For years, the U.S. government restricted who could buy advanced NVIDIA chips overseas. Now it’s doing the same for the AI models themselves. A new set of Commerce Department rules treats the most powerful closed-source AI systems as controlled technology, complete with country tiers, licensing requirements, and strict limits on who can access them even from inside the United States.
To understand what’s changing, it helps to know two key terms. Frontier AI model weights are the billions of numerical parameters that make up a state-of-the-art model’s learned knowledge. Think of them as the compressed results of massive training runs, typically those consuming more than 10^26 computational operations. Under the new rules, these weights fall under export classification ECCN 4E091 if the model is closed-source and unpublished. That classification triggers licensing requirements that mirror those on advanced hardware.
Deemed exports are another critical concept. Under this principle, allowing a foreign national to access controlled technology inside the U.S. counts as an export to that person’s home country. That means a researcher in Boston with the wrong nationality could trigger the same compliance review as a server farm in Beijing.
How the Controls Actually Work
Countries fall into three buckets under the framework. Tier 1 includes the U.S. and close allies, so these nations face minimal barriers so long as they meet security conditions. Tier 2 covers most of the rest of the world, where access is metered through caps on total computing power and validated end-user agreements. Tier 3, which includes China and Macau, faces a presumption of denial for the most advanced chips and models. The tiered diffusion framework sets these levels based on alliance relationships and security risk rather than a simple enemy list. This isn’t a blanket ban on AI everywhere. It’s a calibrated dial.
Regulators made the threshold dynamic on purpose. They set a compute floor at 10^26 FLOPs, but that floor rises automatically as more powerful open-weight models release publicly. If an open model crosses a new capability boundary, the controlled threshold for closed models ratchets up with it. Open models themselves remain exempt, creating a strange parallel market where published weights circulate freely while their closed counterparts are locked down.
But the rules reach beyond direct exports. The Foreign Direct Product Rule extends U.S. jurisdiction to foreign-made chips or model weights if they were produced using American software, equipment, or technology. That extension closes the loophole of building an advanced model overseas with minimal U.S. inputs. Meanwhile, cloud providers and data center operators face cumulative compute caps in Tier 2 countries, plus requirements to validate who ultimately controls the hardware.
Access restrictions now hit closer to home. A June 2026 directive ordered Anthropic to suspend access to its Fable 5 and Mythos 5 models for all foreign nationals, including employees and visitors inside the U.S. Anthropic eventually disabled the models globally because it couldn’t reliably nationality-gate its APIs in time. That episode showed how deemed-export rules can scale from paper restrictions to sudden product shutdowns overnight.
The Real Difference Between Chips and Weights
Hardware limits have been in place since earlier rounds of chip restrictions, and they work by capping performance thresholds on GPUs like the H100. The idea is simple. If you can’t get enough advanced chips, you can’t train a frontier model. But limiting hardware is an indirect lever. It doesn’t stop a determined actor from using existing clusters abroad or renting cloud capacity through intermediaries.
Restricting the weights themselves pulls a different lever. Regulated chips stop you from building. Regulated weights stop you from using the most capable systems even if you didn’t train them yourself. The distinction matters for open-source advocates too. Because open-weight models are explicitly exempt, the rules create a powerful incentive structure. Labs can either keep their best models closed and deal with Commerce Department licensing, or publish the weights and sidestep the restrictions entirely. As commercial labs release new systems, that choice becomes more consequential.
Geography matters differently too. Older chip rules focused heavily on China and a short list of adversaries. The newer tiered system applies weight and chip restrictions more broadly, with metered access for much of the world. A business in Tier 2 might still get some capacity, but only up to a cap and only after security vetting. That reflects a shift from targeted embargoes to managed diffusion.
Who Feels It and What Comes Next
Compliance now falls on developers and labs first. They must build strict access controls around nationality, residency, and end-user verification. A startup using frontier APIs can’t simply sign up users globally without checking where those users are based. Data center builders face location math. Deploying in Tier 1 avoids headaches, while Tier 2 brings paperwork and hard limits on total installed H100 equivalents. Some companies may simply route investment toward friendlier jurisdictions.
Users and enterprises face a more fragmented market. The best closed models may become unavailable or legally risky in certain regions, pushing organizations toward open-weight alternatives that don’t carry the same compliance burden. That gap could widen if the dynamic threshold keeps climbing and more frontier systems fall under control.
Plenty of friction points remain unresolved. Regulators haven’t fully clarified how model outputs interact with existing technical data rules, which could mean that generated content triggers export control red flags in sensitive domains. Cloud rental and fine-tuning loopholes are still being patched. And the Anthropic case proved that deemed-export rules can scale from paper restrictions to sudden product shutdowns overnight.
The workforce angle is the one that strikes me most. When sharing login credentials with a foreign colleague in a San Francisco office counts as a deemed export, compliance stops being a shipping department problem and becomes an HR and engineering problem.
The U.S. is effectively building a nationality-based permission layer around the most powerful cognitive tools we’ve ever built. Whether that balance protects security or simply slows down legitimate research while open models catch up is the tension worth watching through the rest of 2026.
