US Senators Push to Geotrack High-End GPUs in New Chip Security Bill
US lawmakers are moving forward with a proposal requiring high-performance graphics cards and AI processors to carry built-in geotracking technology to keep sensitive chips out of hostile hands. Senator Tom Cotton of Arkansas introduced the Chip Security Act on May 12, 2025. Under this legislation, the Commerce Department would have the authority to mandate location-verification features in any device subject to US export controls, with manufacturers given six months after enactment to comply. The bill applies to a broad set of products classified under export control classification numbers 3A090, 4A090, 4A003.z, and 3A001.z. That includes everything from advanced AI accelerators and rack-scale servers to certain gaming graphics cards like NVIDIA's GeForce RTX 5090. Manufacturers would be required to embed hardware or firmware capable of reporting each device's physical location back to a centralized registry maintained by the Commerce Department.
Exporters must also notify the Bureau of Industry and Security immediately if a unit is diverted, tampered with, or appears at an unauthorized location. To keep pace with evolving security threats, the legislation calls for a joint one-year study by the Commerce Department and the Department of Defense on potential new tracking and safeguard mechanisms. Following that, the two departments would conduct annual reviews for three years. If they determine that additional measures are warranted, they would have two years to draft and finalize rules that outline new requirements and present a detailed implementation roadmap to Congress. NVIDIA has noted that its current architectures are not built for post-sale tracking, and adding such a capability could delay product launch schedules and increase development costs. AMD and Intel are likely to face similar obstacles, as integrating secure location-verification may require redesigning sensitive intellectual property and altering established supply-chain processes.
Exporters must also notify the Bureau of Industry and Security immediately if a unit is diverted, tampered with, or appears at an unauthorized location. To keep pace with evolving security threats, the legislation calls for a joint one-year study by the Commerce Department and the Department of Defense on potential new tracking and safeguard mechanisms. Following that, the two departments would conduct annual reviews for three years. If they determine that additional measures are warranted, they would have two years to draft and finalize rules that outline new requirements and present a detailed implementation roadmap to Congress. NVIDIA has noted that its current architectures are not built for post-sale tracking, and adding such a capability could delay product launch schedules and increase development costs. AMD and Intel are likely to face similar obstacles, as integrating secure location-verification may require redesigning sensitive intellectual property and altering established supply-chain processes.