The US CHIPS Act of 2022 strengthens Costa Rica's role in the global semiconductor ecosystem

03.05.2024

In July 2023, the United States Department of State announced its partnership with the Government of Costa Rica to explore opportunities to diversify and grow the global semiconductor ecosystem and create a more transparent, secure and sustainable global semiconductor value chain. This strategic partnership arises thanks to the CHIPS Act of 2022 that creates the International Technology Security and Innovation Fund (ITSI Fund). A few months later, Costa Rica announces its own roadmap to strengthen its local ecosystem: an inter-institutional initiative that involves more than 20 local public entities, the private sector and academia.

Brief introduction to the CHIPS Act of 2022.

This law provides the United States Department of Commerce with $50 billion for a set of programs aimed at strengthening and revitalizing the United States' position in semiconductor research, development and manufacturing.  A relevant and strategic initiative of the US government, given that today semiconductors are needed for critical infrastructures such as power grids and waterways and for industries such as defense and space, transportation, healthcare, banking and finance, consumer electronics, manufacturing, and telecommunications.  Global semiconductor revenue is expected to grow 16.8% in 2024 to reach a total of $624 billion, according to forecasts from Gartner, Inc.

There are two offices responsible for implementing the law:  the CHIPS Research and Development Office, which is investing $11 billion in developing a national R&D ecosystem, and the CHIPS Program Office, which is dedicating $39 billion to provide incentives for investment in facilities and equipment in the United States.  Both offices are located within the Department of Commerce's National Institute of Standards and Technology (NIST). More details at https://www.nist.gov/chips


The new national semiconductor strategy of Costa Rica.

After interacting closely with major players such as the United States Semiconductor Industry Association (SIA) and its associated companies, and extracting inputs from its own local semiconductor market (market with more than 25 years of experience and renowned players like Intel), the new national strategy was designed based on four pillars: (i) Human Talent and Workforce, (ii) Incentives 2.0, (iii) Investment Attraction and Prospecting Exercise and (iv) Regulatory Framework and Simplification of Procedures.

The next steps:  implementing and monitoring the strategy through an inter-institutional effort supported by an Executive Decree already signed by the President of Costa Rica that declares the semiconductor industry and its related industries of public interest, establishes the Ministry of Foreign Trade (COMEX) as the entity in charge of making public policy initiatives related to this sector operational and entrusts COMEX with the task of promoting strategic alliances with other countries and entities that contribute to the establishment, growth and development of this sector.

 

Hardware Security: A Sensitive Challenge.

Chips are becoming more sophisticated and valuable, they are linked to data and are increasingly connected to the Internet and to each other, which raises alarms at the hardware security level.  These alarms began a few years ago due to specific attacks by cybercriminals on the semiconductor industry.  According to data collected by Gitnux, cyberattacks on semiconductor companies increased by 366% from 2014 to 2020.  Hardware security is different from software security and is just as important as the latter.  Nowadays it is possible to distinguish between several types of hardware-related attacks, such as side-channel attacks, evil maid attacks, modification attacks, triggering fault attacks, eavesdropping attacks, and counterfeit hardware attacks.  This is one of the many challenges of the international semiconductor industry that both current participants and companies entering the Costa Rican market should pay attention to.

In this context, the quality of hardware adaptation over time to technologies, users, environments and cyber threats is essential, particularly in industries such as automotive or medical devices, where a potential security incident could have significant legal and reputational consequences.  Each stage of the hardware development life cycle should be carefully attended to, from its design/architecture to its subsequent manufacturing, marketing and operation.  A good practice to share:  Covering each stage of the cycle with solid contractual schemes at both the commercial (external) and employment (internal) levels, distributing responsibilities as appropriate and using contractual terms aligned with local regulations regarding health and hygiene standards, environment, privacy, security, intellectual property and confidentiality.

 

Article provided by INPLP member: Fabian Solis (Aguilar Castillo Love, Costa Rica)

 

 

Discover more about the INPLP and the INPLP-Members

Dr. Tobias Höllwarth (Managing Director INPLP)

What is the INPLP?

INPLP is a not-for-profit international network of qualified professionals providing expert counsel on legal and compliance issues relating to data privacy and associated matters. INPLP provides targeted and concise guidance, multi-jurisdictional views and practical information to address the ever-increasing and intensifying field of data protection challenges. INPLP fulfils its mission by sharing know-how, conducting joint research into data processing practices and engaging proactively in international cooperation in both the private and public sectors.