US Expands AI Export Controls to Model Weights, Not Just Chips

U.S. AI export controls have undergone a landmark expansion, shifting focus from semiconductor chips to the AI model weights themselves. In a strategic move reflecting the technology's growing importance, U.S. officials now treat powerful AI models as national assets comparable to controlled weapons software, fundamentally changing the compliance landscape for developers and enterprises.

What exactly changed with U.S. AI export controls?

The U.S. has expanded AI export controls from physical hardware to the AI software itself, specifically targeting the "weights" of powerful models. New regulations require a license to export any frontier AI model trained above a specific computational threshold, treating this software as a strategic national asset.

The pivotal change occurred in January 2025, when the Bureau of Industry and Security (BIS) established a new classification, ECCN 4E091, for "closed-source (unpublished)" AI model weights. This rule applies to any system trained using approximately 10²⁶ computational operations or more, forcing developers to acquire a license before the model weights can be exported. A foreign-direct-product rule further extends this control to models trained abroad on U.S. chips.

BIS established licensing requirements for exporting advanced computing items and AI model weights to specific countries in 2025/2026. The move, which the Times of India reported as treating an AI model "like a missile," confirmed that software access is now governed by the same Export Administration Regulations (EAR) as physical weaponry.

How does the government's three-tiered vetting system work?

The U.S. Bureau of Industry and Security (BIS) established the AI and Advanced Computing Framework, which sorts countries into three tiers (Tier 1: Allied, Tier 2: Conditional, Tier 3: Presumption of Denial) with different access rights for AI chips and models:

• Tier 1 (Allied Access): A group of close allies, including Five Eyes partners and key nations in the AI supply chain like Japan and the Netherlands, benefit from License Exception LPP, which allows exports up to a per-entity allocation without a license, but still requires adherence to security protocols.
• Tier 2 (Conditional Access): Most other nations face strict limits. Access to controlled models requires hosting compute in secured environments, providing verifiable security commitments, and submitting to GPU location verification to monitor chip usage.
• Tier 3 (Presumption of Denial): Adversary nations face a near-total block on accessing frontier model weights. BIS established a worldwide licensing requirement for advanced chips (ECCN 3A090.a, 4A090.a) in 2025, with presumptions of approval or denial based on destination country type.

What are the immediate compliance steps for AI labs?

AI labs must implement robust technical and organizational safeguards that extend far beyond traditional software export compliance.

Technical Controls:
* Implement geofencing and per-account compute caps on high-capability models.
* Establish Technology Control Plans (TCPs) and conduct nationality screening before granting any foreign-national access to controlled models or source code.
* Maintain encrypted logs of all model queries in WORM (Write Once, Read Many) storage for at least five years to meet audit requirements.

Organizational Requirements:
* Inventory all models and datasets to assign provisional ECCNs.
* Screen all customers, investors, and employees against the BIS Entity List, Denied Persons List, and Military End-User (MEU) data sets.
* Conduct beneficial ownership diligence to uncover hidden affiliations with restricted entities.
* Prepare a voluntary self-disclosure plan with legal counsel to react swiftly to any potential breaches, which can significantly mitigate penalties.

How should enterprises adjust AI procurement and planning?

Organizations using or procuring frontier AI systems now face significant supply chain and access risks, demanding more rigorous due diligence and proactive contingency planning.

Procurement & Due Diligence:
* Require vendors to disclose the total compute used for training to determine if a model falls under ECCN 4E091.
* Confirm the vendor's license status for any controlled models.
* Establish exactly where models are hosted and what data, if any, leaves your jurisdiction during use.
* Develop a dual-vendor strategy to avoid over-reliance on a single provider whose access could be abruptly restricted.

Contingency Planning:
* Model the business impact of a sudden API access termination for foreign-national employees or entire geographic regions.
* Anticipate inference layer restrictions, where the government could cap query volume or limit user types in the future.
* Evaluate on-premise deployment options against cloud services, as on-premise may offer more regulatory stability but less access to the latest models.

What challenges threaten the framework's effectiveness?

The U.S. strategy relies on "plurilateral" coordination among willing allies rather than broad, treaty-based consensus, creating significant friction and potential gaps.

Key Challenges:
* Extraterritorial Reach: The Foreign Direct Product Rule extends U.S. licensing requirements to models developed abroad using American chip technology, creating sovereignty and enforcement challenges.
* Policy Inconsistency: Abrupt shifts in policy implementation can undermine the framework's predictability and erode trust among international partners.
* Risk of Backfilling: To prevent allies from supplying restricted technology to adversaries, the U.S. has signaled it may use secondary trade measures like tariffs, which could strain diplomatic relations.

The core tension is between the speed of unilateral U.S. action and the slow, deliberate process of building broad international buy-in. While rapid measures can close immediate security gaps, they risk creating regulatory loopholes that sophisticated adversaries can exploit over the long term.