When the AI You Rely On Suddenly Goes Dark: Preparing for the Era of "Access Classification"

Hello, this is Ando from TIMEWELL. Today I want to write about a major shift now underway in the world of export control.

At 5:21 p.m. Eastern Time on June 12, 2026, the US government issued an export control directive to a major AI company, ordering it to suspend foreign-national access to its latest AI models. What stopped was not "goods" — it was access to the AI itself.

This is not someone else's problem. The reach of export control is expanding quietly but unmistakably. For Japanese companies that use US-origin AI and cloud services in daily operations, the lesson is that it could be your turn at any time.

What happened — AI models cut off for foreign nationals all at once

According to Anthropic's official statement and various press reports, here is what unfolded.

• At 5:21 p.m. ET on June 12, 2026, citing national security authorities, the US government directed Anthropic to suspend access to its latest models "Fable 5" and "Mythos 5" for all foreign nationals — inside or outside the United States, including the company's own foreign-national employees.
• Because Anthropic cannot filter US users from foreign nationals in real time, it immediately disabled both models for all customers to ensure compliance. Other models (such as Claude Opus 4.8) were unaffected.
• The government reportedly cited a method for bypassing Fable 5's safeguards as the concern, but did not disclose specifics.
• Anthropic called this a misunderstanding, arguing that the method related to known, minor vulnerabilities and that comparable capability is available from other public models. It said it is working to restore access as soon as possible.

What stands out is that the line was drawn by "nationality." US export control (the EAR) includes the concept of a "deemed export" — treating the provision of technology to a foreign national inside the US as an export to that person's home country. Here, that concept was applied to AI access in the cloud.

Let me head off a common misunderstanding for Japanese companies. Japan's "deemed export" under the Foreign Exchange Act is judged not by "nationality" but by "resident / non-resident plus specific categories" (clarified in the rule that took effect in May 2022). A foreign national who is a resident and does not fall under a specific category is, in principle, out of scope. Don't apply the US "nationality-based" approach directly to Japanese practice.

For the record, we at TIMEWELL are users ourselves — we use Claude and other AI in our daily work. This article isn't a criticism of any particular company. It's a practical look at one fact — that the scope of regulation has expanded — and at what both users and providers should do about it.

Why this is a tectonic shift in export control

Historically, the scope of export control widened from "physical goods" to "technology" (data and software). What is happening now is the next expansion — to "access itself." It is advancing from three directions at once.

Treating AI models as a "commodity"

The "AI Diffusion Rule," published by the US in January 2025, introduced the idea of regulating the weights of closed (non-public-weight) frontier AI models trained with more than 10^26 operations of compute. That new classification is ECCN 4E091.

That said, the AI Diffusion Rule itself was placed on hold: two days before it would have taken effect, on May 13, 2025, BIS announced it would rescind the rule (a formal rescission notice and replacement rule to follow separately). We cover the background in a separate article, "AI Diffusion Rule Rescission and Alternatives — Five Things Japanese Companies Should Check Now." The current regulatory status of 4E091 and related provisions is in flux. Even so, the policy direction — treating AI models themselves as items subject to export control — has not gone away.

Legislation that treats cloud / remote access as an "export"

Even if physical chip exports are blocked, accessing GPUs remotely from overseas via the cloud could sidestep the controls. A bill to close this "cloud loophole" is moving.

RASA (the Remote Access Security Act / H.R.2683) would treat the provision of remote access to controlled GPU compute as an export transaction — on par with a physical export — and require a license. The bill passed the House on January 12, 2026, by 369 to 22. In the Senate it has been referred to committee (Banking, Housing, and Urban Affairs) and, as of June 2026, has not become law. This space moves fast, so check the latest status as you go.

A rule that traces "ownership" is also waiting in the wings

The "50% rule" (the Affiliates Rule), which extends controls to subsidiaries that are 50%-or-more owned by Entity List companies, is expected to take effect again on November 10, 2026 (it is currently under a one-year enforcement suspension). The burden of tracing ownership structures to verify who you are really dealing with is set to grow.

What these three share is this: companies now bear a heavier duty to actively confirm "who accesses which country's technology, by what means."

Three things Japanese companies should check right now

To repeat: this is not just "a US story." Japanese companies that use US-origin AI, cloud, or technology need to assess their risk as users.

1. Inventory the AI and cloud you depend on

• For each operation, which AI model / cloud are you using?
• Which country does that technology originate from? (Foreign-made products that contain more than a certain share of US-origin technology can fall under US rules via the de minimis or foreign direct product rules.)
• If it stops, do you have an alternative (redundancy)?

As this case showed, a specific model can be disabled without warning — for real. Simply taking stock of "which operations stop if this model stops" can transform your business-continuity readiness.

2. Rate your risk from an "access" perspective

Classification used to ask only "is our product subject to control?" Now you also need a second lens: "could the AI access we use or provide trip a regulation, and against whom?" Provision to overseas subsidiaries, foreign-national employees, and joint research partners deserves particular care.

3. Continuously monitor regulatory and entity-list updates

Entity lists are updated frequently, and the status of bills can change in short order. With RASA and the 50% rule alike, knowledge from six months ago is no longer enough. Tracking every update by hand is not realistic, so you need a mechanism for continuous monitoring rather than one-off spot checks.

How an AI agent (TRAFEED) changes this

The more the scope of regulation widens from "goods → technology → access," the heavier the burden of continuously classifying your products, technologies, and software against the latest rules. High volume, fast updates, complex relationships — exactly the kind of work humans find hardest.

TRAFEED (formerly ZEROCK ExCHECK), the export-control AI agent we built at TIMEWELL, supports that classification work itself.

• It organizes the connections among products, technologies, and counterparties through relationship-chain analysis, catching gaps in your assessment.
• For items of possible concern, it sorts them into concern levels S/A/B/C and visualizes the concern level in about five seconds. A full investigation of a flagged point can be scoped in as little as ten minutes.
• Every judgment leaves a report with source URLs, so it holds up for audits and internal explanations.
• Because entity-list and regulatory updates can be reflected continuously, you can build an operation that doesn't leave classifications outdated in this "era of access."

AI is here to support the judgment, not replace it. Final classification decisions and filings should be made by your in-house export control officer.

For a concrete picture of how to streamline "classifying your own products," see our detailed piece, Streamlining Export Classification with AI — Working Backward from the Practitioner's Search Problem. For the practical view from SaaS and cloud operators, see Export Control for SaaS and Software Companies — Deemed Export and Cloud Rules in Practice.

In closing — the era of watching only "the export of goods" is over

• In June 2026, access to AI models was actually suspended by an export control directive. The line was drawn by "nationality."
• The scope of regulation is expanding from goods → technology → access (AI models as commodities; RASA passed the House and is in the Senate; the 50% rule expected to return).
• Japanese companies should start now on the three user-side steps: (1) inventory, (2) access-perspective rating, and (3) continuous monitoring.

How to prepare for this shift

"Is the AI and cloud we depend on safe?" "From an access perspective, what — and against whom — do we need to check?" If this case left you asking those questions, you're not alone.

With TRAFEED (formerly ZEROCK ExCHECK), an AI agent supports classification and continuous monitoring, helping you build an operation that doesn't leave assessments outdated every time the rules move. Start by checking how far your current export-control setup can keep up in this "era of access."

If you'd like to talk through "what this means in our specific case," please reach out to us. We also offer a free demo where you can see it in action.

---

References

• Anthropic. (2026, June 12). Statement on the US government directive to suspend access to Fable 5 and Mythos 5. https://www.anthropic.com/news/fable-mythos-access
• CNBC. (2026, June 12). Anthropic disables access to Fable 5 and Mythos 5 to comply with government directive. https://www.cnbc.com/2026/06/12/anthropic-disables-access-to-fable-5-and-mythos-5-to-comply-with-government-directive.html
• Al Jazeera. (2026, June 13). US orders Anthropic to disable AI models for all foreign nationals. https://www.aljazeera.com/news/2026/6/13/us-orders-anthropic-to-disable-ai-models-for-all-foreign-nationals
• Congress.gov. H.R.2683 - 119th Congress (2025-2026): Remote Access Security Act. https://www.congress.gov/bill/119th-congress/house-bill/2683
• Baker McKenzie. US House Passes Remote Access Security Act. https://sanctionsnews.bakermckenzie.com/us-house-passes-remote-access-security-act/
• Arnold & Porter. (2025, November). U.S. Department of Commerce Officially Suspends Enforcement of the Affiliates Rule for One Year. https://www.arnoldporter.com/en/perspectives/blogs/enforcement-edge/2025/11/doc-suspends-enforcement-of-the-affiliates-rule-for-one-year