Today, a story about Nvidia's H20 chip is blowing up all over Chinese social media. China's top cyber regulator, the Cyberspace Administration of China (CAC), summoned (约谈) Nvidia for a talk about "security risks from vulnerabilities and backdoors in the H20 computing chip."

Cyberspace Administration of China Summons Nvidia Over Security Risks from Vulnerabilities and Backdoors in H20 Computing Chip

Recently, Nvidia's computing chips have been exposed for having serious security issues. Earlier, US lawmakers called for advanced chips exported from the US to include "tracking and location" features. Experts in the US AI field revealed that Nvidia's "tracking and location" and "remote shutdown" technologies for computing chips are already mature. To protect Chinese users' cybersecurity and data security, in accordance with relevant provisions of the Cybersecurity Law, Data Security Law, and Personal Information Protection Law, the Cyberspace Administration of China summoned Nvidia on July 31, 2025, requiring the company to explain the security risks from vulnerabilities and backdoors in the H20 computing chips sold to China and submit relevant supporting materials.

The Chinese local media Southern Metropolis Daily emailed Nvidia seeking a response on the matter. A Nvidia spokesperson replied via email to the reporter on the evening of July 31, stating that cybersecurity is of utmost importance, and "there are no 'backdoors' in Nvidia's chips, nor do they provide any means for remote access or control by anyone."

Under Chinese law, a "summons" itself is typically not considered an administrative penalty. Right now, it's mainly CAC fulfilling its duties under the Cybersecurity Law, Data Security Law, and Personal Information Protection Law:

• Cybersecurity Law, Article 56: Relevant departments of people's governments at or above the provincial level, in performing their cybersecurity supervision and management duties, upon discovering significant security risks in networks or the occurrence of security incidents, may, in accordance with prescribed authorities and procedures, summon the legal representative or principal responsible person of the network operator. The network operator shall take measures as required, rectify the situation, and eliminate hidden dangers.

• Data Security Law, Article 44: Relevant competent departments, in performing their data security supervision duties, upon discovering significant security risks in data processing activities, may, in accordance with prescribed authorities and procedures, summon the relevant organizations or individuals, and require them to take measures to rectify the situation and eliminate hidden dangers.

• Personal Information Protection Law, Article 64: Departments responsible for personal information protection, in performing their duties, upon discovering significant risks in personal information processing activities or the occurrence of personal information security incidents, may, in accordance with prescribed authorities and procedures, summon the legal representative or principal responsible person of the personal information processor, or require the processor to entrust a professional institution to conduct a compliance audit of its personal information processing activities. The personal information processor shall take measures as required, rectify the situation, and eliminate hidden dangers.

If it's just the above violations, Nvidia's penalties won't be too severe: up to 100,000 yuan for individuals and up to 500,000 yuan for companies.

According to Article 60 of the Cybersecurity Law, for "failing to immediately take remedial measures for security defects, vulnerabilities, and other risks in their products or services, or failing to promptly inform users and report to relevant competent departments as required," the relevant competent departments shall order rectification and issue a warning; if rectification is refused or it leads to consequences such as harming cybersecurity, a fine of between 50,000 yuan and 500,000 yuan shall be imposed, and the directly responsible supervisory personnel shall be fined between 10,000 yuan and 100,000 yuan.

But this news might already be enough to cast a shadow over Nvidia and the H20's prospects in China, as it could be a precursor to a cybersecurity review of Nvidia, potentially leading to huge uncertainty in sales of the H20—which Nvidia fought hard to get unbanned—in China.

If a formal review process is launched and it results in a failure (like in the Micron case), China's "critical information infrastructure operators" (mainly government agencies and state-owned enterprises) won't be able to purchase the H20 anymore. Private companies might also think twice about buying or using it due to worries over cybersecurity and supply chain disruption risks.

For Nvidia, the temporary good news is that the company is only being asked to explain the security risks from vulnerabilities and backdoors in H20 chips sold to China and submit supporting materials. Given the recent thaw in US-China relations amid trade talks, the company still has a decent chance of convincing CAC.

The most interesting part of this investigation—and what's different from before—is that CAC's key reason for getting involved is the chip location verification measures the US government is brewing and pushing. In March 2025, the US Congress introduced the "Chips Security Act," aimed at adding location verification features to controlled GPU chips produced by companies like Nvidia, to track and crack down on chip diversion and smuggling to China.

Last week's "AI Action Plan" also explicitly stated that the US will study chip location verification features.

Strengthen AI Compute Export Control Enforcement
Advanced AI compute is essential to the AI era, enabling both economic dynamism and novel military capabilities. Denying our foreign adversaries access to this resource, then, is a matter of both geostrategic competition and national security.
Therefore, we should pursue creative approaches to export control enforcement. Recommended Policy Actions:

• Led by DOC, OSTP, and NSC in collaboration with industry, explore leveraging new and existing location verification features on advanced AI compute to ensure that the chips are not in countries of concern.

This has sparked a lot of attention in China and raised concerns about potential cybersecurity risks. On July 21, China's Ministry of State Security posted a warning on its official WeChat account:

Some chips, smart devices, or software produced abroad might have "backdoors" deliberately embedded during design and manufacturing. Manufacturers could remotely control the devices via specific signals, such as automatically turning on cameras or microphones, or commanding the background to collect specified data and send it back.

The article suggested that

key confidential positions could use domestically developed controllable chips and domestic operating systems to avoid risks from foreign software and hardware backdoors. It also recommended strengthening technical defenses, like developing patch strategies, regularly updating operating systems, checking device logs periodically, and monitoring abnormal traffic to reduce potential technical backdoor security risks.

Attitudes in China toward the H20 unbanning are pretty mixed. I explained it in an article. After Bessent and Lutnick publicly called the H20 a "fourth-generation" chip that's not advanced and said unbanning it could help curb Huawei's growth in the Chinese market, skepticism about the H20 in China has spiked. China's Ministry of Commerce (MOFCOM) recently flat-out denied that the H20 was unbanned at China's request.

Since the Chinese government established the cybersecurity review system in April 2020, two US companies have been hit hard, both chip firms. For friends interested in China's cybersecurity review system and its enforcement history, I highly recommend this article.

The first one, and the most substantive to go through the full review process, was US memory chip giant Micron.

On March 31, 2023, the CAC announced initiating a cybersecurity review of Micron, a U.S. memory chip giant, to "ensure the security of the critical information infrastructure supply chain, prevent potential product vulnerabilities from causing cybersecurity risks, and safeguard national security."

On May 21, the CAC ruled that Micron had failed to pass the cybersecurity review. This quickly triggered a trust crisis in China regarding Micron products. Some Chinese companies classified as CIIOs were forced to sever ties with Micron and remove its chips and other products from their supply chains. Even non-CIIO Chinese companies became highly cautious in their dealings with Micron, which significantly impacted Micron's revenue in China and led to direct negotiations between U.S. Senate Majority Leader Chuck Schumer, U.S. Secretary of Commerce Gina Raimondo, and the Chinese government.

The second one is Intel, but it was only called for a cybersecurity review by a Chinese official-backed cybersecurity association— the Chinese government hasn't taken any substantial action so far.

Cybersecurity reviews come in two forms: One is voluntary declaration by companies, specifically, "network platform operators handling personal information of more than 1 million users going public abroad" must declare a cybersecurity review to CAC's Cybersecurity Review Office.

The other is proactive review by the Cybersecurity Review Office, where member units of the cybersecurity review mechanism (including 13 ministries like NDRC, Ministry of Public Security, Ministry of State Security) believe that network products, services, or data processing activities affect or may affect national security; the Cybersecurity Review Office reports to the Central Cyberspace Affairs Commission for approval before launching the review.

To be clear, Nvidia is currently only facing the threat of a Chinese cybersecurity review but hasn't entered the substantive review process. Chinese officials haven't uttered the words "cybersecurity review" yet, and the current CAC summons is based on the Cybersecurity Law, Data Security Law, and Personal Information Protection Law. But if the US keeps pushing chip location verification measures like those in the Chips Security Act, and Nvidia fails to convince CAC, the chances of a formal review being launched against it remain high.