US Chip Security Act Mandates Location Tracking on Export-Controlled AI Accelerators
Key Takeaways
- ▸Exporters of US AI accelerators must implement location-tracking mechanisms within 180 days, with mandatory reporting if chips move from licensed locations
- ▸The bill responds to verified smuggling: DeepSeek obtained ~60,000 restricted NVIDIA chips through illegal diversions routed through Southeast Asia
- ▸Tracking technology firms argue verification enables larger, faster exports to compliant nations; the Semiconductor Industry Association opposes untested on-chip mandates
Summary
The Chip Security Act (H.R. 3447/S.1705) requires US exporters to embed location verification mechanisms into all export-controlled AI chips within 180 days of enactment, according to analysis of the bill that cleared a House Foreign Affairs Committee vote 42-0 in March 2026. The law mandates reporting when chips deviate from licensed locations and empowers Commerce and Defense to study additional monitoring methods, including workload verification that would require foreign operators to disclose what tasks they're running on American silicon. The bill leaves implementation flexible—software pings, firmware checks, and hardware-based solutions all qualify, but prohibits performance-hindering measures like kill switches or geofencing.
The policy stems directly from a congressional investigation finding that DeepSeek built its models on roughly 60,000 restricted NVIDIA chips, many diverted through smuggling networks operating in Thailand and Malaysia. The Justice Department has since charged alleged smugglers, but the Biden administration concluded export controls alone couldn't prevent diversion. The Semiconductor Industry Association opposes the mandate as technically infeasible and risky, while six tracking-technology firms—including GeoComply—publicly backed it in June, arguing that verified compliance would actually accelerate shipments to trusted allies and expand market access.
The bill affects not only chipmakers but any organization operating restricted US silicon abroad, including European data centers running NVIDIA hardware. Congressional Budget Office estimates put enforcement costs at $12 million over five years.
- The law prohibits kill switches and geofencing but permits flexible methods: software pings, firmware checks, and hardware solutions all qualify
- European data center operators and international customers using US AI chips will face new reporting and compliance requirements



