Welcome to the CAVEAT Weekly Newsletter, where we break down some of the major developments and happenings occurring worldwide when discussing cybersecurity, privacy, digital surveillance, and technology policy.
At 1,550 words, this briefing is about a 7-minute read.
At a Glance.
- Proposed law aims to crack down on chip smuggling.
- Proposed 2026 budget slashes CISA budget.
House lawmaker aims to crack down on semiconductor chip smuggling.
The news.
On Monday, United States (US) Representative Bill Foster announced plans to introduce legislation to curb semiconductor chip smuggling. More specifically, the bill has two key elements.
- To track advanced semiconductor chips to ensure they are being used where authorized.
- To prevent chips from being used if they are not properly licensed under export controls.
Representative Foster announced that this bill would help ensure that already imposed export restrictions are not being circumvented through illegal smuggling activities, which he believes are occurring on a large scale. When detailing this bill, Representative Foster noted how the technology to track these chips is already readily available, and at times is already built into advanced chips making enforcement feasible.
In a statement, Representative Foster warned that this “is a problem now, and at some point, we’re going to discover that the Chinese Communist Party, or their military, is busy designing weapons using large arrays of chips, or even just working on [artificial intelligence (AI)], which is as immediate as nuclear technology.”
If this bill were to be signed into law, it would require the US Department of Commerce to design new regulations mandating this tracking technology within six months.
The knowledge.
This move builds on years of bipartisan efforts to limit China’s access to the US’s advanced semiconductor chips. Under the former Biden administration, his most notable restrictions came at the end of his term when he proposed a new framework for exporting advanced semiconductor chips. The Framework for AI Diffusion was created to impose export restrictions on dozens of nations, establish new exporting licenses, and establish a three-tiered system that would determine how many graphic processing units various countries could purchase. While the framework was only introduced under former President Biden, the document's 120-day comment period is drawing to a close and is set to go into effect on May 15th.
Despite the framework drawing notable protest from technology companies, the Trump administration has made no signals that suggest they plan to halt its implementation. While there have been reports that the administration is considering changes, such as the removal of the framework’s three-tiered system, these changes have not been confirmed and are largely still under consideration.
Furthermore, support has already emerged from both sides of the aisle to support this latest bill. Democratic Representative Raja Krishnamoorthi, the ranking member of the House Select Committee on China, stated “on-chip location verification is one creative solution we should explore to stop this smuggling.” Additionally, Republican Representative John Moolenaar, the chair of the same committee, stated that “the Select Committee has strong bipartisan support for requiring companies like Nvidia to build location-tracking into their high-powered AI chips - and the technology to do it already exists.”
Given the bipartisan support that already exists for this bill, as well as the numerous actions taken by various administrations it is likely that these efforts to control chip exports will only continue to grow as the race for more advanced AI continues.
The impact.
As Representative Foster plans to introduce this bill in the coming weeks, this effort represents another step in the US’s efforts to both restrict China’s access to advanced semiconductor chips and ensure that the nation maintains its competitive edge. Regardless of whether President Trump implements the Framework for AI Diffusion, the conversation surrounding chip smuggling will only continue to gain traction and will be addressed given the past actions that have already been taken to restrict access and the messaging that is surrounding this issue.
While this bill will take at least six months to take effect, companies involved in both producing and distributing these chips should monitor this effort closely. By tracking the progress of this law and the Department of Commerce’s potential regulations, organizations can understand what will be required of them and minimize any potential disruptions.
Trump’s 2026 budget proposes substantial cuts to CISA.
The news.
Last Friday, President Trump proposed his 2026 budget, which would cut $163 billion from the federal budget. While the proposed budget does request increased funding for defense initiatives and border security, the proposed budget would notably cut support for the Cybersecurity and Infrastructure Security Agency (CISA).
These cuts would slash $491 million from CISA’s budget, which roughly equates to seventeen percent. More specifically, these cuts would reduce support for the agency’s disinformation and misinformation programs, consolidate “redundant security advisors and programs,” and reduce programs that are “duplicative” between the state and federal levels. Regarding these cuts, the budget summary states:
“The budget refocuses CISA on its core mission - Federal network defense and enhancing the security and resilience of critical infrastructure - while eliminating weaponization and waste.”
The knowledge.
While this proposed budget has only just been introduced and will likely face numerous changes and revisions over the coming months, these cuts are in line with President Trump’s efforts to reduce the federal government’s role.
For example, in April, reports emerged that the White House was planning on removing around 1,300 people from CISA by cutting roughly half of the agency's workforce and roughly forty percent of the agency's contractors. These personal cuts notably impacted the agency’s major threat-hunting team. Outside of reducing the agency's staff, the administration also issued a memorandum. This memorandum included “a comprehensive review of all of CISA’s activities over the last six years.”
This dramatic reduction in CISA’s support is representative of the administration’s broader National Resilience Strategy. For context, this strategy involves not only reviewing numerous federal policies and memorandums related to resilience but also transferring the responsibility for managing these programs to state and local governments instead. This strategy is centered around the philosophy that “when States are empowered to make smart infrastructure choices, taxpayers benefit.”
The impact.
Given the Trump administration’s policy goals to transfer many responsibilities to state and local governments, these proposed budget cuts are not inherently surprising. While it is unlikely that these cuts will be implemented as proposed and will likely not be as severe, this proposal is reflective of the administration’s goals to reduce CISA’s role and responsibilities.
As federal lawmakers look to establish and outline 2026’s budget, security organizations and groups that work with CISA should monitor the various proposals. By understanding what the proposed budget will entail and what programs will be impacted, groups will be able to better account for these changes and mitigate any negative impacts. Furthermore, as CISA’s federal leadership role continues to be reduced, state governments should be prepared to increase their support for cybersecurity and critical infrastructure initiatives.
Highlighting key conversations.
In this week’s Caveat Podcast, our team discussed the Take It Down Act, which was recently passed by Congress. For context, the bill centers around criminalizing publishing nonconsensual intimate imagery and requiring platforms to remove the content within forty-eight hours of reporting. During this conversation, our team looks at both the arguments for and against the bill as well as the impacts the law will have.
Like what you read, and curious about the conversation? Head over to the Caveat Podcast for the full scoop and additional compelling insights. Our Caveat Podcast is a weekly show where we discuss topics related to surveillance, digital privacy, cybersecurity law, and policy. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you.
Other noteworthy stories.
TikTok fined $600 million for China data transfers.
What: A European Union (EU) privacy watchdog fined TikTok 530 million Euros.
Why: On Friday, Ireland’s Data Protection Commission (DPC) fined TikTok after concluding a four-year investigation. Alongside fining TikTok, the DPC also sanctioned the social media platform for its lack of transparency to users regarding where their data was being sent. Lastly, the DPC ordered the company to become compliant with EU law within six months.
With this ruling, Deputy Commissioner Graham Doyle stated, “TikTok failed to verify, guarantee, and demonstrate that the personal data of [European] users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU.”
Trump signals he may extend TikTok ban pause again.
What: President Trump states he is willing to further extend the pause on banning TikTok.
Why: On Sunday, President Trump stated that he would continue extending the deadline on TikTok’s ban if no deal could be made regarding its sale. For context, this ban came about after Congress passed and former President Biden signed into law the “TikTok ban” bill. This bill mandated that ByteDance, TikTok’s parent company, divest from the social media platform within a set time frame. Despite not selling before reaching this deadline, President Trump signed an Executive Order that extended the deadline to potentially negotiate a deal.
If extended again, this would mark the third time that President Trump would push the ban deadline. The previous deadline pauses came at the beginning of President Trump’s term as well as in early April and each lasted seventy-five days. The current extension is set to expire on June 19th.