In a move to cement the US’s position as a global leader in artificial intelligence (AI), the Biden-Harris Administration has unveiled an Interim Final Rule on AI Diffusion. The policy hopes to improve national security and economic strength while ensuring the responsible global deployment of US AI technology.
According to a White House press statement, “In the wrong hands, powerful AI systems have the potential to exacerbate significant national security risks, including by enabling the development of weapons of mass destruction, supporting powerful offensive cyber operations, and aiding human rights abuses, such as mass surveillance. Today, countries of concern actively employ AI – including US-made AI – in this way and seek to undermine US AI leadership.”
The Interim Final Rule builds on previous export controls introduced in October 2022 and October 2023. It was developed through extensive engagement with industry leaders, bipartisan lawmakers, and international allies.
Key Provisions of the AI Diffusion Rule
The rule streamlines licensing for chip exports raises AI security standards and establishes mechanisms to distribute US technology worldwide responsibly. It also introduces guardrails to limit access by countries of concern.
Six core mechanisms underpin the policy:
- Unrestricted Sales to Key Allies: Chip sales to 18 allied nations will remain unrestricted, enabling seamless purchases for nations with robust security and technology alignment with US interests.
- Streamlined Low-Risk Orders: Orders involving up to 1,700 advanced GPUs—commonly used by universities, medical institutions, and research entities—will bypass licensing requirements, expediting shipments for non-sensitive purposes.
- Universal Verified End User (UVEU) Status: Entities in allied nations meeting stringent security standards can obtain UVEU status, allowing them to place up to 7% of global AI computational capacity in other countries while keeping cutting-edge development within the U.S.
- National Verified End User (NVEU) Status: Trusted entities outside the UVEU framework can purchase computational power equivalent to 320,000 advanced GPUs over two years, supporting local and regional AI initiatives without compromising security.
- Non-VEU Purchases: Organizations outside close ally networks can buy up to 50,000 advanced GPUs per country, ensuring access to U.S. technology for essential services like healthcare and telecommunications.
- Government-to-Government Agreements: Nations aligning their technology security and AI governance efforts with U.S. standards can double their chip purchase caps to 100,000 GPUs, fostering an international ecosystem of shared values.
Targeting Misuse by Adversaries
The rule intensifies restrictions on countries of concern, aiming to thwart their efforts to misuse advanced AI systems. Key measures include:
- Ensuring that advanced semiconductors sold abroad are not used to train adversarial AI systems.
- Limiting the transfer of model weights for closed-weight AI models to non-trusted actors while safeguarding open-weight model research.
- Setting stringent security standards for storing and using advanced AI models to prevent illicit access.
All or Nothing
“One of the most frustrating things about decrees from any administration is that they tend to be all or nothing. Regulations are needed. However, they should be on access, monitoring, and the usage of AI,” says Kris Bondi, CEO and Co-Founder of Mimoto.
“While I agree that the use and protection of AI is critical for U.S. national security and economic strength, this form of isolationism will undermine innovation. Not every advancement is produced on US soil. Instead of protecting, the bubble it will create will limit the ability to evolve and compete on a global scale,” she adds.
Maintaining US, Allied Dominance
According to Casey Ellis, Founder of Bugcrowd, the rule reflects the broader consensus in Washington that AI is establishing itself as a “Great Power” technology. Maintaining US and allied dominance in this sphere is key to sustaining the US’s position as a global superpower. The Rule’s emphasis on not offshoring this critical technology highlights the strategic importance of AI in shaping future economic and geopolitical power dynamics.
“Historically, America’s edge in AI and semiconductor technology has come from its ability to innovate rapidly and compete globally. Overly restrictive export controls risk alienating allied nations and preventing US companies from accessing critical markets, potentially weakening America’s technological dominance,” Ellis added.
“That said, the need for strategic restrictions remains clear, particularly to prevent adversaries like China or Russia from weaponizing advanced AI capabilities against the US and its allies. The challenge lies in precisely applying these restrictions—narrowly targeting high-risk technologies—without undermining broader economic opportunities or innovation.”
AI’s capabilities can serve civilian and military purposes, creating immediate national security implications that justify government oversight. “The current approach bears a strong resemblance to the export control regulations imposed on cryptography, where safeguarding national interests while enabling innovation became a critical balancing act,” Ellis explained.
Balancing Sharing and Security
The rule hopes to strike a balance between protecting advanced AI capabilities and maintaining technological leadership, commented Stephen Kowski, Field CTO at SlashNext. “Given the increasing sophistication of cyber threats and potential misuse of AI systems, securing AI infrastructure and computing resources is crucial. Strong controls on AI chip exports can prevent advanced capabilities from being used in ways that compromise security or enable malicious activities.”
Kowski says technology sharing must be balanced with robust security controls and verification systems to prevent misuse. Smart partnerships with trusted allies can boost innovation while maintaining critical safeguards against threats. “The key is implementing precise, targeted controls rather than broad restrictions.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.