The pace of artificial intelligence policy in the United States has shifted from philosophical white papers to enforceable mandates in under three years. Between late 2023 and mid-2025, a series of executive orders and a sweeping ai action plan rewrote the rules for how frontier models get built, how federal agencies buy ai tools, and how american innovation flows across borders. If you build, sell, host, or rely on ai technologies, the regulatory ground beneath you has already moved. This article breaks down exactly what happened, what's next, and which sectors are first in line.

Key Takeaways

  • The U.S. is moving from broad principles about artificial intelligence to a detailed ai action plan with enforceable reporting, export controls, and procurement rules. The AI Action Plan was released on July 23, 2025, and its three pillars cover innovation, infrastructure, and diplomacy.
  • The first groups directly affected are frontier model developers, cloud and data center operators, federal contractors, and companies in critical infrastructure and biosecurity-adjacent sectors. Mandatory reporting under the Defense Production Act now applies to developers of dual-use foundation models.
  • The office of management and Budget (OMB) and the Department of Commerce now sit at the center of federal AI enforcement. OMB's M-24-10 guidance (March 2024) requires federal agencies to inventory, assess, and document every safety-impacting and rights-impacting ai system they use or procure.
  • President Trump's EO 14179 (January 2025) replaced Biden-era safety-first frameworks with an approach emphasizing economic competitiveness and removing regulatory barriers, while the June 2026 executive order introduced voluntary pre-release reviews for covered frontier models.
  • The next 12–24 months will bring new rules on AI safety evaluations, data center reporting, export controls, and federal ai adoption, reshaping ai leadership and innovation strategy across the private sector and government alike.
An aerial view of the White House in Washington DC showcases its iconic architecture against a clear blue sky, symbolizing the federal government's role in national security and the ongoing discussions about artificial intelligence and its integration into various federal agencies. This image reflects the heart of American leadership and policy-making, particularly in relation to the national AI strategy and economic competitiveness.

Inside the White House AI Strategy: From Executive Orders to a Full AI Action Plan

The journey toward a national ai strategy didn't start in 2023. It started years earlier with infrastructure bets and high-level directives. In 2018, the national science foundation funded the Frontera supercomputer, and the U.S. Department of Energy introduced the Summit supercomputer in June 2018-both designed to give American researchers raw computing resources for ai research and scientific discovery. That same year, the Department of Defense established the Joint Artificial Intelligence Center in June 2018 to integrate ai development into military operations. President Trump signed a National Security Strategy on December 18, 2017, emphasizing AI as a critical technology for the nation's security.

On February 11, 2019, the white house issued Executive Order 13859, titled "Maintaining American Leadership in Artificial Intelligence." E.O. 13859 aims to enhance U.S. leadership in AI R&D, and it launched what became known as the American AI Initiative. The administration aims to maintain U.S. leadership in ai development through investments in research, workforce training, and international engagement. Federal agencies reported nondefense AI R&D investments in September 2019, and the National AI R&D Strategic Plan was updated in 2019 to reflect new priorities. The DoD AI Strategy was released in February 2019 to enhance national security through ai applications. In August 2020, $140 million was awarded for AI Research Institutes to accelerate ai innovation across universities and labs. The National Council for the American Worker was established in July 2018 to prepare american workers for the jobs of the future, and the American AI Initiative prioritizes training programs for AI skills alongside scientific discovery.

But these were largely principle-based frameworks-voluntary, aspirational, and without binding compliance mechanisms. Then came 2023.

  • The Biden administration's EO 14105 (August 2023) and EO 14110 (October 2023) marked a dramatic escalation. For the first time, the federal government invoked the Defense Production Act for ai models, required mandatory reporting from developers of dual-use foundation models, and imposed outbound investment restrictions targeting countries of concern.
  • The trump administration pivoted in January 2025. EO 14179, "Removing Barriers to American Leadership in Artificial Intelligence," revoked EO 14110 and directed a new approach. The order replaces earlier AI policies with a focus on innovation and security. E.O. 14179 calls for an ai action plan by July 22, 2025.
  • The white house delivered. The AI Action Plan, formally titled "Winning the Race: America's AI Action Plan," was released on July 23, 2025. The white house received over 10,000 public comments for the AI Action Plan during its development. The AI Action Plan includes 28 policy recommendations for federal agencies. The AI Action Plan emphasizes building national ai infrastructure, and the AI Action Plan aims to enhance U.S. global AI leadership.
  • The plan calls for action across three pillars: Pillar I focuses on accelerating ai innovation and removing regulatory friction. The second pillar targets building american ai infrastructure-including secure data centers and energy grid capacity. The third centers on international diplomacy and export controls to ensure global ai dominance while blocking foreign adversaries from accessing advanced ai.
  • Key white house office coordinators include OSTP (the science and technology Policy office), the National Security Council (handling national security affairs), OMB (translating policy into management and budget rules), and the technology council. These bodies, alongside the national cyber director, coordinate across executive departments and agencies.

This section sets context. The real question-what changed, what's coming, and who it hits first-gets answered below.

The image depicts a long, well-lit hallway within a government building, with sunlight filtering through large windows, suggesting a space where federal agencies might discuss critical matters such as national security and the integration of artificial intelligence technologies. This environment could be a setting for strategic meetings related to the national AI strategy and federal efforts to enhance American leadership in AI innovation.

What Changed Overnight: Concrete Requirements in Recent AI Executive Orders

The white house issued an executive order on AI in October 2023 that turned abstract AI ethics into enforceable obligations. The 2023 executive order emphasizes AI's national security implications, and alongside EO 14105 (August 2023) and EO 14179 (January 2025), it created a set of concrete, dated requirements that companies and various federal agencies must now navigate.

Here are the specific changes:

  • Defense Production Act reporting (EO 14110, October 2023): Companies developing dual-use foundation models must report planned and ongoing training activities to the Department of Commerce. This includes details about model weights, cybersecurity protections, and red-teaming results. The executive order encourages AI companies to share models for safety testing under DPA authority.
  • Outbound investment restrictions (EO 14105, August 2023): Treasury's Final Rule, effective January 2, 2025, requires U.S. persons to notify the treasury department about investments in AI, semiconductors, and quantum technologies targeting countries of concern (China, Hong Kong, Macau). Some transactions are outright prohibited.
  • OMB M-24-10 risk management guidance (March 2024): Agencies must inventory all AI uses, classify systems as "safety-impacting" or "rights-impacting," perform impact assessments, and implement minimum risk management practices including bias mitigation and human oversight.
  • Federal procurement standards: AI systems procured by departments and agencies must meet documented risk-management minimums. Vendor claims must be independently evaluated. Procurement officers must assess safety and testing criteria before purchasing.
  • Cybersecurity clearinghouse: The executive order creates an AI cybersecurity clearinghouse to detect vulnerabilities, and ai technologies could help identify cybersecurity vulnerabilities across federal networks.
  • Law enforcement integration: The Attorney General prioritizes prosecuting crimes involving AI, expanding the legal framework for ai-enabled threats.

The expanded scope matters. These orders widened "national defense" and "critical infrastructure" to explicitly include AI-enabled cyber operations, biosecurity, and disinformation-triggering new oversight powers that didn't exist before.

Before: voluntary frameworks like the NIST AI Risk Management Framework and the AI Bill of Rights. After: legally binding reporting, export controls, and procurement conditions.

The framework emphasizes cooperation rather than mandatory regulations in many areas, and the U.S. government focuses on a voluntary approach to AI security for private-sector engagement. But the binding obligations for frontier models and federal contractors are real. AI innovation can be hampered by overly restrictive regulations, which is precisely why the trump administration later recalibrated with EO 14179. Notably, the U.S. Senate voted 99 to 1 to remove an AI regulation moratorium, signaling bipartisan support for some form of AI oversight.

The Office of Management and Budget: Where AI Policy Becomes Spending Rules

OMB doesn't write executive orders, but it decides how they land inside federal agencies-and by extension, inside every company that does business with the federal government. When the white house issues an executive order on AI, OMB translates it into budget guidance, procurement rules, and compliance deadlines.

OMB's M-24-10 (finalized in March 2024) is the backbone of federal AI risk management. The OMB M-24-10 AI guidance was finalized in March 2024, and it directly implements the October 2023 executive order while aligning with the July 2025 ai action plan's vision for maintaining american leadership.

  • OMB now requires agencies to inventory every ai system they deploy or procure, classifying each as "safety-impacting" or "rights-impacting." Safety-impacting includes systems whose outputs affect human life, critical infrastructure, or homeland security. Rights-impacting covers systems affecting access to employment, credit, housing, healthcare, or other civil liberties.
  • Agencies must perform AI impact assessments, document bias mitigation strategies, ensure human oversight, and engage stakeholders before deploying high-risk ai tools.
  • OMB holds power over federal awards and grants. Agencies must avoid funding AI projects that significantly raise risks to civil rights, safety, or critical infrastructure-giving OMB leverage to shape ai adoption even among non federal entities.
  • OMB is updating its regulatory review process through OIRA to ensure new AI-related regulations remain consistent with the national ai strategy and federal priorities.
  • Organizations seeking federal funds for AI or AI-enabled projects must align their proposals with OMB's risk-management expectations and documentation practices-or risk losing funding.

AI Risks, Opportunities, and the Scale of Federal Spending

Federal spending exceeds one-quarter of U.S. GDP, which means OMB's AI guidance effectively steers a massive share of AI-related investment across health and human services, defense, energy, and infrastructure.

  • Agencies deploying ai system technology in decisions affecting public safety or rights must implement minimum practices: impact assessments, pre-deployment testing, ongoing monitoring, and clear opt-out or appeal paths for citizens where feasible.
  • Federal agencies review models for security and cyber defense, strengthening protection for government networks and services. AI could assist in healthcare research and development, and AI could reduce automobile crashes by over 90%-underscoring the enormous upside of smart ai adoption in areas like transportation and health.
  • OMB encourages integrating ai to modernize government operations, accelerate scientific research, and strengthen cybersecurity-provided risk controls are in place. Examples include AI for fraud detection in benefits programs and cyber anomaly detection in federal networks.
  • The opportunity side is real: agencies that move quickly on responsible ai adoption can improve service delivery, reduce costs, and advance scientific discovery across the federal government.

What's Coming Next from OMB

  • OMB circular updates and further refinements to M-24-10 are expected in the next 12 months, connecting AI funding, evaluation standards, and procurement language more tightly.
  • Likely moves include stricter AI reporting in agency budget submissions for FY 2027, standardized templates for AI risk analysis in grants, and closer linkage to national institute of Standards and Technology evaluation protocols.
  • OMB will increasingly condition approval of large AI-related line items on clear risk-mitigation plans, shaping how agencies and contractors design systems before they ever submit a proposal.
  • This approach strengthens the federal government's leverage over the broader AI ecosystem without passing new legislation-using budget and award conditions alone.

Federal Contracting: Where AI Rules Hit Private Employers First

The October 2023 AI executive order and subsequent guidance explicitly target AI used by federal contractors, particularly those in hiring and workforce management. If your company sells ai tools or services into the federal government, the compliance clock is already ticking.

  • DOL has finalized guidance on nondiscrimination in AI hiring for federal contractors, tying it to obligations under the Equal Employment Opportunity Act. This means algorithmic hiring decisions are now under scrutiny.
  • OMB's M-24-10 anticipates new procurement standards requiring contracting officers to evaluate AI tools for bias, transparency, and human oversight before purchase.
  • FPASA (Federal Property and Administrative Services Act) authority allows the president to impose workforce-related conditions-like AI governance rules-on contractors as a condition of doing business with the federal government.
  • Future Federal Acquisition Regulation (FAR) updates are likely to embed AI quality assurance, documentation, and incident-reporting requirements directly into contract clauses.
A group of business professionals is gathered around a conference table, collaboratively reviewing documents related to the federal government's AI action plan, which aims to integrate AI technologies into various sectors, including national security and economic competitiveness. The atmosphere is focused and professional, highlighting the importance of AI innovation for American leadership and workforce development.

AI Risks and Opportunities in the Contractor Workforce

The workforce dimension of AI policy is significant. Over 200 companies pledged to create 6.5 million job opportunities through public private partnerships tied to the American AI Initiative. The national science foundation allocated $66 million for technician education in FY19 to support workforce development, and the Task Force on Apprenticeship Expansion made 26 recommendations to promote apprenticeships in technology fields.

  • Key risk areas for contractors include algorithmic bias in hiring and promotion, safety risks from automated scheduling or monitoring, and potential wage-and-hour compliance issues driven by AI scheduling or productivity scoring.
  • Opportunities include automated compliance checks against FPASA standards, proactive detection of discrimination patterns, and AI tools to improve worker training and safety analytics. The market for automated vehicles is projected to exceed $75 billion by 2035, highlighting how empowering american workers through ai training and workforce development creates economic value.
  • Contractors using AI in HR, scheduling, or personnel management-even outside hiring-should expect future expansion of rules beyond the initial hiring-focused guidance.
  • Early movers who build robust AI governance around their HR tech stack will face fewer disruptions when formal regulations arrive.

What Contractors Should Expect and Do Now

  • Inventory every ai system and AI tool used across the employment lifecycle: recruiting, screening, onboarding, scheduling, performance evaluation, and termination.
  • Assess vendors' compliance posture against DOL nondiscrimination guidance and OMB's M-24-10 requirements. Ask your vendors hard questions about explainability and audit trails.
  • Prepare for contract language requiring explainability of AI decisions that affect employment, documented human review procedures, and incident reporting.
  • Align internal policies with emerging federal expectations-don't wait for the final FAR clause to start building your governance framework.
  • Contractors in heavily regulated sectors (defense, healthcare, finance) are likely to feel these requirements first, due to their tight coupling with federal missions and critical infrastructure.
  • Treat AI governance as a core part of procurement and legal review-not only an IT or data science responsibility.

Defense Production Act and AI: The New Reporting Line for Frontier Models

The October 2023 AI executive order first invoked the Defense Production Act to require developers of large dual-use foundation models to disclose training activity and safety testing to the Department of Commerce. This was unprecedented-applying Cold War-era industrial mobilization authorities to ai models for the first time.

  • What must be reported: ai training runs above defined compute thresholds, model weights storage locations, red-teaming results and safety mitigations, and major cybersecurity incidents affecting model integrity. This directly targets new ai models and existing systems that cross capability benchmarks.
  • These reporting requirements initially applied to post-EO foundation models, but subsequent rulemaking can expand coverage to existing systems if they are deemed critical for national defense or critical infrastructure.
  • Commerce also now tracks large-scale computing clusters and data centers dedicated to ai training, linking physical compute capacity to economic and national security oversight.
  • The immediate impact falls on major cloud providers, chip manufacturers, and AI labs, which must maintain accurate internal records and processes for timely DPA compliance. Open weight ai models and open source ai raise additional questions about disclosure and distribution.

As of June 2, 2026, a new executive order introduced a voluntary pre-release 30-day review window for covered frontier model systems with federal government agencies. The order allows a 30-day pre-release review for advanced ai models, and voluntary reviews are aimed at balancing rapid innovation and risk assessment. A classified benchmarking process defines which models qualify as "covered." The definition of such models is tied to advanced cyber capabilities and is determined through a classified benchmark-ai developers must self-assess whether their model qualifies. Importantly, this EO bans mandatory governmental licensing or preclearance, keeping participation voluntary.

How DPA Powers Could Expand for AI

The Defense Production Act defines "national defense" broadly-including critical infrastructure, public health, and emergency preparedness. This statutory breadth could justify wider AI disclosures in the future.

  • Possible expansions include applying DPA reporting to ai system technology used in energy grid management, hospital logistics, or large financial transaction monitoring if they pose systemic risk.
  • Future guidance could mandate red-teaming against specific threat scenarios (e.g., bio-design misuse, advanced cyber capabilities operations) as a precondition for high-risk AI deployment.
  • Organizations building or hosting high-impact ai models should track Commerce rulemakings closely. Reporting thresholds and categories may tighten over the next 12–18 months.
  • The national security agency and other intelligence community bodies are increasingly involved in evaluating such models for defense applications, reinforcing the linkage between commercial AI and the nation's security.

Emergency Powers, Export Controls, and International AI Diplomacy

Emergency powers, export controls, and international ai diplomacy form the third pillar of the 2025 AI Action Plan. Together, they determine how American ai technologies move across borders-and how foreign adversaries are kept from accessing the most dangerous capabilities.

Executive Order 14105 (August 2023) declared a national emergency under IEEPA regarding certain outbound investments in AI. AI is included in the U.S. national emergency declarations regarding technology threats. Treasury and Commerce built regulations restricting advanced AI and semiconductor exports to "countries of concern," primarily China, Hong Kong, and Macau.

  • Export controls expanded in October 2023 and through 2025, covering advanced GPUs, high-speed interconnects, and large-scale data center configurations. The Bureau of Industry and Security has continued tightening controls on node manufacturing and compute exports.
  • The July 23, 2025 AI Action Plan reframes export controls as part of a broader AI alliance strategy-tightening restrictions on adversaries while deepening technology sharing with allies and other trusted partners. The U.S. aims for global ai dominance to enhance national security, per E.O. 14179.
  • Companies operating globally in cloud, chips, defense tech, and bioinformatics must now map their AI products and services against evolving export control schedules and licensing regimes. Intellectual property protection is a growing concern as advanced ai flows across borders.
The image shows several large container ships docked at a bustling international shipping port during sunset, with vibrant orange and purple hues reflecting off the water. This scene highlights the critical infrastructure of global trade, which is essential for economic competitiveness and national security, particularly as the federal government focuses on integrating advanced technologies like artificial intelligence into various sectors.

Emergency Powers and AI Threat Response

If AI-related threats escalate, the federal government has serious tools available:

  • IEEPA for financial sanctions on entities facilitating AI proliferation to hostile states.
  • Communications Act powers over communications infrastructure.
  • Emergency procurement flexibilities allowing rapid acquisition of defensive AI capabilities.
  • The white house office of science and technology policy is encouraged to predefine thresholds for AI incidents that could trigger emergency declarations-such as AI-enabled attacks on critical infrastructure or large-scale synthetic media interference in elections.
  • Agencies are actively building response playbooks combining cyber defense, misinformation countermeasures, and rapid coordination with cloud and AI providers.
  • This framework incentivizes major AI companies and hosting providers to invest now in incident detection, logging, and cooperation protocols with federal agencies-particularly the national security agency and homeland security.

Balancing Export Controls with American Innovation

The tension is real. Strict export controls protect the nation's security, but they can also constrain the global economy presence of U.S. companies.

  • Overly broad controls risk pushing ai research offshore or fragmenting AI supply chains. The private sector has raised concerns about losing market share to less-regulated competitors in Europe and Asia.
  • The AI Action Plan's export-control provisions aim for a "small yard, high fence" approach-narrowly targeted but strongly enforced restrictions on the most sensitive capabilities, including revolutionary technology in compute and models.
  • Industry feedback loops with Commerce, State, and Defense will shape how rules evolve, particularly for edge compute, open weight ai models, and cross-border data center investments.
  • The plan calls for international diplomacy efforts through G7, OECD, and bilateral alliances to harmonize AI safety norms and export controls. This approach to international ai diplomacy aims to strengthen partnerships while containing strategic risks.

Who Feels It First: Sectors and Stakeholders Most Exposed to the New AI Regime

Not every company will feel these changes at the same time. The impact radiates outward from the core of the AI stack-frontier models and compute-toward sectors that depend on them.

Here's who gets hit first, in rough order:

  • Frontier model developers and hyperscale cloud providers: DPA reporting on training runs, model weights, red-teaming results. The June 2026 EO's voluntary review window. These firms must maintain compliance infrastructure for timely disclosure. The national institute of Standards and Technology leads AI technical standards that will shape how such models are evaluated.
  • Federal contractors and AI vendors selling into government: Procurement rules under M-24-10, upcoming FAR clauses, DOL nondiscrimination requirements. Particularly those contracting with executive departments in defense, human services, and homeland security.
  • Critical infrastructure operators (energy, telecom, healthcare): Systems used in these areas are more likely to be classified as safety-impacting under OMB guidance. Energy grid operators, telecom providers, and health and human services-adjacent organizations face heightened oversight. The national cyber director is increasingly involved in AI-related infrastructure security.
  • Biosecurity-relevant firms (biotech, nucleic acid synthesis, lab automation): EO 14110's expansion of "critical infrastructure" to include biosecurity means these firms face new reporting and risk-assessment expectations.
  • Financial and advertising platforms exposed to election integrity and disinformation: Red-teaming for misleading outputs, watermarks for generative AI, and fairness protections affect platforms that touch public discourse.
  • Smaller AI-focused startups: These may feel changes indirectly through their dependence on cloud platforms, foundation models, and access to federal customers. Startups using or fine-tuning frontier models, or selling into regulated domains, inherit obligations through their supply chains.
Organizations with mature AI governance, documentation, and cross-functional ai leadership will navigate this transition with fewer shocks.
The image shows rows of illuminated server racks inside a modern data center facility, representing the backbone of advanced AI technologies and infrastructure that support federal efforts in economic competitiveness and national security. This high-tech environment is crucial for integrating AI models and tools that drive innovation and support various federal agencies' missions.

What's Coming Over the Next 12–24 Months

The policy and regulatory pipeline is full. Here's what to track based on explicit deadlines and mandates in the 2023–2025 executive orders and the AI Action Plan:

  • More granular OMB guidance tying AI spending to risk controls. Expect updates to M-24-10, new templates for agency budget submissions, and tighter standards for federal efforts in AI procurement.
  • Commerce rules refining DPA thresholds for dual-use foundation model reporting. Thresholds for compute, capabilities, and architecture classifications will be published, determining which ai developers face mandatory disclosure.
  • DOL and EEOC follow-on guidance for use of ai in HR and employment decisions, extending beyond hiring to cover performance management, scheduling, and workforce development.
  • FAR updates embedding AI requirements into federal contracts-including documentation, incident reporting, explainability, and human oversight clauses.
  • NIST evaluation benchmarks and red-teaming methodologies that agencies will adopt by reference. The national institute of Standards and Technology is actively building sector-specific standards for advanced ai evaluation.
  • International coordination through G7, OECD, and bilateral alliances on AI safety, export controls, and shared compute infrastructure. A new golden age of international ai diplomacy is the stated aspiration, though execution remains uneven.
  • Emergence of new rules around frontier models. The June 2026 EO signals an ongoing effort to balance rapid ai innovation with risk management through voluntary review windows and classified benchmarking. Federal agencies will continue to evaluate covered frontier model submissions for security and defense implications.

Companies should treat this 12–24 month window as the time to operationalize AI governance: establishing internal AI policies, inventories, risk assessments, and leadership roles that align with emerging federal expectations. The organizations that act now-appointing cross-functional ai leadership, building documentation practices, and engaging with federal rulemaking-will be the ones positioned for human flourishing and economic competitiveness in the era of advanced ai.

Q1: Does an executive order on AI apply directly to my private business?

Executive orders bind federal agencies, not private entities directly. However, they reach businesses through procurement rules, grant conditions, export controls, and reporting mandates under existing statutes like the Defense Production Act and FPASA. If your company sells AI to the federal government, uses advanced AI compute above certain thresholds, or operates in sensitive sectors (defense, healthcare, finance, critical infrastructure), you are more likely to experience direct compliance obligations. Non federal entities that rely on federal funding or contracts will also feel the impact through vendor due diligence and contract requirements.

Q2: How do I know if my AI system falls under "high-risk" categories targeted by federal guidance?

Look at whether your ai system affects access to employment, credit, housing, healthcare, or critical public services, or whether it could impact safety or critical infrastructure operations. Align your internal classifications with OMB M-24-10 categories-"rights-impacting" and "safety-impacting"-and with the NIST AI Risk Management Framework terminology. If your system's outputs serve as a principal basis for decisions affecting human life, civil rights, or critical infrastructure, it is likely in scope. When in doubt, err on the side of documentation and risk assessment.

Q3: Will smaller AI startups be held to the same standards as large frontier model developers?

DPA reporting thresholds focus primarily on extremely large training runs and compute clusters, which currently involve a handful of major labs and cloud providers. However, startups using or fine-tuning those models, selling into government, or operating in regulated domains will still face procurement-driven and sector-specific requirements. If you build on top of frontier models or host computing resources that cross certain thresholds, the compliance obligations cascade to you through your supply chain and customer contracts.

Q4: What should my organization do now to prepare for future AI rules?

Start with practical steps: create an AI system inventory across your organization, appoint cross-functional AI leadership (not just IT), adopt a basic AI risk management framework, and ensure documentation of training data, testing procedures, and human oversight mechanisms. Monitor publications from OMB, Commerce, DOL, and NIST over the next 12–24 months to stay ahead of emerging guidance. Building this governance infrastructure now is far cheaper than retrofitting it after enforcement begins.

Q5: How do export controls affect AI research collaborations with foreign partners?

Collaborations involving controlled hardware, sensitive dual-use ai models, or partners in "countries of concern" (currently China, Hong Kong, and Macau) may require export licenses or be prohibited outright. Organizations engaged in international ai research should work closely with export control counsel, classify their compute and models against current BIS regulations, and design projects to comply with both current and anticipated Commerce rules. Open source ai and open weight ai models raise particular questions about distribution and access controls that are still being refined through rulemaking.

Your Friend,

Wade