28 January 2025 Simon Song - Alex Roberts - Michael Lamson Artificial intelligence

From Chips to AI Models: A new global framework in U.S. export controls

Last week, the Bureau of Industry and Security (BIS) at the U.S. Department of Commerce announced a “Framework for Artificial Intelligence Diffusion” to impose worldwide export controls on U.S.-origin Advanced Integrated Circuits (AICs) and advanced AI models that meet a newly set threshold. Crucially, looking to regulate the flow of U.S.-origin AICs and the most powerful AI models, the Framework limits both the physical supply of AICs and infrastructure-as-a-service powered by AICs.

We answer eight key questions about the Framework.

1. What is the Framework’s key goal?

At the core of the Framework is the U.S. interest in protecting the diffusion of its most advanced AI technology. The focus is on the “next generation” AI of utmost strategic and national security significance—non-public AI model weights trained on more than 10²⁶ computational operations (Advanced AI Models, categorized under the new Export Control Classification Number of 4E091). In BIS’s view, “even one case of diversion” of these AI models could have serious consequences for the U.S.

AICs are necessary to train such Advanced AI Models. The Framework therefore limits parties in most jurisdictions around the world from (1) obtaining controlled AICs made by U.S. chipmakers, (2) accessing computing capacity powered by controlled AICs through infrastructure-as-a-service (IaaS) to train Advanced AI Models, or (3) otherwise obtaining Advanced AI Model weights through unauthorized access.

2. How are jurisdictions classified under the Framework? Is it focused on China?

There are three categories of jurisdictions under the Framework:

18 White-listed Jurisdictions: Jurisdictions whose governments have implemented similar export controls and have national security and foreign policy interests aligned with the United States do not face additional restrictions under the Framework. These are Australia, Belgium, Canada, Denmark, Finland, France, Germany, Ireland, Italy, Japan, the Netherlands, New Zealand, Norway, Republic of Korea, Spain, Sweden, Taiwan, and the United Kingdom.
23 Restricted Countries: Jurisdictions already subject to U.S. advanced semiconductor export controls now face additional restrictions under the Framework. These are Afghanistan, Belarus, Burma, Cambodia, Central African Republic, China (incl. Hong Kong and Macau), Democratic Republic of the Congo, Cuba, Cyprus, Eritrea, Haiti, Iran, Iraq, North Korea, Libya, Lebanon, Russia, Somalia, Republic of South Sudan, Republic of the Sudan, Syria, Venezuela, and Zimbabwe)
Grey Jurisdictions: All other jurisdictions face a cap on the number of AICs available to parties located or headquartered there. Unless authorized by BIS, they also face restrictions in accessing or training Advanced AI Models using controlled AICs, whether directly or through IaaS. Popular destinations for recent data center projects, such as Saudi Arabia and the UAE, are among these Grey Jurisdictions.

3. How can a company from a Grey Jurisdiction buy AICs from U.S. chipmakers?

In three ways:

The ultimate owner making the purchase can use the License Exception Low Processing Performance to obtain eligible AICs, subject to a prescribed aggregate total processing performance cap at about 1,700 NVIDIA H100 AICs according to industry experts;
The company can apply for a standard one-time export license issued by BIS to obtain eligible AICs on a first-come first-served basis. The license application is subject to a presumption of approval up to the relevant Grey Jurisdiction’s allocated total processing performance cap for 2025 to 2027 combined at about 50,000 NVIDIA H100 AICs, according to industry experts, and subject to a presumption of denial beyond that cap; or
The company can become a validated end user authorized by BIS to receive a larger number of controlled AICs, subject to a higher cumulative cap from 2025 to 2027 (see “National VEU” below).

4. What is the new Data Center Validated End-user (VEU) mechanism and how does it work?

Entities located or headquartered in a White-listed Jurisdiction or Grey Jurisdiction can become authorized by BIS and deploy controlled advanced AICs in Grey Jurisdictions through the new Data Center VEU mechanism:

Universal VEU: A company headquartered in a White-listed Jurisdiction may be authorized as a UVEU and deploy an unlimited number of AICs for use in its data centers outside the Restricted Jurisdictions – subject to certain geographical allocation quotas relating to the distribution of the UVEU’s computational power outside its home jurisdiction;
National VEU: A company headquartered in a Grey Jurisdiction may be authorized as an NVEU and deploy a larger number of AICs in a data center owned by it within that jurisdiction (subject to a cumulative cap from 2025 to 2027).

5. What are the compliance requirements for a Data Center VEU under the Framework?

BIS considers the following factors when reviewing data center VEU applications:

A proven track record of general compliance with U.S. export controls, respect toward human rights, and a clear and feasible plan for continuing to comply in a Grey Jurisdiction;
No ties to military end-users or military-intelligence end-users;
Compliance with the new U.S. Outbound Investment Rules, supply chain independence from advanced computing items produced by entities headquartered in a Restricted Jurisdiction, and disclosure to BIS of relationships with entities located in or headquartered in a Restricted Jurisdiction or on certain U.S. sanctions lists;
Commitment not to transfer controlled AICs to persons with ties to a Restricted Jurisdiction;
Commitment not to transfer controlled AICs outside the authorized jurisdictions without seeking a license from BIS or notifying BIS;
Adherence to the geographical allocation quota on controlled AICs;
IaaS-related compliance measures, including not providing the capacity to train Advanced AI Models, in whole or in part, to an entity headquartered outside the White-listed Jurisdictions;
Storage of model weights in White-listed Jurisdictions or by White-listed Jurisdiction-headquartered entities located outside the Restricted Jurisdictions;
Site security, cybersecurity, personnel security and other security measures; and
Other compliance requirements, including conducting due diligence on end-users, record-keeping, monitoring and reporting to BIS.

6. Does the Framework impact cloud service / IaaS providers?

Yes, but to a limited degree.

Given BIS is concerned about the risk of diffusion of Advanced AI Models through IaaS products or services powered by controlled AICs, Data Center VEUs are required to obtain BIS authorization in order to provide IaaS service for training Advanced AI Models, in whole or in part, to an entity located or headquartered outside the White-listed Jurisdictions.

According to a new due diligence red flag added by BIS, a U.S. IaaS provider should be wary of even providing services to a U.S. subsidiary of a foreign entity to train Advanced AI Models. BIS points out the diversion risks of Advanced AI Models, and the U.S. IaaS provider could be seen as aiding or abetting a violation of U.S. export controls.

It is still permissible to provide application programming interface (API) access to AI models or IaaS for AI inference, i.e., using commercial AI to provide feedback based on user input.

7. When does the Framework become effective?

13 January 2025: The Framework became effective on the day of announcement.
From 15 May 2025: AIC exporters and suppliers will need to comply with the export control requirements.
From 15 January 2026: Data Center VEUs are required to implement the mandatory security measures related to AICs, data, AI systems and personnel.

8. Will the Framework be modified or revoked by the new U.S. administration?

There is no guarantee that the Trump administration would not modify, revoke or otherwise enhance the Framework. The announcement of the Framework has aroused opposing voices from the AI industry in the U.S. Most notably, NVIDIA has called the Framework “government overreach” and advocated that the Trump administration reinstate past practices of sharing American technologies with the world. The Executive Order on America First Trade Policy issued on 20 January 2025 notes that the relevant U.S. government agencies should continue to assess how to “maintain, obtain, and enhance [the U.S.’s] technological edge and how to identify and eliminate loopholes in existing export controls”.

Looking ahead

Our multi-practice team is ready to assist market participants to understand the new legal restrictions under the Framework and what adjustments to internal and counterparty compliance they must seek.

Our lawyers are enthusiastic, committed people who relish the challenges and opportunities that they encounter every day.

Search for a lawyer by name or use one of the filters.

Our business team members are enthusiastic, committed people who relish the challenges and opportunities that they encounter every day.

Search for a business team member by name or use one of the filters.

From Chips to AI Models: A new global framework in U.S. export controls

Key Contacts

Related Content

Our lawyers are enthusiastic, committed people who relish the challenges and opportunities that they encounter every day.

Search for a lawyer by name or use one of the filters.

Our business team members are enthusiastic, committed people who relish the challenges and opportunities that they encounter every day.

Search for a business team member by name or use one of the filters.

From Chips to AI Models: A new global framework in U.S. export controls

Key Contacts

Related Content

You will need to log in or register to view the content

Register

Reset password

Log in