Chip Photo: VCG

Nvidia CEO Jensen Huang reportedly said on Wednesday there is a "real possibility" the company could bring its advanced Blackwell processor to China as he urges the US government to open up access for American chipmakers. Huang's remarks underscore the importance of the vast Chinese market for the US company, but the urgent problem for Nvidia to sell whether Blackwell or H20 chips to China ultimately hinges on addressing concerns about potential "backdoor" in its products.

Chips, as the cornerstone of modern technology, have drawn global attention to their security and reliability. In July, China's cyberspace regulator summoned US tech giant Nvidia over security risks linked to its H20 artificial intelligence (AI) chips sold to China.

The company was asked to provide explanations and submit supporting evidence. This is aimed at safeguarding cyberspace and data security for Chinese users in line with laws on network and data security and personal information protection, according to the Cyberspace Administration of China (CAC).

The CAC's move is very necessary. Nvidia chips are widely used in China with potential extensive risk exposure, and this is a necessary move to take proactive measures to control risks and maintain safety.

On the one hand, Nvidia's computing chips such as the H20 are extensively used in China's AI research and development and big data processing - from AI model training by domestic internet firms to computational support by research institutions. If vulnerabilities or backdoors exist in these chips, sensitive data and operations across a large number of domestic enterprises and institutions would face threats.

On the other hand, the move also reflects China's fulfillment of its regulatory responsibilities. Relevant Chinese government agency shoulders the responsibility of maintaining the safety of cyberspace and critical information infrastructure. For chips with explicit security risks, proactively summoning companies and mandating their rectification - including patching vulnerabilities and committing to eliminating backdoors - serves as a critical safeguard for domestic users, effectively preventing risks from materializing.

A chip functions like "a mini-factory for data processing." For instance, smartphone chips handle image and voice, automotive chips control the engine, home appliance chips regulate operational modes, and AI large language model chips perform complex computation and reasoning.

"Backdoor" in a chip is like a hidden pathway deliberately left by chipmakers, allowing unauthorized parties to silently control or steal information.

How are backdoors embedded?

Given current advancements in chip design and manufacturing technologies, embedding backdoors in chips is not only feasible but can also be done with extreme subtlety. Such backdoors remain undetectable unless subjected to targeted in-depth analysis. That's why the authorities must proactively summon relevant companies to mitigate potential risks at the source.

Generally, there are two ways to embed "backdoors" in chips. First, chipmakers may insert "hidden circuits" in hardware. Chips contain billions of transistors. During chip design, chipmakers can stealthily embed a section of "special circuit," that remains inactive under normal conditions but activates when triggered by specific "secret commands" - for example enabling unauthorized access to core data zones.

Because chip circuits are extremely tiny, such "special circuits" are very difficult to detect with conventional methods. Advanced detection requires disassembling the chip and analyzing it layer-by-layer with electron microscopes - a capability beyond most enterprises' reach.

Second, chipmakers may embed "hidden code" in supporting firmware. This code is invisible in standard program listings but can receive covert external commands, for example through network, to execute data theft or chip manipulation operations. For example, a piece of code may be disguised as a "normal bug-fixing program," while secretly copying data processed by the chip and transmitting it over a network. Such firmware-level backdoors are even harder to detect, as conventional antivirus software fails to identify them.

US tech hegemony

In May 2025, US lawmakers from both parties introduced the Chip Security Act, seeking to require any covered integrated circuit product to be outfitted with chip security mechanisms that implement location verification.

In July, the White House released its so-called AI Action Plan, which recommended that US authorities, in collaboration with industry, "explore leveraging new and existing location verification features on advanced AI compute to ensure that the chips are not in countries of concern."

Through such policies, the US aims to transform semiconductors into a surveillance and control tool under the guise of "chip security," and its main purpose is to maintain its own tech hegemony rather than genuine security concerns.

For users in other countries, there are potential risks of "trackers" being installed on their own computing systems if they adopt US-covered chips. Under these policies, the US can leverage location verification and location tracking technologies to monitor chip deployment locations - for example in a corporate server or critical infrastructure - and even obtain data processed by the chip. In this way, users are left being trapped in a dilemma: use US chips and risk surveillance, or abandon them and face supply outage.

For the global semiconductor industry, such practices disrupt international collaboration and fuel bloc-based fragmentation. The chip supply is built on interdependence - Dutch company ASML's lithography machines, Japanese materials, and Chinese packaging and testing form critical links. By mandating tracking mechanisms for restricted chips, the US forces companies along the supply chain to choose sides: complying with the US' demand but risks losing trust from other markets or resisting the US' demand which may risk losing the US market or technical support. This "hegemonic control" shifts the global chip supply chain from being market-driven to being politically weaponized.

Moreover, such US actions will inevitably hinder technology sharing and deepen a technological cold war. By integrating tracking mechanisms into AI chips under the AI action plan, the US aims to strangle other countries' advancements in AI and computing power through chip control. Over time, this coercion could force nations to abandon US chips, erect technological barriers, and move from global knowledge sharing to isolated innovation silos, ultimately slowing humanity's collective technological progress.

In the face of US tech hegemony, how can China strengthen its technological self-reliance and enhance chip security? Efforts should be made in four aspects, including focus on striving for breakthroughs in chokepoint technologies to bridge critical gaps in core segments, building self-sufficient industrial chains to reduce external dependency, tightening supervision and standards, and expanding international cooperation.

The author is an associate professor at Beijing Institute of Technology and currently the director of the Institute of Computer Network Attack and Defense.