Sense of Congress

It is the sense of Congress that—(1)technology developed in the United States should serve as the foundation for the global ecosystem of artificial intelligence to advance the foreign policy and national security objectives of the United States and allies and partners of the United States;(2)the United States can foster goodwill, strengthen relationships, and support innovative research around the world by providing allies and partners of the United States with advanced computing capabilities;(3)advanced integrated circuits and computing hardware that is exported from the United States must be protected from diversion, theft, and other unauthorized use or exploitation in order to bolster the competitiveness of the United States and protect the national security of the United States;(4)implementing chip security mechanisms will improve compliance with the export control laws of the United States, assist allies and partners with guarding computing hardware, and enhance protections from bad actors looking to access, divert, or tamper with advanced integrated circuits and computing hardware; and(5)implementing chip security mechanisms may help with the detection of smuggling or exploitation of advanced integrated circuits and computing hardware, thereby allowing for increased flexibility in export controls and opening the door for more international partners to receive streamlined and larger shipments of advanced computing hardware.

Definitions

In this Act:(1)

Appropriate congressional committees

The term appropriate congressional committees means—(A)the Committee on Banking, Housing, and Urban Affairs of the Senate; and(B)the Committee on Foreign Affairs of the House of Representatives.(2)

Chip Security Mechanism

The term chip security mechanism means a software-, firmware-, or hardware-enabled security mechanism or a physical security mechanism.(3)

Covered integrated circuit product

The term covered integrated circuit product means—(A)an integrated circuit classified under Export Control Classification Number 3A090 or 3A001.z; (B)a computer or other product classified under Export Control Classification Number 4A090 or 4A003.z; or(C)an integrated circuit or computer or a product containing an integrated circuit or computer that is classified under an Export Control Classification Number that is a successor or substantially similar to the numbers listed in subparagraphs (A) and (B).(4)

Export

The term export has the meaning given that term in section 1742(3) of the Export Control Reform Act of 2018 (50 U.S.C. 4801(3)). (5)

In-country transfer

The term in-country transfer has the meaning given that term in section 1742(6) of the Export Control Reform Act of 2018 (50 U.S.C. 4801(6)). (6)

Reexport

The term reexport has the meaning given that term in section 1742(9) of the Export Control Reform Act of 2018 (50 U.S.C. 4801(9)).(7)

Secretary

The term Secretary means the Secretary of Commerce.

Requirements for security mechanisms for export of integrated circuit products

(a)

Primary requirements for chip security mechanisms

(1)

In general

Not later than 180 days after the date of the enactment of this Act, the Secretary shall require any covered integrated circuit product to be outfitted with chip security mechanisms that implement location verification, using techniques that are feasible and appropriate on such date of enactment, before it is exported, reexported, or in-country transferred to or in a foreign country.(2)

Notification requirement

Not later than 180 days after the date of the enactment of this Act, the Secretary shall require any person that has received a license or other authorization under the Export Control Reform Act of 2018 (50 U.S.C. 4811 et seq.) to export, reexport, or in-country transfer a covered integrated circuit product to promptly report to the Under Secretary of Industry and Security, if the person obtains credible information that the product—(A)is in a location other than the location specified in the application for the license or other authorization; (B)has been diverted to a user other than the user specified in the application; or(C)has been subjected to tampering or an attempt at tampering, including efforts to disable, spoof, manipulate, mislead or circumvent location verification mechanisms or other chip security mechanisms.(b)

Development of secondary requirements for chip security mechanisms

(1)

Assessment

(A)

In general

Not later than one year after the date of the enactment of this Act, the Secretary shall, in coordination with the Secretary of Defense—(i)conduct an assessment to identify what additional mechanisms, if any, should be added to the primary chip security mechanisms required under subsection (a)(1)—(I)to enhance compliance with the requirements of the Export Control Reform Act of 2018;(II)to prevent, hinder, and detect the unauthorized use, access, or exploitation of covered integrated circuit products;(III)to identify and monitor smuggling intermediaries; and(IV)to achieve any national security or foreign policy objective of the United States that the Secretary considers appropriate; and(ii)if the Secretary identifies any such mechanism, develop requirements for outfitting covered integrated circuit products with that mechanism.(B)

Elements

The assessment required by paragraph (1) shall include—(i)an examination of the feasibility, reliability, and effectiveness of—(I)methods and strategies that prevent the tampering, disabling, or other manipulating of covered integrated circuit products;(II)workload verification methods;(III)methods to modify the functionality of covered integrated circuit products that have been illicitly acquired; and(IV)any other method the Secretary determines appropriate for the prevention of unauthorized use, access, or exploitation of covered integrated circuit products;(ii)an analysis of—(I)the potential costs associated with implementing each method examined under clause (i), including an analysis of—(aa)the potential impact of the method on the performance of covered integrated circuit products; and(bb)the potential for the introduction of new vulnerabilities into the products;(II)the potential benefits of implementing the methods examined under clause (i), including an analysis of the potential increase—(aa)in compliance of covered integrated circuit products with the requirements of the Export Control Reform Act of 2018; and(bb)in detecting, hindering, and preventing unauthorized use, access, or exploitation of the products; and(III)the susceptibility of the methods examined under clause (i) to tampering, disabling, or other forms of manipulation; and(iii)an estimate of the expected costs to implement at-scale methods to tamper with, disable, or manipulate a covered integrated circuit product, or otherwise circumvent the methods examined under clause (i).(2)

Report to Congress

(A)

In general

Not later than one year after the date of the enactment of this Act, the Secretary, in coordination with the Secretary of Defense, shall submit to the appropriate congressional committees a report on the results of the assessment required by paragraph (1), including—(i)an identification of the chip security mechanisms, if any, to be included in the requirements for secondary chip security mechanisms; and(ii)if applicable, a roadmap for the timely implementation of the secondary chip security mechanisms. (B)

Form

The report required by paragraph (1) shall be submitted in unclassified form, but may include a classified annex. (3)

Implementation

(A)

In general

If any mechanisms are determined by the Secretary to be appropriate, the Secretary shall, not later than 2 years after the date on which the Secretary completes the assessment required by paragraph (1), require any covered integrated circuit product to be outfitted with the secondary chip security mechanisms identified pursuant to paragraph (1)(A) before the product is exported, reexported, or in-country transferred to or in a foreign country. (B)

Privacy

In implementing requirements for secondary chip security mechanisms under subparagraph (A), the Secretary shall prioritize confidentiality. (c)

Enforcement authority

In carrying out this section, the Secretary may—(1)verify, in a manner the Secretary determines appropriate, the ownership and location of a covered integrated circuit product that has been exported, reexported, or in-country transferred to or in a foreign country; (2)maintain a record of covered integrated circuit products and include in the record the location and current end-user of each such product; and(3)require any person who has been granted a license or other authorization under the Export Control Reform Act of 2018 to export, reexport, or in-country transfer a covered integrated circuit product to provide the information needed to maintain the record. (d)

Annual assessment and report on new chip security mechanisms

Not later than 2 years after the date of the enactment of this Act, and annually thereafter for 3 years, the Secretary shall—(1)in coordination with the Secretary of Defense, conduct an assessment of new chip security mechanisms that have been developed in the year preceding the date of the assessment; and(2)submit to the appropriate congressional committees a report that includes—(A)a summary of the results of the assessment required by paragraph (1);(B)an evaluation of whether any of the new mechanisms assessed under paragraph (1) should be added to or replace any of the existing requirements for secondary chip security mechanisms developed under subsection (b)(1); and(C)any recommendations for modifications to relevant export controls to allow for more flexibility with respect to the countries to or in which covered integrated circuit products may be exported, reexported, or in-country transferred if the products include chip security mechanisms that meet the requirements developed under subsection (b)(1).