When Using a Foreign AI Touches Export Control: Cross-Border Data and Economic Security

Hello, this is Hamamoto from TIMEWELL.

In June 2026, two "stoppages" of very different character hit the world of frontier AI in quick succession. The first: OpenAI announced its new GPT-5.6 model, yet for the time being opened it to only a handful of organizations. The second: Anthropic's Fable 5 and Mythos 5 were forced into a temporary suspension for all customers by a directive from the US government. Glance at the headlines alone and both look like the same story: "you can't use the latest AI anymore." But the substance is entirely different, and getting these two confused throws off the whole discussion I want to have today about the risks Japanese companies face when they use a foreign AI.

In my previous piece, The era when AI models become subject to export control, I traced how the regulatory hand reached from chips to AI models themselves. This article picks up where that left off and lowers the lens one notch, down to our own feet. Typing your company's design drawings or specifications into an overseas AI, that casual act, might touch Japan's export controls. That is the story.

The same "stoppage," but the substance was the opposite

Let me start with GPT-5.6. On June 26, 2026, OpenAI announced a preview of a new family of models named Sol, Terra, and Luna.[^1] But it did not open them to the public. It kept them in a preview limited to around 20 trusted organizations, accessible only through the API and through Codex, its coding assistant. Why? Because it had received a "request" from the US government. This is the most important point. This was not an order grounded in law; it was, plainly, the government asking. OpenAI itself has stated that it plans to move to general availability (GA) within weeks.[^2][^3] So writing that "GPT-5.6 was barred from release by regulation" is flatly wrong. The correct reading is that this is a temporary, limited rollout, with general availability expected soon. It is not a permanent ban.

The backdrop is a presidential executive order issued by President Trump on June 2, 2026. It set up a framework under which frontier models are voluntarily submitted to the government before release.[^4] The cautious way GPT-5.6 was rolled out is most naturally read as a voluntary adjustment made within that climate.

Fable 5 and Mythos 5, by contrast, are an entirely different animal. On June 12, 2026, the US Department of Commerce's BIS (Bureau of Industry and Security), under the signature of Commerce Secretary Lutnick, sent Anthropic a letter in the form known as an "is informed" letter, requiring a license for access by all foreign persons to both models. The legal basis is the Export Control Reform Act (ECRA) and the Export Administration Regulations (EAR). This was not a request but a legally binding export-control measure. Because Anthropic cannot determine a user's nationality in real time, it had no choice but to temporarily suspend both models for all customers.[^5]

In short: GPT-5.6 is "a voluntary limited rollout in response to the government's ask," while Fable 5 is "a compulsory cutoff of access grounded in law." A request, and an order. Mix the two together when you talk about them, and the real shape of the regulation blurs. The very first thing I wanted to pin down this time is exactly this distinction.

Why do I insist so much on this distinction? The reason is simple. One side is a story of governance: "if the government asks, companies will voluntarily narrow how they release the latest AI." The other is a story of compulsion: "the state, by law, severs access to a specific model." The former leaves room for corporate judgment; the latter stops things no questions asked. Even though both happened in the same month of June 2026, the quality of the shock felt by the user is completely different. And what really bites for Japanese companies is neither of these. It is the other export-control question I will turn to next: what are we ourselves handing over to foreign AIs?

From "model weights" to "access itself"

The reasoning used in the Fable 5 case is now stirring debate among experts. Treating the very act of a foreign person accessing a model as an "export" is a way of thinking that did not exist before. The Harvard Law Review took it head-on, framing it as the question "Is access to Fable an export?"[^6]

There is a short but interesting detour on the road to this point. Classifying an AI model's "weights" (the collection of parameters that determine its performance) as a controlled item had, in fact, already begun with the AI Diffusion Rule of January 2025. It assigned a dedicated control number, ECCN 4E091, to the weights of closed models trained with more than 10 to the 26th power operations of compute.[^7] But this Diffusion Rule was rescinded in May 2025. The approach of regulating weights, the file itself, was pulled back once, and what surfaced in its place was a new theory: that "access itself is an export." Not the model's file crossing a border, but the act of touching its capabilities crossing one.

The center of gravity of the regulation shifted from stopping the weights as a thing to stopping the act of letting someone use them. This shift is not unrelated to Japanese companies either, because the view that "access itself is an exchange of technology" is strikingly close to a way of thinking Japan's export controls have held for a long time.

Here is where it becomes a Japanese-company story: putting technology into a foreign AI

At the center of Japan's export controls is the Foreign Exchange Act (the Foreign Exchange and Foreign Trade Act). Many people picture goods being carried away by ship, but the Act does not bind only goods. Placing controlled "technology" (design drawings, specifications, manuals, programs, and so on) in a state where a foreign party or a non-resident can use it can also be subject to licensing as a service transaction (technology provision). The basis is Article 25, paragraph 1 of the Act.[^8][^9]

Let me use an analogy. The concept of a deemed export treats the act of showing a controlled design drawing to a foreign national who is inside Japan as equivalent to exporting it to that person's home country. The goods have not moved an inch, yet the moment you show it, an "export" is established. This operation was clarified on May 1, 2022, in the form of what are called "specified categories."[^10]

So what happens when you type your company's controlled technology into an AI operated by an overseas business? I feel this is not so far from the act of showing technical information to a counterpart who is abroad. The drawings or source code you enter pass to the operator's servers and, depending on the case, may be used for training or viewing. If so, the structure starts to look a lot like handing technology to a foreign party or non-resident in a usable state. Putting important data into an AI is, seen from another angle, also showing your company's technology to a foreign party. That is how I take it.

That said, not everything you input becomes subject to control. The Foreign Exchange Act's regulation has, broadly, two entrances. One is list control. The annex to the Export Trade Control Order lists items such as weapons themselves, advanced semiconductors, encryption, and certain machine tools, along with related technology, with the lines drawn by performance figures. The other is catch-all control: a net under which a license is required, even for items not on the list, when it becomes clear that they could be used to develop weapons of mass destruction or conventional weapons. If the drawings or specifications your company is about to put into an external AI look likely to catch on either of these, stop for a moment and run them through a classification determination. Conversely, there is no need to set your nerves on edge over internal meeting notes or ordinary administrative documents. The line should be drawn against sensitive technology that could become subject to control, and against that alone.

Here let me hit the brakes hard for a moment. No primary guidance currently exists that names "the act of inputting controlled technology into a foreign AI model" as falling under control. What I am describing here is an interpretation by analogy to the cloud service-notification framework I will touch on next; it is not a definitive rule. The actual treatment varies case by case, depending on the contract terms, whether the input data is used for training, the country where the servers are located, and so on. So please take it at the temperature of "it may touch the rules, needs checking." Ultimately, consulting the Ministry of Economy, Trade and Industry (METI) or CISTEC (the Center for Information on Security Trade Control) is the premise.

Storing data in the cloud and having it train on data are different

Placing data on a foreign server or cloud is not, in itself, an immediate violation. If you are merely storing it for your own use, no license is required in principle. That is how Japan organizes the matter. The 2013 cloud service notification set out this line.[^11]

The problem arises in two cases. One is when you use the service knowing that the service provider will view or obtain that data, or use it to train an AI. The other is when you entrust it in the first place for the purpose of providing it to a third party. If either applies, it is considered that you may have crossed beyond the pretext of storing for your own use and into a service transaction. What makes inputting into a foreign AI precarious is precisely that it easily touches the former. Many free-to-use AI services state in their terms of service that they may use the content you input for training. If you type in controlled technology knowing it will be used for training, it becomes hard to call it your own use.

Picture one concrete scene. You paste the design drawing of a device under development into an overseas generative AI and ask, "help me with the strength calculation for this part." It is convenient, and there is no ill intent anywhere. But suppose that drawing contains controlled-grade specifications, and the AI service's terms use inputs for training. Sitting at your own desk inside Japan, you could be assessed as having handed controlled technology to a foreign operator in a usable state. The operation that ought to be the furthest thing from the word "export" turns out to be on the front line. What gives me pause about using external AI is exactly this nearness of distance.

The self-management measures you can take in practice are plain, but they work. Check which country the servers of the AI service you use are located in. Choose a contract plan or an opt-out setting that does not use your data for training. Finish the classification determination for design drawings or source code that could be controlled before you put them into an external AI. Encrypt before you send. Just baking these into internal rules lowers the probability of an accident considerably. For export-control practice in general, I wrote in detail in the previous piece, Export compliance practice for companies, so please read that alongside this.

Even so, the regulations are, as a rule, rewritten every year, and several times a year at that. Each country's lists and extraterritorial-application rules also grow more tangled year by year. Honestly, I feel that having a staff member keep up with all of this by hand is already near its limit. TRAFEED, the service TIMEWELL provides, supports this kind of export-control classification and counterparty screening with an AI agent. It assists determinations in line with METI's standards, and can also serve as a foundation when you draw the internal line on what is acceptable to put into a foreign AI.

What happens if you get the determination wrong

The biggest reason export control cannot be taken lightly is the weight of the penalties. A violation of the Foreign Exchange Act carries, for an individual, imprisonment of up to 7 years or a fine of up to 20 million yen. Where weapons of mass destruction are involved, it rises to up to 10 years, or up to 30 million yen. A corporation can face a fine of up to 1 billion yen, and on top of that, an administrative sanction of a transaction ban of up to 3 years. That is a level that can shake the very pillars of a company.

And as I touched on last time, 60 to 70 percent of the causes of Foreign Exchange Act violations in Japan are not malice but simple errors in classification determination. A company running its business in good faith gets charged with a violation just for getting one determination wrong. The scene of putting technology into a foreign AI is, I think, a domain where this kind of slip is especially likely to happen. When you paste a drawing into a chat box, the awareness that "this is an export" simply does not arise. That is exactly why you need a mechanism to stop and think before you put it in.

In the previous article I noted that one legal expert advised that "you should build into your business continuity plan the scenario that the AI you use suddenly stops." Today's story is the flip side of that. Beyond the risk of it stopping, there is the risk of putting in something you must not put in. An external AI is a box whose access may be cut off one day, and at the same time, a mouth through which your own technology may leak out. Keep an export-control eye on both sides of that traffic, going in and coming out. That kind of stance, I think, is going to become a matter of course from here on.

Let me close with my own read. The limited rollout of GPT-5.6 and the cutoff of Fable 5 share the same root. Nations have begun to regard frontier AI as a strategic asset to be managed at the national level. This trend will not stop for some time. And the more the state makes a model subject to control, the more the question of what you input into that model and to which country's servers you hand it over bounces back onto us, the users, as our own export-control problem. The AI you could use casually yesterday becomes subject to regulation today. On the premise of that uncertainty, decide now where to draw the line on what information your company may hand to an external AI. Starting there is, I think, the realistic move.

If you are unsure how to draw that line, in a TRAFEED one-on-one consultation we will think through, together, an organization that fits the technology your company handles and the actual shape of your transactions. Export control is a domain where the answer changes from one company to the next. Start by taking stock of where you stand now, and feel free to reach out.

References

[^1]: Previewing GPT-5.6 Sol—OpenAI—June 26, 2026—https://openai.com/index/previewing-gpt-5-6-sol/

[^2]: OpenAI limits GPT-5.6 rollout after government request, says restrictions shouldn't be the norm—TechCrunch—June 26, 2026—https://techcrunch.com/2026/06/26/openai-limits-gpt-5-6-rollout-after-government-request-says-restrictions-shouldnt-be-the-norm/

[^3]: OpenAI Limits GPT-5.6 Rollout at US Government's Request—govinfosecurity—June 2026—https://www.govinfosecurity.com/openai-limits-gpt-56-rollout-at-us-governments-request-a-32092

[^4]: Trump signs executive order on AI—CNBC—June 2, 2026—https://www.cnbc.com/2026/06/02/trump-executive-order-ai.html

[^5]: Statement on the US government directive to suspend access to Fable 5 and Mythos 5—Anthropic—June 12, 2026—https://www.anthropic.com/news/fable-mythos-access

[^6]: Is Access to Fable an Export?—Harvard Law Review (blog)—June 2026—https://harvardlawreview.org/blog/2026/06/is-access-to-fable-an-export/

[^7]: Framework for Artificial Intelligence Diffusion (ECCN 4E091)—Federal Register—January 15, 2025—https://www.federalregister.gov/documents/2025/01/15/2025-00636/framework-for-artificial-intelligence-diffusion

[^8]: Service Transaction Notification—Ministry of Economy, Trade and Industry (METI)—https://www.meti.go.jp/policy/anpo/law_document/tutatu/t10kaisei/ekimu__tutatu.pdf

[^9]: Plain-Language Foreign Exchange Act (2025 revised edition)—CISTEC (Center for Information on Security Trade Control)—2025—https://www.cistec.or.jp/service/chouyaku/chouyaku_gaitamehou.pdf

[^10]: On the revision of the service notification regarding cloud computing services—CISTEC (Center for Information on Security Trade Control)—2013—https://www.cistec.or.jp/export/jisyukanri/130627-cloud.pdf

[^11]: On the clarification of the operation of deemed export controls—Ministry of Economy, Trade and Industry (METI)—https://www.meti.go.jp/policy/anpo/anpo07.html

This article is based on information as of June 2026, and the situation is fluid. Because each country's regulations and their operation can change over a short period, any actual judgment should be made on the premise of the latest information from METI, CISTEC, and others, and confirmation with an expert.