Among the many considerations for building, operating, and monetizing data centers, a vital aspect is whether the data center owners and customers will be able to export to—and use within—a non-US data center competitive hardware and software, namely the advanced semiconductors used in training and running large-language models.
These exports are often subject to US export controls, the current status of which, and the enforcement trends behind them, will drive item availability and commercial success. Even more critical for owners and customers to track will be the geopolitical and national political trends that will impact whether and under what conditions the United States will license exports of controlled items or technology—or assert extraterritorial jurisdiction over things made entirely outside the country but with US technology.
To walk a path that empowers the data center to take advantage of current, and maybe future unexpected, opportunities while protecting inherently subjective decisions around compliance risk from later criticism or investigation, data centers should consider taking several practical steps, including the following:
- Draft commercial contracts with US export controls already in mind: When building out data centers, if the equipment to be used will be owned by the data center then leased to customers, make certain that the equipment lease includes a clearly defined and agreed process for when decisions will be made on equipment and who will be responsible for ensuring that the exporters have all of the information and commitments required to obtain licenses for export.
- Monitor US export controls during controlled items’ lifespans: Be cognizant that US export controls may apply during the entire lifecycle of an integrated circuit—import, use, in-country transfers, storage, disposal, etc.
- Broaden focus beyond item-based export controls: While these controls will always be part of the export controls landscape, the types of controls increasingly driving Bureau of Industry & Security (BIS) guidance and enforcement are catchall end-use and end-user controls, including those emphasized by BIS in its May 2025 guidance related to data centers (and in the national security justifications for the item-based controls previously adopted).
- Don’t take false comfort in boilerplate clauses and self-certifications: Given the large volume of transactions in global trade every day, many risks will necessarily need to be managed to the extent possible through contractual clauses and self-certifications (e.g., end-use or end-user statements based only on a counterparty’s signature). But note recent enforcement actions show how such boilerplate language cannot by itself overcome other indicia of export control violations.
- Implement risk-based solutions to enhance compliance programs: Ensuring compliance with US export controls will necessarily involve many subjective judgments about facts and risks—many of which will be, by their very nature, wrong.
- Data centers may wish to consider ensuring that any export controls compliance program they adopt include specifically a “high probability” protocol that can at least provide a conceptual mooring around which to apply subjective judgment consistently across a standardized set of criteria.
For a more fulsome discussion of these practical steps for data centers to take regarding export controls compliance, see our recent Insight.
For even more insights, please visit our dedicated data centers industry and international trade and national security pages.