Why Tracking The Location Of AI Chips Is a Mirage — and a Risk

A new bipartisan legislative proposal led by the House Select Committee on China aims to track the physical location of every advanced artificial intelligence chip, with the goal of preventing them from falling into the hands of adversaries like Beijing. While the Chip Security Act sounds like a sharp response to a real problem involving export control evasion and technology diversion, it is not currently a viable solution, and even more concerning, it risks doing more harm than good.

Compounding the issue, the proposal arrives at a moment when the US is entering an era of transactional, bilateral AI diffusion diplomacy. In light of recent deals between American tech and Gulf state sovereign funds to build AI data centers and chip infrastructure, the rules of engagement around AI exports are shifting rapidly. With the Biden administration’s AI diffusion rule no longer in effect, this bill attempts to address a national security concern that is no longer governed by clear, multilateral standards. Yet the solution being proposed does not match the complexity nor the technical realities of how chips are built, deployed, or moved.

The bill would require the Commerce Department to create a verified location-tracking system for advanced chips subject to export controls and would mandate that chipmakers report suspected diversions. This effort follows high-profile revelations about China’s DeepSeek AI model, which was reportedly trained using tens of thousands of restricted US chips. Lawmakers have grown increasingly frustrated by the rise of shell companies and smuggling operations that evade US export controls.

The intent behind the legislation is understandable. However, the approach it takes creates more problems than it solves.

First, real-time location tracking of chips is simply not feasible at scale. Chips are embedded within devices that are then installed in servers, often in opaque or multilayered infrastructure environments. A chip’s location is only meaningful in context. For example, if a GPU is inside a server in Singapore, it could be running regional cloud services for a US company or be part of a training cluster controlled by an intermediary with ties to China. Attempting to derive meaningful national security insights from hardware geolocation data would require vast infrastructure, reliable international cooperation, and intensive verification protocols. That level of control does not exist in today’s global tech ecosystem.

Second, any system designed to track chip locations would become an immediate cybersecurity vulnerability. Embedding chips with location beacons, GPS components, or “call home” features would expose them to spoofing, manipulation, or even targeted attacks. Even simple geolocation pings can be routed through proxy networks or disabled with relative ease. The result could be the creation of a global digital footprint that does more to broadcast sensitive locations than to protect them. In the name of national security, we could be opening the door to new threats.

Third, the burden of compliance would fall heavily on responsible US companies while doing little to disrupt the behavior of bad actors. Sophisticated networks already exist to obscure end users and resell restricted chips through third countries and complex financing arrangements. Meanwhile, legitimate firms would be forced to spend time and money implementing unproven tracking systems, navigating regulatory ambiguity, and reporting false positives. This would amount to regulatory theater, not effective enforcement.

Export controls remain essential. But meaningful enforcement depends on visibility into supply chains, stronger international coordination, and better end-use verification mechanisms.

Congress should focus on strategies that track value, behavior, and intent — such as monitoring who is acquiring high-end chips, how they are being used, and whether end users pose diversion risks — rather than attempting to impose a geofence on hardware that is fundamentally designed to be modular and mobile.

If the US is serious about preventing adversaries from accessing its most advanced AI chips, the right tools are already on the table. These include smarter customer vetting, tighter oversight of resellers, more robust cloud infrastructure monitoring, and coordinated diplomacy with allies to prevent rerouting through permissive jurisdictions.

Location-tracking chips may sound tough, but the reality is far more fragile. This approach risks creating new vulnerabilities, imposing major costs on trusted US firms, and doing little to stop the next DeepSeek. Congress should be focused on export enforcement tools that reflect how the modern AI stack actually works, not chasing the illusion that hardware can be pinned down with a map.