Key US Export Controls Considerations for Global Data Center Projects

Data centers, their customers, and their suppliers find themselves on the front lines of national security laws, expected to maintain US national security guardrails through risk-based compliance and due diligence in exchange for accessing export-controlled items and technology. Through connecting the dots between current regulations, geopolitics, and enforcement trends, some practical steps emerge to help data centers meet these expectations by identifying, assessing, and effectively managing their compliance and enforcement risks under US export controls.

Among the myriad considerations for building, operating, and monetizing data centers, a critical factor has been whether data center owners or customers will be able to export to, and use within, a non-US data center competitive hardware and software, principally the advanced semiconductors necessary to train or run large-language models (LLMs).

These exports are often subject to US export controls. Which controls apply and the enforcement trends behind them drive item availability and commercial success. Even more important are the geopolitical and national political trends that will impact whether and under what conditions the United States will license exports of controlled items or technology or assert extraterritorial jurisdiction over things made entirely outside the United States but with US technology.

US EXPORT CONTROLS APPLICABLE TO DATA CENTER HARDWARE & SOFTWARE

Generally speaking, US policy has been to take what former National Security Advisor Jake Sullivan called a “small yard, high fence” approach. This approach sought to balance American commercial interests against an increasing insecurity in Washington around surrendering advantages in “frontier” AI models that required leading-edge technology to develop.

Pursuant to this approach, many of the items necessary for a data center to allow its customers to develop or run advanced AI models today are subject to US export controls, including “supercomputers,” advanced-computing integrated circuits (ICs) and anything containing them (e.g., certain graphics processing units (GPUs)), certain high-bandwidth memory, and certain servers. Electronic design automation (EDA) software was also temporarily subject to US export controls during the back-and-forth trade negotiations between the United States and China in 2025.

At the end of the Biden administration, the United States had adopted broader controls collectively referred to as the Framework for Artificial Intelligence Diffusion (often called the AI Diffusion Rule). Above and beyond preexisting controls over certain items, the AI Diffusion Rule imposed a global rationing regime (similar conceptually to what the Allied Powers eventually imposed in the First World War) that allowed US hyperscalers and certain US-allied countries access to far greater total processing power (TPP, calculated via a metric adopted in the regulations) than other countries, while arms-embargoed countries remained under a license review “policy of denial” for controlled items.

Today, these regulations are caught in a regulatory purgatory. In May 2025 the current administration previewed that it would—at some point in the future—formally rescind these regulations. Pending their rescission, it also stated that it would not be enforcing them. As of the date of this publication, however, the administration has yet to rescind the AI Diffusion Rule, which is still “on the books” in the code of federal regulations.

Should this or a later administration change enforcement priorities and decide to enforce these regulations anew, nothing would prevent it from doing so. Parties to data center–related exports should accordingly be weary of relying entirely on the current policy of nonenforcement for long-term planning.

HOW SEVERAL AI DIFFUSION RULE CONCEPTS LIVE ON

This is especially so because many of the concepts from the AI Diffusion Rule have lived on in other, more narrowly applied forms. The current administration has in practice applied, on a bilateral or case-specific basis, many of the same enhanced controls and know-your-customer (KYC) requirements that the AI Diffusion Framework would have imposed as conditions for accessing greater TPP.

For example, in publicly announcing an authorization for certain Middle Eastern countries—that would not have had access to the highest level of TPP under the AI Diffusion Rule—the administration stated that any licenses would be subject to “rigorous security and reporting requirements.”

Similarly, in implementing the administration’s change to the license review policy for the export of certain chips to China from a policy of denial to a policy of case-by-case review, the Bureau of Industry & Security (BIS) published guidelines for such review that conditioned license approval on, among other things, exporters’ requiring KYC screening by ultimate recipients of these chips to vet their own customers and end-users as a means to include screening to prevent any unauthorized third parties—particularly those on US prohibited lists or tied to foreign militaries—from gaining remote access to the exported chips.

The requirements also include an express reminder that end-use and end-user prohibitions still apply (e.g., for miliary, military intelligence, ballistic missiles, or UAV end-users). Whether those controls are not strong enough or are so strong as to make sales effectively impossible is being hotly debated today across industry, the US Executive Branch, and the US Congress.

The administration has stressed through several policy initiatives that US national security and commercial interests are actually both served by promoting the American “AI stack” for export. These initiatives should not however be mistaken for a determination that there are no longer any controls or limitations. This is not a Black Friday selloff of leading-edge server racks.

For example, America’s AI Action Plan, issued by the White House in July 2025, includes several security and enforcement objectives alongside commercial ones, including that BIS should have better access to the US intelligence community to develop and pursue leads. And in soliciting public comment on a new process for promoting an “American AI Exports Program,” the Commerce Department will require that any consortia seeking to develop and export an “American AI Technology Stack” demonstrate how proposals will need to address how they “comply with United States export control regimes, outbound investment regulations and end user policies.”

These controls should be expected to be meaningful, with perhaps the above-discussed conditions for case-by-case review of authorizing certain exports to China serving as a guidepost for what industry should anticipate.

All the above is occurring in the context of a broader policy debate that includes, most recently, bipartisan proposals to give the Congress a veto over certain chip sales to either China or other countries considered by the proposed legislation’s sponsors to pose threats to US national security.

THE BROADER ENFORCEMENT TRENDS IN THE BACKGROUND

The actual impact of the above controls—and the risks that they pose to operations, reputation, and personal and corporate liability—turn very much on broader enforcement trends underway:

‘High Probability’ Enforcement

The most important trend underway is an increased emphasis by BIS on the full definition of “knowledge” under US export controls.

Some US export controls are “strict liability” in the sense that a party’s “knowledge” of the violation does not matter. These include “item-based” classifications—quite literally the “fence” that US policy has erected around the small yard—and certain catchall provisions, for example the prohibition on unlicensed export transactions involving a party on BIS’s Entity List.

But other aspects of the US export controls do turn on a party’s “knowledge,” including the other catchall provisions applicable to certain end-use and end-user restrictions—exactly those that were highlighted in the new case-by-case policy above.

And “knowledge” is defined—and has been since 1996—to include not only “actual knowledge” but also “reason to know” and “an awareness of a high probability.” A July 2025 BIS settlement with an exporter, in parallel with a criminal guilty plea agreed with the US Department of Justice, imposed a $140 million corporate penalty for a series of violations based on the exporter’s “reason to know, including an awareness of a high probability”—the first of its kind to do so.

In practice, this means that where a party to a US export transaction becomes aware of a “red flag” indicating the risk of diversion, exporting (without a license) before conducting risk-based due diligence to mitigate that “red flag” where possible.

General Prohibition 10

Further, BIS is emphasizing General Prohibition 10, which significantly expands the types of activities that are subject to US export controls where there is “knowledge”—broadly defined as indicated above—of a past, present, or future violation.

Specifically, General Prohibition 10 states “You may not sell, transfer, export, reexport, finance, order, buy, remove, conceal, store, use, loan, dispose of, transport, forward, or otherwise service, in whole or in part, any item subject to the EAR and exported, reexported, or transferred (in-country) or to be exported, reexported, or transferred (in-country) with knowledge that a violation of [US export controls] has occurred, is about to occur, or is intended to occur in connection with the item.”

This is the part of US export controls that creates risk in unexpected ways for parties that do not otherwise consider themselves to be in the export business, for example, financial institutions making export loans where the collateral is accounts receivable from counterparties. For data centers and their customers, almost any one of the above actions would apply to the lifecycle of GPUs or other controlled equipment.

Foreign Direct Product Rules

The United States also asserts jurisdiction over not just items designed or made in the United States but also items designed and manufactured entirely outside of the country through the use of US technology. Through these foreign direct product (FDP) rules, of which there are more than a dozen, the US export controls would be violated if an item made with US technology were exported, reexported, or transferred in-country without a US license—even if the item itself never entered the United States.

The FDP rules apply to specific circumstances, sometimes to specific countries, to specific parties, or to specific items, and sometimes to a combination of the above.

CONNECTING THE DOTS: BIS GUIDANCE & POLICY DOCUMENTS

In the same May 2025 press release previewing an eventual rescission of the AI Diffusion Rule, BIS announced the release of three important guidance and policy documents that specifically connected the dots between data centers and the three key enforcement trends—high-probability enforcement, General Prohibition 10, and the FDP rules—identified above.

In “Guidance on the application of General Prohibition 10 (GP10) to People’s Republic of China (PRC) Advanced-Computing Integrated Circuits (ICs),” BIS advised that:

• For certain integrated circuits sold in China, a US FDP rule will “likely” require a US export license because “there is a high probability that a BIS license was required during the design and production of such” ICs.
• General Prohibition 10’s restricted “activities” include the “use” of such ICs, which if done without authorization (i.e., a US export license) “could include substantial criminal and administrative penalties, up to and including imprisonment, fines, loss of export privileges, or other restrictions.”

In a “Policy Statement Regarding AI Models and Certain Catch-All Provisions (WMD and Military Intelligence),” BIS warned industry, especially operators of foreign data centers with Chinese customers, that “access to advanced computing [ICs] and commodities subject to the EAR for training AI models has the potential to enable military-intelligence and weapons of mass destruction (WMD) end uses in” arms-embargoed (i.e., D:5) countries including China. BIS specifically highlighted the broad definition of “knowledge” in the catchall controls that require a license for any item subject to US export controls for those end-uses.

Finally, BIS issued new “Industry Guidance to Prevent Diversion of Advanced Computing Integrated Circuits” in which BIS reemphasized the national security determinations underlying the controls: “BIS has determined that advanced computing ICs have the potential to enable military-intelligence and weapons of mass destruction (WMD) end uses,” including nuclear weapons, hypersonic missiles, and cognitive electronic warfare.

BIS next listed two lists of “red flags” relevant to due diligence, i.e., to evaluate whether “red flags” create “knowledge” of a US export controls violation:

• Eleven New Transactional and Behavioral Red Flags, which include:
  • “The ultimate delivery or installation address is unknown. You are unable to determine whether the headquarters of the customer or its ultimate parent is located in a destination specified in Country Group D:5 (including China) or Macau, or the customer refuses to disclose or provides incomplete information about the location of its headquarters or ultimate parent company.”
  • “The data center to which the advanced ICs and/or commodities containing such ICs are being exported does not or cannot affirm it has the infrastructure (e.g., power/energy, cooling capacity, or physical space needed to run servers containing advanced ICs) to operate the advanced computing ICs and/or commodities that contain such ICs.”
  • “The customer providing Infrastructure as a Service (IaaS) does not or cannot affirm that users of its services are not headquartered in the PRC, whether or not such customer is located inside or outside of China and Macau.”
• Seven Due Diligence actions that “companies should take for new customers, as well as evaluating IaaS providers, involved with the export or use of advanced computing ICs and/or commodities that contain such ICs subject to the EAR,” including:
  • “Evaluate data centers to determine whether they have the infrastructure to operate servers containing advanced ICs greater than 10 megawatts. Data centers at or above this threshold merit additional scrutiny as they may be able to provide access to a large quantity of advanced computing ICs for training AI models for or on behalf of parties headquartered in countries of concern, where such activities may support WMD or military-intelligence end uses/end users.”

What to make of all of the above?

The overall trendline is to promote the export of American technology and equipment as the foundation for the AI data center industry. But the previewed recission of the AI Diffusion Rule was ushered in an undertow of risk- and knowledge-based restrictions intended to preserve US national security interests by maintaining some form of a technical advantage—even if the small yard was made slightly smaller.

But in connecting the dots across the above regulations, geopolitics, and enforcement trends, some practical steps emerge that can help data centers to identify, assess, and effectively manage their compliance and enforcement risks under US export controls.

PRACTICAL STEPS FOR GLOBAL DATA CENTERS

Data centers and their customers are today’s national security “first responders,” expected to maintain US national security guardrails through risk-based compliance and due diligence.

At the same time, there are no comprehensive economic sanctions or embargoes on the sale of all technology, or on the access to data centers for any purpose, to China, indicating that there is a path to be walked—but to be walked carefully and deliberately.

Non-US data centers should consider taking the following steps to walk this path:

• Ensure that US export controls are anticipated in commercial contracts: When building out data centers, if the equipment to be used will actually be owned by the data center then leased to customers, be sure that the equipment lease at least includes a clearly defined and agreed process for when decisions will be made on equipment and who will be responsible for ensuring that the exporters will have all the information—and commitments—they need in order to obtain licenses for export.
• Monitor US export controls during controlled items’ lifespans: Appreciate that US export controls could apply during the entire lifecycle of an IC: import, use, in-country transfers, storage, disposal, etc.
• Don’t focus only on item-based export controls: These controls are always going to be part of the export controls landscape. But the types of controls increasingly driving BIS guidance and enforcement are catchall end-use and end-user controls, including those that BIS emphasized in its May 2025 guidance related to data centers (and in the national security justifications for the item-based controls previously adopted).
• Don’t take false comfort in boilerplate clauses and self-certifications: Given the huge volume of transactions in global trade every day, many risks will necessarily need to be managed as best as possible through contractual clauses and self-certifications (e.g., end-use or end-user statements based only on a counterparty’s signature). But recent enforcement actions demonstrate how such boilerplate language cannot by itself overcome other indicia of export control violations. And as the world economy continues to dis-integrate, counterparties may be subject to conflicting laws that make it unfeasible to comply with all of the laws of the countries that might have a claim to jurisdiction over the item, the transaction, or the technology involved.
• For example, customers in China may not be able to contractually acknowledge that US export controls apply to them. A potential solution is to ensure, without endorsing any specific country’s legal regime, that each party agrees to share accurate information necessary for the other to ensure its own compliance with laws that might apply to it—but this of course introduces unwelcome uncertainty into the contract.
• Anticipate that end-use certificates or statements from counterparties are still necessary but may not be sufficient to overcome “red flags”—especially those indicating “an awareness of a high probability” of a violation—on their own. Data centers will need to think holistically (and creatively) to identify and evaluate other datapoints that might be a more reliable indication of whether US export controls are being violated, particularly related to end-uses or end-users.
• Find risk-based solutions to enhance compliance programs: Data centers are not the police, nor are they even financial institutions. Ensuring compliance with US export controls will necessarily involve many subjective judgments about facts and risks—many of which will be, by their very nature, wrong.
• To best protect themselves, data centers should consider ensuring that any export controls compliance program they adopt include specifically a “high probability” protocol that can at least provide a conceptual mooring around which to at least apply subjective judgment consistently across a standardized set of criteria.

LOOKING AHEAD

For global data centers to walk a path through these turbulent and expected geopolitical times, it is necessary to design and implement an export controls compliance program that expects, rather than merely reacts to, risk and grounds inherently subjective assessments of risk in a repeatable, documented, and defendable process for decision-making. Doing so is the only way to gain a sense of agency—even without any illusion of control or consistency—and empower the business to achieve commercial objectives while maintaining a deliberate compliance footing.

To read the latest thought leadership and insights into the evolving data center landscape, please visit our dedicated data centers industry and international trade and national security pages.