AI Export Controls for Founders: Run the Deemed-Export Fire Drill This Week

On Friday, June 12, 2026, at 5:21 PM Eastern, US Commerce Secretary Howard Lutnick sent Anthropic a letter that pulled two frontier AI models offline for the entire planet. Anthropic had roughly 90 minutes of warning.

By that evening, Claude Fable 5 and Claude Mythos 5 were globally disabled for every customer, US citizen or not, because the company could not reliably verify per-user citizenship at login.

That is the fact pattern that should reorganize your week. Not because your startup is Anthropic, but because the legal mechanism behind the shutdown, the deemed export rule, applies to almost every US-founded AI company with a single non-citizen on the access list.

AI export controls for founders stopped being a policy abstraction on that Friday. They became an operational drill.

TL;DR

The US government used the long-standing deemed export rule plus national-security authority to force a frontier model shutdown three days after launch. The rule treats giving a foreign national access to controlled technology as an export to their home country.

Every globally distributed AI startup should map its products to export classifications, build citizenship verification at login, and stand up a basic compliance program this week.

Key takeaways

• The deemed export rule (15 CFR 734.13) fires when a foreign national accesses EAR-controlled tech on US soil.
• "Foreign national" is defined by passport, not residence, so H-1B and F-1 staff can count.
• The Fable 5 directive's precedent is the product-shutdown remedy, not the dollar fine.
• Civil penalties reach the greater of $300,000 or twice the transaction value; criminal exposure hits 20 years.
• Citizenship verification at login is now table stakes for frontier-class models.
• A prediction market priced restoration to US customers at 58% by July 1 (CNBC, 2026).

What is the deemed export rule for AI?

The deemed export rule treats releasing EAR-controlled technology or source code to a foreign national located in the United States as an export to that person's country of most recent nationality. For AI, "release" explicitly includes network access, so a non-citizen logging into a system that exposes controlled model weights or training code can trigger it (BIS, Deemed Exports).

US export controls live in one regulation, the Export Administration Regulations (EAR), run by the Bureau of Industry and Security (BIS) inside Commerce and codified at 15 CFR Parts 730, 774. The deemed export provision sits at 15 CFR 734.13(a)(2).

There is no de minimis carve-out based on how trivial the technology seems. If the item is controlled and the recipient holds a non-US passport, the rule fires.

One honest caveat: Bloomberg published the full Lutnick letter on June 16 and it cites generic "national security" authority, not a specific subsection. Commentators at R Street and others infer the deemed export framework. Treat the exact CFR pin-cite as likely rather than confirmed until a lawyer reads the operative text.

Who counts as a foreign national?

Nationality controls here, not where someone lives or works. US citizens, green-card holders, asylees, and refugees are "protected individuals" and exempt.

Everyone else with a non-US passport counts as a foreign national: H-1B, L-1, F-1 OPT, TN, E-3, and O-1 holders sitting in your US office included. That is exactly why Anthropic's "every customer globally" reaction was the legally conservative move.

It could not prove that none of its users was a US-based foreign national at login.

For an engineer on a visa, the trigger is access, not headcount. She becomes a deemed-export release only if she touches controlled model weights, fine-tuning code, or training infrastructure. The test is conjunctive: foreign national AND EAR-controlled AND not fundamental research.

Is my AI product a deemed export?

Stop asking "am I a deemed export?" Ask, for each product surface, whether the rule applies to a specific recipient. Walk this in order.

1. Is the tech in scope of the EAR at all? US company, US-origin tooling: yes, almost always.
2. Is it EAR99, publicly available (734.7), or fundamental research (734.8)? If yes, the rule never fires. Stop.
3. Is the recipient a US citizen or protected individual? If yes, stop.
4. Foreign national outside the US? That is a regular export, needing a license for the item's classification to that country.
5. Foreign national accessing from US soil? Classic deemed export, the scenario that just hit Anthropic.

Access pattern matters more than the product name. The same model can be safe in one channel and controlled in another.

Access pattern	Deemed-export risk	Post-Fable 5 note
Inference API, closed EAR99 model	Low historically	High if frontier-class and you can't verify citizenship
Fine-tuning API (user produces weights)	Medium, high	Likely a deemed export if base weights are listed
Weight download	High	Explicit release of controlled tech
Distillation API	Gray area	Flag for counsel if model is frontier-class
Open-weight public release	Not a deemed export (734.7 applies)	Still subject to re-export rules to sanctioned destinations

Sanctions run on a separate track. Any US person transacting with someone in Cuba, Iran, North Korea, Syria, or the Crimea/DNR/LNR regions hits OFAC controls even if the product is EAR99.

Can I serve foreign users from a US-hosted model?

Yes, for most products today. The Fable 5 directive expanded the risk surface for frontier-class systems, with no bright-line test. Three operating rules follow.

Citizenship verification at login is table stakes for frontier models. For a frontier-capability closed model in June 2026, capture verified citizenship at login, block non-citizens from controlled products, and keep the audit trail. If you cannot verify, do not serve. Build this before a government letter lands, not after.

Hosting geography is not the trigger. The rule turns on the recipient's nationality, so hosting in the US, Europe, or Singapore changes nothing for the deemed-export analysis. Cross-border export rules do turn on geography, and both can apply to one foreign end user.

Non-frontier inference stays low risk. Until June 12, BIS had never used the deemed export rule to compel a global inference shutdown. The risk is concentrated at the frontier end, where Commerce can credibly call a model dual-use. Below that line, serving a non-frontier inference API to foreign users is generally not a deemed export.

What does non-compliance actually cost?

The enforcement toolkit can end a startup. Civil penalties under 50 U.S.C. 4819 reach the greater of $300,000 per violation or twice the transaction value. BIS proved it will use the second prong in the February 12, 2026 Applied Materials settlement, a $252 million penalty pegged to $126 million in illegal shipments.

Willful violations carry up to $1,000,000 and 20 years in prison per count, prosecuted by DOJ's National Security Division. The bar for "willful" is conscious disregard, lower than founders expect.

Then there is the denial order. BIS can bar a company from any EAR transaction and add it to the Denied Persons List, which means no US supplier, customer, or cloud provider can lawfully deal with you. For an AI startup shipping a controlled product, that is functionally fatal.

The genuinely new thing about Fable 5 is not the number. It is the remedy: a global shutdown of a shipping consumer product three days after launch. That is the precedent to plan against.

Where the rules stand in mid-2026

The regulatory ground is unusually unsettled, which is the whole reason speed matters. BIS rescinded the Biden-era AI Diffusion Rule on May 13, 2025 after a roughly four-month life. No successor has been finalized, and BIS has not clarified the post-rescission status of ECCN 4E091, the closed-weight control for models trained above 10²⁶ FLOP.

So founders operate under the long-standing deemed export rule plus case-by-case national-security letters. That makes BIS faster and less predictable at once. The policy community is split: R Street calls the directive unworkable security theater, while the World Economic Forum and Anthropic's own framing of Mythos as cyber-dangerous support the restriction.

As of June 17, Anthropic and the White House remain at odds with no rescission.

Plan for both outcomes. The same posture survives either one.

The Monday-morning checklist

This is the AI startup compliance checklist to run this week. Each step builds on the last.

1. Map every product surface to a classification (ECCN, EAR99, or public/fundamental research) on one page, with rationale and reviewer. BIS asks for this first.
2. Treat closed weights above 10²⁶ FLOP as ECCN 4E091 pending updated guidance; the entry was never formally withdrawn.
3. Build citizenship verification at login with a KYC provider, capturing either verified status or an explicit access-denied outcome.
4. Screen every user and access-holding employee against the OFAC SDN list, the BIS Consolidated Screening List, and the Entity List, on a published cadence.
5. Write a one-page Technology Control Plan covering physical security, access controls, IT logging, training, and a quarterly internal audit.
6. Designate one Empowered Official, a named person who signs disclosures and is the BIS point of contact.
7. File a commodity classification request through Snap-R for your frontier model. It costs nothing and gives the strongest safe harbor.
8. Update the customer agreement with citizenship and end-use representations, a sanctioned-use ban, and a right to suspend on government notice.
9. Update the employee agreement with an export-compliance acknowledgment and a duty to report immigration-status changes.
10. Pre-write a Voluntary Self-Disclosure template under 15 CFR 764.5; a VSD earns the strongest mitigation.
11. Line up two outside export-control counsel firms, primary and backup, before you need them.
12. Stand up monitoring. Track BIS and Federal Register notices, Anthropic's newsroom, and the WIRED and TechCrunch policy desks weekly.

On recordkeeping, keep export records for five years under 15 CFR 762.6. If you also do OFAC work, the retention period moved to ten years effective March 21, 2025. The longer one binds.

What this means for you

The most expensive failure mode is treating Fable 5 as either a one-off to ignore or a permanent regime to over-engineer against. The directive could be rescinded within weeks, as the AI Diffusion Rule was, or extended to the next lab that ships a frontier model.

Either way the durable workflow is identical. Verify citizenship at access, classify your surfaces, screen for sanctions, keep records, name an Empowered Official, and hold a 24-hour pipeline ready to suspend or modify a product if a letter arrives.

Anthropic had 90 minutes. The point of running the drill now is to give your team five days instead.

Sources

• Statement on the US directive to suspend Fable 5 and Mythos 5 (Anthropic)
• Lutnick's Letter to Anthropic Warned of Curbs on Top AI Models (Bloomberg)
• BIS: Deemed Exports policy guidance
• What is a Deemed Export? (BIS Learn & Support)
• The Fable Fiasco: A Bad Idea Applied Badly (R Street)
• BIS Rescinds AI Diffusion Rule (Akin Gump)
• AI Diffusion Rule Out but BIS Increases Compliance Obligations (Morrison Foerster)
• Applied Materials to Pay $252 Million Penalty (BIS)
• BIS Enforcement Penalties
• Anthropic Is Still at Odds With the White House (WIRED)
• The Anthropic models ban was never about a jailbreak (TechCrunch)
• Anthropic disables Fable 5 and Mythos 5 (CNBC)
• OFAC Sanctions Programs and Country Information
• Anthropic's Mythos moment (World Economic Forum)