National security concerns are tightening procurement rules under Section 5949, set to take effect in 2027, restricting certain Chinese-made semiconductors.
Aerospace and defense (A&D) companies are digging deeper into their global semiconductor supply chains. What they’re finding is limited visibility, potentially putting programs and production at risk.
“Each step may involve subcontractors the OEM never sees,” president of Pinnacle Supply Chain Solution and former U.S. A&D supply chain executive Jim Handel said. “By the time a chip reaches an A&D prime contractor, it may have passed through five to seven companies, seven to ten countries, and more than 70 borders.”
A single chip may be designed in one country, fabricated in another, packaged and tested in a third, and distributed across multiple intermediaries before reaching a defense contractor — often with limited sourcing visibility at each step.
The shift is driven in part by Section 5949 of the National Defense Authorization Act (FY2023), which restricts certain Chinese-made semiconductors and requires contractors to verify component origin.
Unlike mechanical parts, semiconductors can be compromised in ways that are difficult to detect, including malicious hardware that can expose data or disrupt systems. This makes chip origin a national security issue, not just a supply chain one.
If a part’s origin cannot be verified, many U.S. defense companies act immediately — halting production and redesigning systems.
Parts linked to restricted or high-risk suppliers are typically quarantined and removed from production while teams investigate sourcing data and verify origin. If sourced through a distributor, teams trace the part back to the original manufacturer to determine where it was made and processed, Handel added.
In many cases, that inventory cannot be returned. Semiconductor components are often purchased under non-cancelable, non-returnable (NCNR) terms, leaving companies with stranded parts and sunk costs.
If a compliant alternative exists, teams can switch suppliers. But for some specialized components, substitutes are unavailable — leaving companies to redesign or seek waivers.
“That’s when things got really complicated…You can only imagine the challenges of redesigning a product, a whole board assembly, around some other company’s part,” Handel said.
The risk of replacement depends on when the issue is discovered in production. Once a component is soldered onto a circuit board and integrated into a system, removal requires rework and requalification.
Handel describes these as “points of no return.” After environmental and performance certification, replacing a part can trigger full recertification cycles for the entire product costing millions of dollars and multiple weeks of delay. Once production is underway, changes can halt manufacturing while new parts are qualified, resulting in delayed deliveries and revenue.
The Department of War (DoW) may grant waivers in limited cases, but they are increasingly rare, according to Handel.
Although Section 5949 will not take full effect until December 2027, many A&D companies are already reworking their supply chains.
Semiconductor supply chains and A&D programs operate on multi-year cycles, meaning decisions made today determine compliance years down the line. “If you wait until 2027, you’re already three to four years too late,” Handel said.
Mapping the supply chain beyond tier-one suppliers is a massive effort. At some A&D primes, requirements are flowing down through contracts, pushing suppliers to disclose where components are fabricated, packaged, and tested prior to signing.
“The government is signaling that the enforcement is going to be strict,” he said. “The earlier you start, the better, and more likely you’ll be in compliance in 2027.”
The risk of waiting is design lock-in — hitting the “points of no return” where changes force costly redesign and put contracts at risk.
As traceability requirements tighten, companies are shifting where these decisions happen — from procurement to design.
“We’re trying to move upstream to the design and architectural stage,” Handel said. “That’s the ideal spot.”
At U.S. A&D firms, this has led to the adoption of “design for supply chain” practices, where engineering, procurement, and quality teams work together early in the product lifecycle to evaluate sourcing risk. “It’s working cross-functionally, where everyone understands the importance of country of origin down as many tiers as we can get,” Handel said.
This means components are not selected based on performance and cost alone. Teams now assess where semiconductors are fabricated, packaged, and tested before locking them into a design.
Companies recognize that once a component is designed into a system, replacement becomes difficult. By focusing on this requirement early in the product lifecycle, companies avoid the expensive consequences of non-compliance: quarantined parts, redesigns, and production delays.
Until traceability beyond tier-one suppliers becomes easier, compliance will be less about verification and more about risk management — pushing companies to design around uncertainty rather than eliminate it.
Closing that gap will require more technological and policy shifts. Handel points to the need for standardized, cross-industry traceability systems — such as digital identities for semiconductors and tools that map supply chains across multiple tiers — as well as stronger contract-level requirements that force suppliers to disclose component origins.
“It’s going to be interesting how it all fleshes out this year and in 2027 and 2028,” Handel said.
With 2027 approaching, companies are working to meet requirements and minimize tradeoffs.
