Controls the export of AI chips and models outside the United States. Establishes a country-based tiering system to determine applicable restrictions, exceptions, and conditions, including security and reporting safeguards. Creates validated end-user programs to govern exports of AI chips to most countries. Defines an adjustable compute-based threshold for export-controlled AI models.
Analysis summaries, actor details, and coverage mappings were LLM-classified and may contain errors.
This is a binding regulatory framework issued by the Department of Commerce with explicit license requirements, enforcement mechanisms, penalties for non-compliance, and mandatory language throughout.
The document has good coverage of approximately 6-8 subdomains, with strong focus on malicious actors (4.1, 4.2), AI system security (2.2), competitive dynamics (6.4), governance failure (6.5), and dangerous capabilities (7.2). Coverage is concentrated in security, export control, and strategic competition domains related to AI chip and model diffusion.
This is an external regulation that applies primarily to the Information sector (AI chip manufacturers, cloud providers, data processing companies) and Scientific Research and Development Services sector (AI model developers). It also has significant implications for Professional and Technical Services (IT consultants, export compliance services) and potentially affects all sectors that use advanced AI computing resources.
The document primarily covers the Deploy and Operate and Monitor lifecycle stages, with some coverage of Build and Use Model stage. It focuses extensively on deployment controls, export restrictions, and ongoing monitoring requirements for AI chips and model weights, rather than earlier development stages.
The document explicitly covers AI models and AI systems, with detailed focus on advanced computing integrated circuits and AI model weights (ECCN 4E091). It establishes compute thresholds measured in TPP (Total Processing Performance) and FLOPs. It does not explicitly define frontier AI, general purpose AI, task-specific AI, foundation models, generative AI, or predictive AI, though it references advanced AI models. Open-weight models are implicitly covered through model weight export controls.
Department of Commerce, Bureau of Industry and Security (BIS)
The document is issued by the Department of Commerce through the Bureau of Industry and Security, which has regulatory authority over export controls. Multiple sections reference BIS as the issuing authority.
Bureau of Industry and Security (BIS), U.S. Department of Commerce; Office of Exporter Services; Department of State; Department of Energy; Department of Defense
BIS is the primary enforcement authority with explicit powers to review applications, grant or deny licenses, revoke VEU status, conduct audits, and impose penalties. Other departments are involved in review processes.
Bureau of Industry and Security (BIS); Third-Party Assessment Organizations (3PAO) accredited by FedRAMP Program Management Office
BIS conducts ongoing monitoring through mandatory reporting requirements, end use checks, and facility audits. Third-party assessment organizations provide independent certification of security compliance.
Exporters, reexporters, and transferors of AI chips and models; Infrastructure-as-a-Service (IaaS) providers; Validated End-Users (VEUs); entities training AI models; data center operators
The regulation applies to multiple categories of entities involved in AI chip and model export, development, and deployment. It specifically targets exporters of advanced computing chips, IaaS providers, entities training AI models specified in ECCN 4E091, and data center operators.
6 subdomains (4 Good, 2 Minimal)