Navigating New US AI Controls: Practical Guidance and Case Study for Companies in “Middle Tier” Countries

January 29, 2025 – On Jan. 13, the U.S. Department of Commerce announced a new AI regulatory framework (in the form of an interim final rule) that enhances controls on certain advanced computing chips and AI model weights while adding new license exceptions and revising the process for obtaining Data Center Validated End-User (VEU) Authorization.

The new rule adopts a global rationing system — similar to that adopted by the Allied Powers in the First World War — that puts countries into three buckets: (1) a U.S.-led group with practically unrestrained access to advanced U.S. technology; (2) China, Russia, Iran and other arms-embargoed countries with no access; and (3) dozens of countries in what we will call the “middle tier,” subjected to cumulative, countrywide caps on total processing performance (TPP)¹ for operators within those countries that don’t hold VEU Authorization. These middle-tier countries include, for example, India, Israel, Poland and the United Arab Emirates.

This puts companies headquartered in a middle-tier country at a significant disadvantage, unless they can achieve a newly defined National Validated End-User (NVEU) certification from the Commerce Department’s Bureau of Industry and Security (BIS). We address in this client alert what such companies can do to achieve this.

Key Takeaways:

• Middle tier companies can unlock access to more than six times the TPP otherwise authorized for their entire country if they can achieve NVEU certification. If they fail to do so, the new rule has started a race between them and other in-country importers for the available quota.
• NVEU certification requires taking a fresh look at compliance programs and reassessing business with arms-embargoed countries.
• NVEU certification also requires understanding and applying the new national security paradigm — the “high probability” standard — to compliance because NVEU certification requires adherence to both old and new regulations that apply the standard.
  • These include long-standing U.S. catch-all prohibitions against sales to military or military intelligence end users, the U.S. Treasury Department’s outbound investment rule, and any rules under the Commerce Department’s Information Communications Technology Services (ICTS) regime.

Analysis

Geopolitical Context

As noted in the background discussion of the rule, advanced AI models pose considerable threats to U.S. national security and foreign policy and have the potential to unlock extraordinary economic and social benefits. Advanced AI is expected to increase global access to health care, education and food and to assist with addressing complex issues like climate change. But AI can also be directed by malicious actors toward sophisticated offensive cyber operations and human rights violations.

Overview

Recognizing both the promise and perils of advanced AI models, the “Framework for AI Diffusion” creates a pathway for data centers located in allied and non-arms-embargoed countries to increase the TPP of their cumulative installed base of covered advanced computing integrated circuits (ICs), provided that those companies also maintain verified, robust export control programs that adequately protect U.S. national security and commit to comply with U.S. outbound investment and ICTS rules — effectively voluntarily subjecting themselves to U.S. extraterritorial jurisdiction in exchange for access to the frontier of AI technology.

Effective Dates and Anticipated Reaction of the New Administration

As an interim final rule, it is effective as of Jan. 13. But the rule defers enforcement for 120 days to allow for public comment and includes a 365-day delay for certain data center security requirements.

As of the date of this client alert, some speculate that the new administration will welcome the rule’s promoting of U.S. business and observe that it effectively redirects, rather than limits, chipmakers’ sales of covered technologies.² There was, however, strong opposition from many U.S. companies to the rulemaking process and the new restrictions.³

Assuming the new administration maintains the updates to the Data Center VEU Authorization program and the significant rewards for embracing U.S. technology over that from China, given the current requirements, companies eager to qualify should begin to position themselves to do so now, given likely the substantial planning and compliance program enhancements necessary to qualify.

Updated Data Center VEU Authorization Program

Although the framework requires a license to export, reexport or transfer (in-country) qualifying advanced computing ICs and model weights to any end user wherever located, new license exceptions and VEU Authorizations have been created to facilitate transactions that pose a low risk. The presumptions applied to license applications and availability of exceptions and VEU Authorization vary depending upon the location in which the end user is headquartered and in which the AI computing power is located.

At one end of the spectrum are entities headquartered in any of 19 low-risk destinations.⁴ Those entities are eligible for License Exception AI Authorization⁵ and may apply for Universal VEU (UVEU) Authorization. Once approved as an UVEU, a company is permitted to receive any eligible items that will be used in specific data centers anywhere in the world, other than countries under a U.S. arms embargo or Macau,⁶ subject to certain quota limitations for installations in countries not included among the 19 low-risk destinations.⁷

At the other end of the spectrum are countries under a U.S. arms embargo (most notably China and Russia) and Macau. Companies and end users in those destinations are ineligible for license exceptions and VEU Authorizations, and their license applications are subject to a policy of denial.

Impact 

Entities in all other middle-tier countries are eligible for new license exceptions for certain exports for the “‘development,’ ‘production,’ or storage … prior to export, reexport, or transfer (in country) to the ultimate end user”⁸ or for exports or reexports up to 26.9 million TPP per year.⁹ License applications for those countries will be reviewed under a presumption of approval up to a per-country allocation of 790 million TPPs of cumulative installed base.¹⁰

However, companies in those countries may also apply for NVEU Authorization. NVEU Authorization allows the end user to receive all eligible items to be used in data centers, but unlike UVEU Authorization, the authorization is limited to each specific country for which authorization is sought and is subject to a per-NVEU, per-country cap on installed TPP. The cumulative per-NVEU, per-country allocation begins at 633 million TPP in the first quarter of 2025, gradually increases quarterly to just over 5 billion TPP by 2027 and, perhaps most importantly, is not subject to each country’s more restrictive per-country allocation.¹¹

Process and Requirements

Data centers headquartered in most countries are eligible to apply for either a UVEU or an NVEU Authorization. UVEU Authorization is reserved for certain low-risk countries — including Australia, Ireland and Japan — and NVEU Authorization is available to all other middle-tier countries, but not countries under a U.S. arms embargo (most notably China and Russia) or Macau.

To unlock the substantial benefits that accompany VEU status — including, with respect to the more broadly available NVEU, the ability to obtain substantially greater cumulative computing power as measured in TPP¹² — companies will need to invest in compliance and reconsider — and in many instances abandon — ties to China and other arms-embargoed countries, at least as it relates to AI. The “Framework for AI Diffusion” is very much designed to make VEUs choose between U.S. and China for supply of covered equipment and technology.

High Probability Standard

The lynchpin of achieving VEU status is the new national security paradigm, the “high probability” standard for awareness. This standard gives U.S. authorities leverage to challenge assertions of an absence of actual knowledge of disqualifying circumstances and political or business ties and requires companies to embrace the standard in designing or, where necessary, enhancing risk-based compliance programs to qualify. For example, to qualify as a VEU:

• A company — including all subsidiary and parent entities — would need to demonstrate freedom from any ties to military or military intelligence end users, referring to the general definitions of those terms under the U.S. Export Administration Regulations (EAR) (i.e., not limited to such users from embargoed countries), including research and development (R&D) agreements and “joint activities.”¹³
• A company would have to adhere to the same U.S. outbound investment rule¹⁴ issued by the Treasury Department on Oct. 28, 2024, as would a U.S. company. This rule further applies the “high probability” standard when evaluating the company’s “knowledge” of whether the outbound investment is prohibited, going beyond what might be actually known.¹⁵
• Additionally, VEU-qualifying companies must adhere to any rules issued under the Commerce Department’s ICTS program. Initial rules proposed under this program include adoption of the same “high probability” standard that exists under the EAR and the Treasury Department’s outbound investment rule, and the ICTS office has stated that future rulemaking will follow the framework established through early rulemaking.

Government-to-Government Agreement

Ultimately, for middle-tier countries, there will also need to be an as-yet-undefined government-to-government “arrangement” between the home government and the U.S., without which neither a local NVEU nor a UVEU looking to operate in the country could benefit from the rule.¹⁶

Summary

There are accordingly many challenges to achieving and maintaining NVEU status. But for companies willing to take a fresh look at their business relationships and ties and to incorporate the “high probability” standard into their own compliance programs, the benefits are game-changers for both NVEU-authorized companies and their home countries — especially vis-a-vis their commercial and geopolitical competitors.

Case Study

What does this new interim rule mean for a hypothetical company headquartered and operating data centers in one of the many countries eligible for NVEU Authorization?

Facts: Assume that Company Y is a company headquartered in Mumbai, India. Company Y wants to operate large-scale data centers in Kenya and Israel using advanced U.S.-origin AI computer chips. Company Y poses the following four questions:

1. Is Company Y eligible to apply for VEU Authorization?

Yes. Company Y is eligible to apply for an NVEU Authorization because Company Y is headquartered in India. The Commerce Department’s BIS specified that data centers that are headquartered, have an ultimate parent headquartered or are located in a country listed in Groups A, B or D:1-D:4 of Supplement No. 1 to Part 740 of the EAR, except Macau and countries under a U.S. arms embargo (Country Group D:5 of Supplement No. 1 to Part 740), are eligible to apply for NVEU status.¹⁷ Since India, where Company Y is headquartered, is listed in Country Groups A and B, Company Y is eligible to apply for NVEU status.

2. If Company Y obtains NVEU status, will Company Y be able to import U.S. computer chips for use in its data centers located in Kenya and Israel?

Company Y will need to obtain individual NVEU Authorizations for each country in which it operates, including Kenya and Israel. NVEU Authorizations are country-specific, meaning authorization to operate as an NVEU in one country does not constitute authorization to do so in any other country.¹⁸ This is unlike the UVEU Authorization, which grants the end user permission to operate in multiple countries without obtaining additional validated end-user authorizations.

3. What are the advantages to obtaining NVEU Authorization?

Data centers with NVEU Authorization gain two primary advantages over data centers without VEU status.

• First, NVEUs can purchase significantly greater quantities of U.S. AI technology than data centers that do not have VEU Authorization. To provide predictability, BIS laid out the amount of TPP certain end users may install for the time period of 2025 through the end of 2027. NVEUs receive a per-company, per-country installed base allocation of TPP each quarter, starting with 633 million in Q1 2025 and climbing cumulatively to a maximum of five billion in Q1-4 2027.¹⁹ Conversely, data centers that do not have a VEU Authorization must qualify for a license exception or submit to the traditional license application process, which, for the entire 2025 to 2027 period, affords a cumulative maximum installed base allocation of 790 million TPP for all end users within the entire country during this three-year period, approximately a mere 15% of the cumulative five billion available to individual NVEUs.²⁰
  • For non-VEUs, this per-country cap means that the interim final rule is the starting gun on a race to secure a piece of the quota. Late movers or startups could face a situation where there is no more available space under the cap. Once the cap is hit, only NVEUs (up to their per-company limit) and UVEUs will be able to receive more.
• Second, NVEUs will likely be considered more attractive buyers to exporters and receive priority access to AI technology. After receiving NVEU Authorization, the data center will be publicly listed as an NVEU in the EAR, putting exporters on notice that the data center is readily able to purchase and receive large orders in a particular country, as opposed to data centers that might still need to undergo the license application process and are limited to placing smaller orders.

4. How can Company Y ensure that it submits a strong application?

Company Y must enhance its export control training program and compliance program to meet the high standards dictated in Supplement No. 10 to Part 748 of the EAR. The stringent conditions for approval bear the spirit of the guidance BIS released at the end of 2024, wherein BIS emphasized that companies without sufficient controls would not only be accountable for evasion it knew of but also for that which had a “high probability” of occurring.²¹ Data centers should accordingly consider developing and implementing a methodology for identifying transactions carrying a “high probability” of diversion and, for such transactions, ensuring that risk-based, enhanced due diligence is undertaken. To that end, Company Y can begin by incorporating the following measures:

• Acceptable use policies. BIS established acceptable and unacceptable uses for U.S.-origin AI technology. To qualify for NVEU status and remain in compliance, Company Y should develop written policies that clearly state the countries in which Company Y can train certain AI models and store or transfer model weights. And given the high probability standard, Company Y should put controls in place that ensure personnel strictly adheres to those policies. For example, due diligence measures should be in place to ensure Company Y doesn’t hire third-party companies known for evasion. Company Y should also train personnel on identifying and reporting falsified documents, so AI listed as being stored in a permissible country isn’t actually being stored in Russia or China.
• Documentation, auditing and reporting requirements. Company Y should establish accurate recordkeeping processes to comply with BIS’s semiannual reporting mandate pursuant to which Company Y will need to disclose a complete facility-specific chip accounting for itself and all parent and subsidiary entities. Monitoring, evaluation and end-user due diligence must be continuous, and records must be maintained for five years. Records should document for all parent and subsidiary entities, among other details: (i) all AI items the data center receives, installs²² and transfers, including relevant dates²³ and quantities; (ii) current and potential customers;²⁴ (iii) ties with government and military organizations;²⁵ and (iv) the use of items subject to the EAR.²⁶
• Security requirements. Company Y should establish robust physical, cyber and personnel security measures. Such measures include but are not limited to (i) meeting ownership security standards to ensure there are no foreign ownership, control or influence factors related to Macau or an embargoed destination; (ii) assessing and preparing to disclose Company Y’s financial viability, counterintelligence concerns and any factors that demonstrate a capability of foreign interests to control or influence the company; and (iii) developing a supply chain risk management plan to limit certain equipment that originated in China from entering the data center’s environment and supply chain.²⁷

As noted above, Company Y will also have to design and implement controls to ensure compliance with U.S. rules that might not otherwise apply to its activities, including the catch-all export controls regarding military and military intelligence end users, the Treasury Department’s outbound investment rule, and the rules issued under the Commerce Department’s ICTS regime.

* * * *

While there are burdens to achieving NVEU certification, the consequences for middle-tier -headquartered companies of being left behind in the AI technology race by in-country competitors or by UVEUs operating in-country could be existential.

We have been anticipating the present trends in export controls enforcement for several years and have decades of experience helping companies to understand and navigate “high probability”-based enforcement regimes, such as the U.S. Foreign Corrupt Practices Act.

Please contact us to learn more about how we could help your company to navigate these dynamic and challenging geopolitical headwinds.