The end of 2022 brought good news for those working to keep Americans safe from Chinese tech threats: the federal government banned TikTok on federal government devices, and several state governments did the same. Most importantly, the Bureau of Industry and Security (BIS) added Yangtze Memory Technologies (YMTC) and 35 other Chinese entities to the Entity List, depriving them of American technologies that will almost find their way into the hands of the Chinese military.
This major listing isn’t just a needed national security action – it sets a new standard for how BIS should approach Chinese tech companies. There is no doubt Under Secretary Alan Estevez and his team put loads of work into the process, and learned lessons along the way. Having a more clearly established operating model and legal standard should give BIS new abilities to move more quickly to address threats, including other Chinese-owned companies like CXMT (which should be considered for the Unverified List and ultimately the Entity List) and SMIC (which may be on the Entity List but the restrictions surrounding it have not proven to be as effective). The goal for 2023 should be to focus on further refining and standardizing how BIS makes Entity List designations – and then using that knowledge to take new actions against China’s “bellwether semiconductor firms” and others.
There is also an opportunity for BIS to work with Congress to harness the bipartisan support for restricting Chinese semiconductor companies that emerged in 2022. Last year, Senators Chuck Schumer and John Cornyn led the charge to expand Section 889 of the NDAA to ban the federal government from using chips from leading Chinese chipmakers SMIC, YMTC, and CXMT. A version of that amendment passed, but there is more to do to make sure federal contractors’ equipment using Chinese chips is kept away from federal IT systems. As Senator Schumer has said, “We need to stay tough on the Chinese government and its actions.”
BIS has laid a strong foundation which it and Congress can use as a new standard for action against Chinese tech threats. There is plenty of room to refine the criteria and process for an Entity List designation and close loopholes. Here’s to hoping all involved seize the opportunity – and produce more good news in 2023.