June 25, 2025

Beyond Bans: Expanding the Policy Options for Tech-Security Threats

By: Geoffrey Gertz

In early April, President Trump granted TikTok another 75-day reprieve from its threatened ban in the United States. It is but the latest twist in a five-year, administration-spanning saga, in which the U.S. government has repeatedly threatened to ban the Chinese-owned app from the U.S. market if it is not sold to non-Chinese buyers—but has never followed through on such ultimatums.

While the TikTok case has some unique challenges, it is part of a broader trend of using bans to address national security risks associated with Chinese technology in the United States. After Chinese company DeepSeek released an innovative new AI model, members of Congress were quick to initiate a conversation about whether to ban DeepSeek in the United States. The government has already announced measures to ban certain connected vehicles from China and is working on similar restrictions for Chinese drones; reports suggest certain Chinese routers could also be banned. Beyond China, the last administration also banned the Russian antivirus provider Kaspersky—another example of how the government is using national security authorities in the tech supply chain.

Stuck between a rock (the fact that banning all Chinese tech that poses a risk is expensive and impractical) and a hard place (the fact that many existing mitigation proposals are inadequate), what are policymakers to do?

There are plenty of real national security issues posed by technology from China and other foreign adversary countries across various elements of U.S. industries and tech supply chains. Such risks range from espionage, to “prepositioning” of malware (quietly putting malicious code in place that can be activated later), to increased leverage over U.S. supply chains, including for the defense industrial base. To better address this policy problem, however, the United States urgently needs to build policy toolkits—and policy muscles—beyond bans. Policy discourse about how to mitigate national security risks from a specific technology, such as a Chinese AI model or mobile app, all too often results in reductive conversations about whether or not to ban such technology. But this dichotomy leaves policymakers with an unappealing choice: Either ban any technology that poses a risk, or—if unwilling to follow through with an action as dramatic and costly as a ban—do nothing, and leave the American public exposed to potential national security risks as a result.

American policymakers need a spectrum of responses to foreign technology risks that appropriately balance trade-offs in economic costs; Americans’ access to online services; supply chain entanglement; transparency; domestic imperatives like privacy and civil liberties; and the ability to convince allies and partners to act alongside the United States, where relevant. Such a toolkit—encompassing technical, governance, and commercial mitigation measures—at present often comes up short of a robust, comprehensive approach to contemporary tech supply chain and national security risks, leaving the U.S. vulnerable and policymakers without more tailored options to act on potential threats.

Read the full article on Lawfare.

More from CNAS

View All Reports View All Articles & Multimedia