AI Users – Beware of New Export Control Laws

Tuesday, August 06, 2019

Artificial Intelligence (AI) technologies are being used for many applications such as autonomous vehicles and Big Data analysis. Due to the potential national security implications, AI technologies may be subject to US export control laws and regulations.

In August 2018, Congress enacted two laws regarding technology export controls – the Foreign Investment Risk Review Modernization Act (FIRRMA) and the Export Control Reform Act (ECRA). A copy of both Acts is available here. While FIRRMA is more focused on foreign investments and joint ventures between US and foreign entities, ECRA is directed to general export controls regulations.

Currently, details of the ECRA are still under development. The most significant provisions regulate export of “emerging and foundational technologies” that are “essential to the national security of the US.” The Act does not however specify what constitutes “emerging and foundational technologies”.  In November, 2018, the US Department of Commerce’s Bureau of Industry and Security published proposed rules seeking public comment on the scope of “emerging technologies”.  A copy of the proposed rulemaking is available here.  Notably, AI is on the proposed list of “emerging technologies”.  Further, technologies “essential to national security” are identified as those technologies having potential conventional weapon, intelligence collection, weapon of mass destruction or terrorist applications, or technologies that can provide the US with a qualitative military or intelligence advantage.

Additionally, ECRA mandates export licenses for exports to countries subject to US embargoes including arms embargoes.  Since it has been subject to an arms embargo since 1989, China is among the list of countries impacted.  In other words, future exports of AI technologies to China are likely to be subject to strict governmental approval.

Regarding FIRRMA, the Act gives the Committee on Foreign Investment in the United States (CFIUS), which is chaired by the Secretary of the Treasury, the authority to review acquisition of US companies involving “controlled technologies” by foreign entities. The Act further authorizes CFIUS to review acquisitions of US companies by US entities that are controlled by non-US entities. “Controlled technologies” include technologies subject to International Traffic in Arms Regulations (ITAR) controllers and Export Administration Regulations (EAR). They may be further correlated to “emerging and foundational technologies”. While FIRRMA is being fine-tuned, the final regulation will be released in 2020.

A recent pilot program is adding to uncertainty.  In November 2018, CFIUS published a Pilot Program (expiring in March 2020) requiring a foreign investor to file with CFIUS if both of the following conditions are met. The first condition is that the US business being invested in involves  “critical technologies” as defined by FIRRMA, and it also needs to include “emerging and foundational technologies” as defined by ECRA. By way of example, AI is one such  critical technology. The second condition is that the critical technologies are designed for, or applied to, one of 27 industries designated by CFIUS. The list of the 27 industries is available here. The 27 industries cover a wide range of industries including electronics, computer manufacturing, semiconductor and related device manufacturing.

Although both Acts are still under development, it is reasonable to expect that in the near future exporting AI technologies is likely to be subject to stricter regulations and government scrutiny.