Client Alert

U.S. Department of Commerce Imposes Immediate Export Controls on Artificial Intelligence Software Used to Automatically Detect and Identify Objects Remotely

09 Jan 2020

On January 6, 2020, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) published an interim final rule amending the Export Administration Regulations (EAR) to place new restrictions on the export of certain software specially designed for automating the analysis of geospatial imagery and collections of data points.

This new rule sheds light on U.S. government concerns regarding the application of artificial intelligence (AI) to the analysis of increasingly available, large geospatial data sets, and the specific role it can play in remotely detecting and identifying objects of interest for military and intelligence purposes. The use of an emergency authorization to make these controls effective immediately also underscores the perceived urgency in controlling the transfer of this technology to non-allied countries. In addition to their impact on U.S. trade, the new restrictions will have important implications for reviews of foreign investment in U.S. companies by the Committee on Foreign Investment in the United States (CFIUS).

Key Takeaways:

1. BIS appears to have prioritized controls on this type of AI technology because of its potential military and intelligence applications. The scope of the new rule is quite narrow – it applies only to software that uses neural networks (a subset of AI) to detect and identify objects of interest (such as vehicles or houses) in geospatial imagery or “point clouds” (i.e., sets of defined data points, such as those produced in 3D scans). In addition to broader concerns about the transfer of advanced technology to non-allied countries, BIS’s decision to focus on this specific type of software is likely based on the significant national security implications associated with the ability to remotely and rapidly detect, identify, and respond to threats, and to collect other key intelligence information.

2. Use of the EAR’s emergency authorization highlights the Administration’s perceived urgency in controlling the transfer of this technology as an element of current U.S. national security and foreign policy. BIS imposed the new control in the Export Control Classification Number (ECCN) “0Y521” series, which enables BIS to place controls on previously uncontrolled items with immediate effect where the U.S. government determines that the items might provide a significant military or intelligence advantage to the United States.[1] BIS may use the 0Y521-series authorization to implement additional export controls without undergoing the notice and comment process typically required for federal rulemaking. Although the new rule is effective immediately, BIS is accepting comments until March 6, 2020, which may help inform additional rulemaking on AI and other emerging and foundational technologies.

3. Software covered by the new rule becomes part of the CFIUS “critical technology” definition. Under the CFIUS pilot program regulations and the proposed regulations issued in September 2019 implementing the Foreign Investment Risk Review Modernization Act (FIRRMA), the definition of “critical technologies” includes items subject to export controls under the EAR for reasons of “regional stability,” which is the basis for control of 0Y521-series items. Thus, a foreign person investing in a U.S. business that designs or produces software covered by the new rule will also need to evaluate whether the investment triggers a mandatory filing under the CFIUS pilot program regulations or otherwise implicates increased risk of CFIUS scrutiny of the investment.

4. Additional export controls are anticipated on “emerging and foundational” technologies implicating national security concerns. Concurrently with the enactment of the FIRRMA that significantly expanded CFIUS’s jurisdiction, Congress also passed the Export Control Reform Act, which requires the Commerce Department to identify and establish appropriate controls on the export of “emerging and foundational” technologies that are essential to the national security of the United States, but are not yet controlled under the EAR. To date, BIS has issued only one Advanced Notice of Proposed Rulemaking inviting comments on the scope of certain “emerging technologies,” including AI. It is expected that BIS will roll out additional regulations covering emerging and foundational technologies over time, rather than in a single rulemaking.

Scope of New Rule

The January 6 action by BIS amended the EAR to control the following software under ECCN 0D521, with immediate effect:

Geospatial imagery “software” “specially designed” for training a Deep Convolutional Neural Network to automate the analysis of geospatial imagery and point clouds, and having all of the following:

1. Provides a graphical user interface that enables the user to identify objects (e.g., vehicles, houses, etc.) from within geospatial imagery and point clouds in order to extract positive and negative samples of an object of interest;

2. Reduces pixel variation by performing scale, color, and rotational normalization on the positive samples;

3. Trains a Deep Convolutional Neural Network to detect the object of interest from the positive and negative samples; and

4. Identifies objects in geospatial imagery using the trained Deep Convolutional Neural Network[2] by matching the rotational pattern from the positive samples with the rotational pattern of objects in the geospatial imagery.

Technical Note: A point cloud is a collection of data points defined by a given coordinate system. A point cloud is also known as a digital surface model.

Software that falls under this ECCN will require a license from BIS before it can be exported outside the United States (except to Canada) or transferred to non-U.S. persons. Therefore, companies exporting or transferring such software must review their operations to determine if the new restrictions and licensing requirements apply to them. In addition, under the “deemed export” rules of the EAR, the disclosure of technology or software source code to a non-U.S. person (even in the United States) is deemed an export of such technology or source code to such person’s country of nationality.

The 0Y521 series is a temporary holding classification that only lasts for one year from the date of a final rule. As a condition to using this authorization, the U.S. Government must submit a proposal to the relevant multilateral regime (in this case, the Wassenaar Arrangement) to obtain multilateral controls over the item. Before the 0Y521 classification expires on January 6, 2021, an 0Y521 item may be reclassified and moved under a different ECCN, if appropriate. If the item has not been moved to a permanent ECCN and the 0Y521 classification expires, the item is re‑designated under ECCN EAR99 (a basket category covering items not specifically identified on the Commerce Control List), unless BIS reissues controls under the 0Y521-series authorization.

BIS Request for Public Comment

Although the new interim final rule became effective January 6, 2020, BIS is accepting comments on the rule until March 6, 2020. Because the subject technology has previously not been controlled, comments from U.S. companies, industry organizations, and subject matter experts are important to aid BIS in its implementation of these controls on AI and, eventually, on additional emerging and foundational technologies.

As always, MoFo’s national security team will continue to monitor the Administration’s export control-related activities and keep you updated on all significant developments.

[1] This authorization was originally introduced in April 2012. See

[2] “Neural networks are a subset of the field of artificial intelligence. The predominant types of neural networks used for multidimensional signal processing are deep convolutional neural networks (CNNs). The term deep refers generically to networks having from a ‘few’ to several dozen or more convolution layers, and deep learning refers to methodologies for training these systems to automatically learn their functional parameters using data representative of a specific problem domain of interest.” Rafael C. Gonzalez, Deep Convolutional Networks, 35 IEEE Signal Processing (n.6), 1, 79 (Nov. 2018),



Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.