ThinkSpace

AI, Export Controls, And You – December 18

On October 30, 2023, the Biden Administration issued its Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. You can read DWPA’s summary of the Order’s purpose and intent here. Below we explain what the Order’s language about “dual use technologies” could mean to your business.

Artificial Intelligence has been part of government contracting and consulting for decades. As of September 1, 2023, AI.gov lists more than 700 use cases across 19 departments. The U.S. Government Accountability Office’s December 12, 2023 report, Artificial Intelligence: Agencies Have Begun Implementation But Need to Complete Key Requirements, identifies more than 1200 current and planned uses in 23 departments. And the General Services Administration identifies over 1200 members from 60 agencies in its AI Community of Practice.

Generative AI (GenAI) promises to increase use cases as readily available tools make GenAI accessible, affordable, and powerful for government agencies and contractors.

The Biden Administration’s Executive Order renewed focus on how AI policy will impact competitiveness, intellectual property, privacy, and national security. A key impact for U.S. companies will be compliance with Export Controls as firms consider export constraints to develop, implement, and offer AI systems and tools. 

Key Things to Know

Robust export controls already exist in the US, in two ways. One is “defense articles and services” governed by the State Department’s International Traffic in Arms Regulations (ITAR). The other is control of “dual use” technologies with both commercial and potential national security uses, governed by the Commerce Department’s Export Administration Regulations (EAR).

It’s relatively straightforward to identify and apply controls to “defense articles and services” subject to ITAR. It’s in the area of dual use technologies that regulations are less well-known, and more ambiguity exists. These require vigilance on the part of companies to ensure compliance as they consider how to employ AI in their offerings.

A critical business question is what will be controlled?  Generally, dual use technologies are controlled by “item-based” controls like systems and hardware (e.g. CHIPS Act export direction impacting advanced semi-conductor release), or by “end-user” controls on countries, organizations, or individuals (e.g. the “Entity List”). But there is also a category of less well-understood controls that focus on the “end use” itself, and place obligations on exporters to have “knowledge” of what end users might do with the technology. These are end uses that could involve support of nuclear, missile or unmanned aerial vehicles, or chemical/biological capabilities.

The responsibility to abide by these controls and requirements for compliance is entirely on “US persons,” defined as both individuals and companies. There are substantial penalties, both criminal and civil, that apply to both.     

Call To Action For Companies

In addition to the existing export controls, the EO will almost certainly drive new rulemaking at both the Departments of State and Commerce. Future regulations combined with the fast-evolving AI landscape mean companies should carefully evaluate and address export controls as they bring new capabilities to market.

The best practice is normally to obtain expert export control and/or legal advice. The best risk management for companies at this point is to do this early to avoid risky and potential expensive impacts from export considerations.

To learn more contact Lou.Kerestesy@DWPAssociates.com.