The Limits of Export Controls in the Age of AI Capabilities

The Regulatory Mismatch: Goods vs. Capabilities

The recent dispute between the US Department of Commerce and Anthropic over the Mythos 5 model underscores a growing friction in technology policy. Traditional export control frameworks, such as the Export Administration Regulations (EAR), are built on the assumption that controlled items—physical goods or software—move across borders.

However, frontier AI models are increasingly deployed as cloud-based services. The model weights remain on domestic servers, while the capability is accessed globally via APIs. This creates a regulatory gray zone where the government attempts to apply "deemed export" logic—treating access by foreign nationals as a transfer of technical knowledge—to systems that do not fit traditional definitions of exportable technology. The Commerce Department's eventual decision to grant specific licenses for "trusted partners" suggests a shift toward managing access rather than blocking the technology entirely, yet it leaves the underlying legal ambiguity unresolved.

The Shift Toward User-Centric Governance

This episode signals a profound evolution in governance philosophy: policymakers are moving away from regulating AI artifacts (weights, code, hardware) toward regulating AI use. This shift forces private firms into the role of de facto gatekeepers, tasked with monitoring user intent, identifying potential misuse, and intervening in real-time.

This delegation of authority creates significant challenges:

Technical Imperfection: The expectation that frontier models can be made "jailbreak-proof" is unrealistic. A governance regime predicated on perfect technical control risks stifling innovation.
Incentive Misalignment: Firms are forced to balance commercial interests with national security mandates, often without clear guidance on what level of diligence is legally required.
Sustainability: Relying on ad-hoc, reactive interventions—like the initial block on Mythos—is unsustainable. A more robust approach requires layered defenses, including transparency mechanisms, user vetting, and collaborative government oversight, rather than the blunt instrument of export controls.

The Future of AI Governance

The Mythos controversy serves as a "canary in the code mine." As AI capabilities become more powerful and scalable, the distinction between exporting technology and providing access to it will continue to erode. Policymakers must eventually decide whether to continue stretching 20th-century legal authorities or develop a new governance architecture specifically designed to regulate the dynamic, service-based nature of AI capabilities.

The Regulatory Mismatch: Goods vs. Capabilities

The Shift Toward User-Centric Governance

The Future of AI Governance

More from AI Policy & Regulation

The Emergence of a De Facto AI Licensing Regime in the US

EU Debates Child Safety: Age Limits and Enforcement Challenges

Private AI Governance is No Substitute for Public Law

Moving Beyond Declarations: Building Global AI Governance Architecture