The deemed export rule treats the release of export-controlled technology or source code to a foreign national inside the United States as if it were an export to that person’s home country, even though nothing crosses a physical border. For AI research groups, this means that giving a foreign-national graduate student or postdoc access to certain model weights, training code, or restricted technical data can itself require a federal export licence.
A deemed export is any release of “technology” or “technical data” — controlled under the Export Administration Regulations (EAR) or the International Traffic in Arms Regulations (ITAR) — to a foreign person physically present in the United States. The doctrine is old; its application to frontier AI systems is new, and it now collides with university research practice.
- What is the deemed export rule?
- How the fundamental research exclusion applies to AI research
- When AI models, weights and training infrastructure trigger a deemed export
- US deemed export rules vs the EU AI Act research exemption
- Compliance steps for universities with foreign national researchers
- Frequently asked questions
- Implications and outlook
What is the deemed export rule?
Under 15 CFR 734.13(b) of the EAR, releasing controlled technology or source code to a foreign person in the United States is “deemed” to be an export to that person’s country of nationality. The Bureau of Industry and Security (BIS), the Commerce Department agency administering the EAR, names universities and high-technology research institutions as typical deemed-export-licence users, alongside biochemical, medical and computer-sector organisations.
A “release” can occur through conversation, email, or lab access that lets a foreign national read or modify controlled source code — no shipment is required. Permanent residents, US citizens, and “protected individuals” under US immigration law are exempt; most international graduate students and postdocs on visas are not.
How the fundamental research exclusion applies to AI research
Most university AI research avoids deemed export licensing through the fundamental research exclusion at 15 CFR 734.8. Fundamental research is basic or applied research in science and engineering where the resulting information is ordinarily published and shared broadly, with no restrictions on foreign-national participation and no government-imposed access controls.
The exclusion is conditional, not automatic. It fails where:
- Results are restricted for proprietary or commercial reasons, such as a sponsorship agreement with a publication-delay clause.
- The funding agreement imposes access or dissemination controls, which some defence-adjacent AI grants do.
- The activity involves direct transfer of a controlled item — hardware, software, or source code — rather than an exchange of research information.
Information already publicly available, including open-access papers and public code repositories, is separately exempt from EAR licensing.
When AI models, weights and training infrastructure trigger a deemed export
Using a publicly available AI chatbot or API is not, by itself, a release of controlled technology. Risk rises when a foreign national gains access to model architecture details, training methodologies, or model weights covered by an Export Control Classification Number (ECCN) on the Commerce Control List, or to advanced computing hardware BIS has specifically controlled.
BIS tightened advanced-computing controls in its October 2022 Interim Final Rule, amended October 2023, then went further in January 2025 with a Framework for Artificial Intelligence Diffusion rule that, for the first time, extended export-control treatment to certain closed-weight AI model parameters, not only training hardware. Disclosing weights, architecture specifications, or training-cluster configuration for a covered model to a foreign-national researcher can itself be a release event.
Much of this tightening is explicitly framed around china ai regulation concerns — restricting frontier compute and model know-how flowing to entities on the BIS Entity List. Nationality alone does not create liability; nationality plus access to a controlled item, combined with funding or sponsor restrictions, does.
US deemed export rules vs the EU AI Act research exemption
Institutions with EU partnerships increasingly ask how the US doctrine compares with the European approach. The EU AI Act — Regulation (EU) 2024/1689 — takes a structurally different route: rather than controlling technology transfer by nationality, it excludes AI systems and models developed and used exclusively for scientific research from most of the Act’s obligations, under Article 2(6) and Article 2(8).
| Aspect | US deemed export rule | EU AI Act research exemption |
|---|---|---|
| Governing instrument | EAR, 15 CFR 734.13(b) and 734.8 | Regulation (EU) 2024/1689, Art. 2(6) & 2(8) |
| What triggers the rule | Release of controlled technology to a foreign person | Placing an AI system on the market or into service |
| Exclusion basis | Fundamental research intended for open publication | Research and development activity, prior to market placement |
| Administering body | Bureau of Industry and Security (Commerce Dept.) | National market surveillance authorities / EU AI Office |
| Nationality relevant? | Yes — central to the rule | No — exemption is activity-based, not person-based |
The distinction matters for compliance design: a US export control office manages deemed exports as a personnel and access-control question, while an EU research-exemption assessment is a product-lifecycle question. A model built for fundamental research at a US university may fall outside the AI Act exemption once deployed commercially — the two frameworks do not map onto each other cleanly.
Compliance steps for universities with foreign national researchers
Export control officers, research administrators, and AI lab principal investigators need a shared workflow before granting foreign nationals lab or system access:
- Screen every incoming foreign national against the BIS Entity List and the Treasury Denied Persons List before granting technical access.
- Classify the technology, dataset, or model against the Commerce Control List to determine whether an ECCN applies.
- Document the fundamental research exclusion in writing at project inception — funding terms, publication plans, and sponsor restrictions.
- Restrict access to controlled weights or training infrastructure until the export control office confirms licence status.
- Certify deemed export status accurately on Form I-129 for H-1B, H-1B1, L-1, and O-1A hires, as USCIS requires.
- Use the NIST AI Risk Management Framework to document AI system risk tiers internally — a defensible record, though not itself an export-control exemption.
Treat this as distinct from state ai laws, such as Colorado’s and California’s AI transparency statutes, which govern AI deployment to end users, not technology transfer to foreign persons — a university can comply with one and still be exposed under the other. Guidance from the Center for AI Standards and Innovation (CAISI), the Commerce Department body that succeeded the original AI Security Institute at NIST, can inform risk-evaluation methodology, though it is not itself an export-control determination. See CASRAI’s research administration resources for broader governance context.
Frequently asked questions
What are the criteria for a deemed export?
A deemed export occurs when controlled technology or source code is released to a foreign person inside the United States. The criteria: the item sits on the Commerce Control List or US Munitions List, the recipient is not a citizen, permanent resident, or protected individual, and no exclusion applies.
How can a university determine whether an activity is a deemed export?
A university’s export control office classifies the technology against its ECCN or USML category, checks whether the fundamental research exclusion applies, and confirms the researcher’s immigration status. If the technology is controlled, the researcher is a foreign person, and no exclusion fits, a licence is required before access.
Who is exempt from the deemed export rule?
US citizens, lawful permanent residents, and individuals granted protected individual status under US immigration law are exempt from deemed export licensing regardless of the technology involved. Most international students and postdocs on visas do not qualify for this exemption and depend instead on the fundamental research exclusion.
Does using a publicly available AI model trigger a deemed export?
No. Interacting with a publicly available AI model — a public API, chatbot, or open-weight release with no access restrictions — is not a controlled release under the EAR. Risk arises only when a foreign national gains access to restricted model weights, proprietary architecture details, or controlled training infrastructure not available to the public.
Implications and outlook
Export control offices built their playbooks around physical items and classified research; AI weights and training infrastructure do not fit that playbook cleanly. As BIS extends ECCN coverage into software and model parameters, universities running foreign-national-staffed AI labs face rising documentation burden even where no licence is ultimately required.
Expect continued divergence between the deemed export regime, EU AI Act research-exemption practice, and state ai laws — three separate compliance tracks addressing different questions. Research administrators who map these tracks now, rather than after an incident, will be better placed as controls continue to tighten.








