Almost everyone agrees that the United States should take steps to ensure that its most advanced technologies do not fall into the wrong hands. As artificial intelligence (AI) transforms economies, militaries, and societies around the world, policymakers have a responsibility to prevent America’s most sophisticated computing capabilities from being used by adversaries to undermine U.S. national security interests. The challenge is not whether to act but how to do so effectively. As Congress considers a series of new proposals targeting advanced AI chips and computing infrastructure, lawmakers must ensure they get export controls right.
The stakes are particularly high as Congress begins work on the National Defense Authorization Act (NDAA), which has increasingly become a vehicle for export control and technology security proposals. Decisions made during this year’s NDAA process could shape the future of U.S. semiconductor policy, AI infrastructure, and technology competition for years to come. As lawmakers consider proposals addressing advanced AI chips, cloud computing, and related technologies, they should carefully distinguish between measures that meaningfully strengthen national security and those that create new compliance burdens without materially improving enforcement outcomes.
Export controls are among the most powerful economic and national security tools available to the United States. When carefully designed, they can protect sensitive technologies, limit military applications by adversaries, and preserve America’s strategic advantages. But getting export control policy right is not simply a matter of restricting more technology. It requires advancing national security without undermining the economic and technological strengths that make those controls effective in the first place. That is why Congress should approach new export control measures with caution. While many of the proposals currently under consideration are motivated by legitimate national security concerns, they risk creating unintended consequences that could weaken America’s technological leadership, harm U.S. companies, accelerate China’s drive for self-sufficiency, and ultimately make export controls less effective over time.
Consider the Chip Security Act. While well-intentioned, the bill could create significant implementation challenges by requiring advanced AI chips to include location-tracking mechanisms. That could raise costs for U.S. companies, consumers, and small businesses, while creating new privacy and security concerns. Policymakers should avoid requirements that make American technology less competitive globally.
The same issues apply to proposals such as the AI Overwatch Act and the Remote Access Security Act.Both seek to address concerns that advanced computing capabilities could be accessed remotely from restricted jurisdictions. Preventing circumvention is a worthwhile objective, but these broad proposals raise difficult questions about how such restrictions would work in practice. Requiring cloud providers to verify users, determine geographic locations, monitor access, and enforce restrictions across complex global networks would be technically challenging and difficult to implement at scale, particularly given the challenges of accurately identifying end users, preventing spoofing and other evasion tactics, and distinguishing legitimate activity from prohibited conduct. The resulting operational burdens could create legal uncertainty, hinder services provided to trusted allies and partners, and divert resources from higher-value security and enforcement efforts. Congress should focus on solutions that are more narrowly tailored to address high-risk use cases and that are technically feasible, enforceable, and capable of delivering measurable national security benefits.
More importantly, Congress should recognize the limits of export controls as a long-term strategy. Export controls can slow adversaries, but they cannot substitute for innovation. While semiconductor restrictions may temporarily delay China’s technological progress, they also create incentives for Beijing to accelerate domestic innovation and reduce dependence on American technology. Indeed, China’s response to semiconductor export controls has included enormous investments in domestic chip manufacturing, semiconductor equipment, AI accelerators, and alternative technology ecosystems. Chinese officials and industry leaders have openly acknowledged that U.S. restrictions have accelerated efforts to develop indigenous alternatives. While this does not mean export controls are ineffective, it does underscore the importance of using them strategically and avoiding measures that unnecessarily encourage technological decoupling.
Fortunately, Congress does not need to start from scratch. Over the last several years, the Department of Commerce’s Bureau of Industry and Security (BIS) has implemented extensive controls governing advanced semiconductors, semiconductor manufacturing equipment, AI-related computing capabilities, and other critical technologies. The challenge today is not a lack of authority but ensuring those authorities are effectively enforced.
This is why Congress should focus on strengthening what already exists rather than layering new mandates onto an increasingly complex regulatory framework. BIS already possesses substantial authorities to regulate advanced semiconductor exports. What it needs are additional resources to execute those authorities effectively. Congress should provide BIS with increased funding, additional technical expertise, modernized enforcement tools, and enhanced intelligence-sharing capabilities. Bills such as the BIS STRENGTH Act and the Strengthening Export Controls Compliance Act would enable BIS to carry out its mandate and ensure export controls are being effectively implemented. Lawmakers should also strengthen efforts to identify and disrupt evasion networks, improve coordination with allies, and ensure meaningful penalties for actors that knowingly violate export controls.
History shows that export controls are most successful when they are targeted, enforceable, and coordinated with allies. They are less effective when they attempt to monitor every potential use case, impose significant burdens on legitimate users, or create incentives for foreign governments and companies to reduce reliance on American technology. Congress should therefore evaluate new proposals not on whether they increase restrictions, but on whether they actually advance U.S. national security objectives. More restriction does not automatically mean more security.
Rather than creating new mandates, the more pressing challenge is ensuring existing controls are effectively enforced. Congress can make the greatest contribution by providing BIS with the resources, technical expertise, and enforcement capabilities necessary to identify evasion, coordinate with allies, and address genuine vulnerabilities as they arise. A well-resourced and agile enforcement regime will do more to protect U.S. national security than layering new compliance obligations onto companies already operating under extensive regulations.
America’s advantage has never come solely from restricting technology. It comes from leading the world in developing it, deploying it, and setting the global standard for it. Congress should ensure that export control policy strengthens that advantage rather than inadvertently weakening it.