingly expressing concerns – albeit unfounded ones – about the security, privacy, and reliability of U.S. technology. For example, some countries are looking to replace U.S. software systems with open-source alternatives, while others have moved forward with bans on government use of certain U.S. software products.

To make matters worse, the latest version of the Chip Security Act raises the possibility of requiring “workload verification methods.” Even alluding to a requirement for companies to report to the U.S. government on tasks being run on American chips, and by cloud service providers would exacerbate the privacy and security concerns of potential consumers – both governments and private companies – in friendly markets. This comes at a time when technology companies are already being told by traditional allies and partners that U.S. vendors need not apply for contracts.

If the Chip Security Act were to pass, Chinese companies would market their products as tracking-free, forcing U.S. partners and allies to choose between the higher-performance U.S. AI stack and what they may perceive as the more reliable, secure, and privacy-protective Chinese option.

It is worth noting that Chinese AI model companies are already “aggressively courting governments in developing countries,” and Chinese telecommunications companies are finding success selling highly sensitive systems to U.S. partners. China’s goal is to make its AI stack dominant around the world, and its technology stack is increasingly competitive, especially in developing markets hungry for AI capabilities.

Instead of requiring U.S. companies to track AI chips, policymakers should address export control avoidance by increasing funding and staffing for the Department of Commerce’s Bureau of Industry and Security (BIS), which administers and enforces U.S. export controls.

Congress should also address other threats to the competitiveness of the U.S. AI stack, such as large-scale efforts by Chinese AI developers to distill U.S. frontier models, effectively allowing them to copy the work of U.S. AI labs.

Congress has done important bipartisan work over several years that recognizes the importance of a U.S.-led AI stack to American economic and national security. Ultimately, the Chip Security Act will make this goal more difficult to achieve by generating questions about the reliability of the U.S. AI stack and pushing the very countries that should be core customers toward non-U.S. alternative providers. Greater staffing, resourcing, and oversight of BIS will more effectively address the concerns animating the Chip Security Act, without the unintended consequence of reducing trust in U.S. technology globally.

-- Mike Flynn, Information Technology Industry Council (ITI), USA.