Export Control Notice
Understanding export controls for TensorFoundry's AI infrastructure products. We're committed to responsible global distribution while complying with international trade regulations.
Last updated: January 6, 2025
Important Notice
TensorFoundry's AI infrastructure products - including FoundryOS, AgentOS and Olla - may be subject to export control laws and regulations in Australia and other jurisdictions. This notice provides guidance on applicable export controls and your responsibilities as a user or distributor.
This is not legal advice. Export control regulations are complex and change frequently. You are responsible for understanding and complying with all applicable laws. When in doubt, consult with qualified legal counsel or contact us for guidance.
Overview of Export Control Laws
Why export controls matter for AI technology
Export controls are laws and regulations that restrict the transfer of certain goods, software and technology to foreign countries or foreign nationals. For AI infrastructure products, these controls exist to:
National Security
Prevent technology from being used against national interests or in military applications.
Foreign Policy
Support international sanctions and foreign policy objectives.
Human Rights
Prevent technology misuse for surveillance, censorship, or human rights violations.
Non-Proliferation
Control the spread of technologies that could contribute to weapons development.
Australian Export Controls
Defence Strategic Goods List (DSGL)
As an Australian company (TensorFoundry Pty Ltd), we are subject to Australia's export control framework administered by the Department of Defence's Defence Export Controls Office.
Defence and Strategic Goods List (DSGL)
The DSGL controls exports of military goods, dual-use goods (items with both civilian and military applications) and technologies. AI infrastructure products may be classified as dual-use technologies, particularly:
- Category 4: Computers and telecommunications equipment
- Category 5 Part 2: Information security software and systems
- ML21: Software specifically designed for machine learning and neural networks
When Permits Are Required
An export permit may be required if you are:
- Exporting controlled goods or technology from Australia
- Transferring controlled technology to foreign nationals in Australia ("deemed exports")
- Providing controlled technology or software to overseas parties via electronic transmission
- Exporting to countries subject to Australian sanctions
US Export Administration Regulations (EAR)
Global reach of US export controls
US Export Administration Regulations may apply to our products if they contain US-origin components, technology, or software, or if they are re-exported from or through the United States.
Commerce Control List (CCL)
Under the EAR, AI and machine learning technologies may be classified under Export Control Classification Numbers (ECCNs) including:
- 4D090: Software for neural networks and machine learning
- 4E001: Technology for the development of AI systems
- 5D002: Information security software
- 3A090: General purpose computing items
Entity List and Restricted Parties
The US Bureau of Industry and Security maintains lists of entities subject to specific export restrictions:
- Entity List: Parties whose activities raise red flags for US national security
- Denied Persons List: Individuals and entities denied export privileges
- Unverified List: Parties that could not be verified in previous export transactions
- Military End-User List: Chinese and Russian military end users
Even products manufactured outside the US may be subject to EAR if they contain more than a certain percentage of US-origin content (typically 10-25% depending on destination). TensorFoundry products are designed and developed in Australia with minimal US-origin components to minimise EAR applicability.
EU Dual-Use Regulations
European Union export control framework
The European Union maintains a comprehensive dual-use export control regime that may apply to our products if they are distributed within or exported from EU member states.
EU Dual-Use Regulation (2021/821)
AI and cybersecurity products may be controlled under:
- Category 4: Computers and related equipment
- Category 5: Telecommunications and information security
- Category 9: Aerospace and propulsion (for certain AI applications)
- Emerging technologies: Advanced AI systems capable of autonomous decision-making
Cyber-Surveillance Controls
The EU has introduced specific controls on cyber-surveillance technologies that could be used for internal repression or human rights violations. While TensorFoundry's products are designed for general-purpose AI infrastructure, users must ensure they are not repurposed for surveillance in violation of EU regulations.
Restricted Countries and Entities
Understanding sanctions and trade restrictions
Various countries and territories are subject to comprehensive sanctions or specific technology export restrictions. TensorFoundry products may not be available or may require special authorisation for use in these jurisdictions.
Comprehensive Embargoes
Broad restrictions on trade, technology transfer and commercial activity:
Sectoral Sanctions
Restrictions on specific sectors, technologies, or dual-use items:
- Russia Technology & dual-use restrictions
- Belarus Technology & dual-use restrictions
- China (Specific Entities) Entity List restrictions for certain organisations
Regional Sanctions
Territories subject to specific restrictions:
- Crimea Region (Ukraine) Comprehensive sanctions
- Donetsk Region (Ukraine) Comprehensive sanctions
- Luhansk Region (Ukraine) Comprehensive sanctions
Sanctions lists change frequently in response to geopolitical developments. This list represents common restrictions as of January 2025 but is not exhaustive. Always verify current sanctions status before engaging in international transactions.
Specially Designated Nationals (SDN) and Entity Lists
Beyond country-level sanctions, specific individuals, organisations and entities may be subject to restrictions regardless of their location. These include:
- Entities on the US OFAC SDN List (Specially Designated Nationals)
- Organisations on the BIS Entity List or Military End-User List
- Individuals or entities designated under Australian sanctions
- Parties listed under EU restrictive measures
- UN-designated entities subject to Security Council sanctions
Due diligence requirement: Users are responsible for screening customers, partners and end users against these lists before providing TensorFoundry products or services.
AI-Specific Export Considerations
Emerging regulations for artificial intelligence
AI and machine learning technologies are subject to evolving export control frameworks. Regulators worldwide are developing specific controls for AI systems due to their dual-use potential and strategic importance.
Advanced Computing Chips
While TensorFoundry provides software infrastructure, our products are designed to run on high-performance computing hardware. Recent controls restrict export of advanced chips (e.g., NVIDIA A100/H100) to certain countries. Users must ensure their hardware complies with applicable chip export restrictions.
Foundation Models and Training Systems
Large-scale AI training infrastructure may be subject to controls as "emerging technologies." FoundryOS and AgentOS provide orchestration and management capabilities that could be used to train large models. Users conducting AI research or development for military or dual-use applications should carefully assess export control obligations.
Military AI Applications
AI systems designed for or adapted to military applications (autonomous weapons, surveillance, intelligence analysis) are subject to strict controls. TensorFoundry products are general-purpose tools, but users must not repurpose them for military applications in restricted countries without proper authorisation.
Cyber-Offensive Capabilities
AI systems capable of conducting cyber operations (intrusion, vulnerability discovery, automated hacking) may be controlled as information security items. While our products are not designed for offensive cyber operations, users must ensure they are not misused for such purposes.
Biometric and Surveillance Technologies
AI-powered facial recognition, behavioural analysis and surveillance systems are subject to human rights-based export controls. TensorFoundry does not provide surveillance-specific tools, but users must not adapt our infrastructure for repressive surveillance purposes.
Export Control Pilot Programs
The US and other countries have initiated pilot programs to identify emerging AI technologies requiring new controls. Technologies under review include adversarial AI, autonomous decision-making systems and AI chips. Stay informed about evolving regulations.
TensorFoundry is committed to responsible AI development and deployment. We design our products with security, transparency and ethical use in mind. We encourage all users to consider the societal impact of their AI systems and to use our tools in ways that respect human rights and democratic values.
Compliance Requirements
What you need to do
Classify the Technology
Determine the export classification of the TensorFoundry products you are using. Consider whether they contain controlled technologies under Australian DSGL, US EAR, or EU Dual-Use Regulations. Contact us if you need assistance with classification.
Screen End Users and Destinations
Before providing TensorFoundry products or services internationally, screen:
- Destination country (check for embargoes and restrictions)
- End user entity (check against Entity List, SDN List, etc.)
- End use (military, dual-use, civilian applications)
Obtain Necessary Licenses
If required, apply for export licenses from relevant authorities:
- Australian Defence Export Controls Office (for exports from Australia)
- US Bureau of Industry and Security (if EAR applies)
- EU member state competent authority (for EU exports)
Maintain Records
Keep detailed records of all international transactions involving TensorFoundry products, including:
- Customer information and due diligence screening results
- Export classifications and license determinations
- End-use statements and certifications
- Documentation of license applications and approvals
Retention period: Typically 5-7 years, depending on jurisdiction.
Implement Internal Compliance Programs
Organisations regularly engaging in international distribution should establish:
- Written export compliance policies and procedures
- Employee training on export regulations
- Automated screening tools for restricted parties
- Regular compliance audits and risk assessments
User Responsibilities
Your obligations when using TensorFoundry products
Know Your Customer (KYC)
Understand who your end users are, where they are located and how they intend to use TensorFoundry products. Maintain documentation of customer due diligence.
Screen Against Restricted Lists
Before any international transaction, screen customers and end users against consolidated restricted party lists. Use automated screening tools for efficiency.
Assess End Use
Determine whether the intended use is civilian, dual-use, or military. Be alert to "red flags" indicating potential diversion to prohibited end uses or users.
Implement Access Controls
Prevent unauthorized access to TensorFoundry products by restricted parties. Use geoblocking, authentication and monitoring as appropriate.
Report Violations
If you become aware of potential export control violations involving TensorFoundry products, report them to appropriate authorities and notify us immediately.
Stay Informed
Export control regulations change frequently. Subscribe to government updates, review this notice periodically and consult with trade compliance professionals.
Be alert to indicators of potential export control violations:
- Customer is reluctant to provide end-use information
- Customer requests unusual shipping routes or transshipment points
- Product requested is inconsistent with customer's normal business
- Customer requests product specs that match military applications
- Payment comes from unrelated third party or sanctioned country
- Customer requests to obscure true end user or destination
If you observe red flags, stop the transaction and conduct additional due diligence or seek guidance from export control counsel.
Penalties for Non-Compliance
Understanding the consequences
Export control violations can result in severe penalties. While we don't want to be alarmist, it's important to understand the potential consequences of non-compliance.
Administrative Penalties
- Civil monetary fines (can reach millions of dollars per violation)
- Denial of export privileges
- Suspension or revocation of export licenses
- Seizure and forfeiture of goods
Criminal Penalties
- Criminal fines (up to $1 million per violation in some jurisdictions)
- Imprisonment (up to 20 years for willful violations in the US)
- Criminal records affecting future business opportunities
Business Consequences
- Reputational damage and loss of customer trust
- Debarment from government contracts
- Increased regulatory scrutiny and compliance costs
- Loss of trading partners and market access
If you discover a potential export control violation, consider voluntary self-disclosure to relevant authorities. Many jurisdictions offer reduced penalties for companies that promptly report violations, conduct internal investigations and implement corrective measures.
Mitigating Factors
Regulators consider several factors when determining penalties:
- Whether the violation was willful or inadvertent
- Existence of an effective compliance program
- Cooperation with authorities and voluntary disclosure
- Remedial actions taken to prevent future violations
- Company's export compliance history
Proactive compliance is your best defense. Investing in compliance programs, training and screening tools is far less costly than dealing with violations.
Open Source Software Considerations
Special status of Olla and open source components
TensorFoundry's Olla project is open source software, which generally receives more favorable treatment under export control regulations. However, open source status does not mean export controls do not apply.
Public Domain and Publicly Available Software
Many export control regimes provide exemptions for software that is:
- Publicly available: Generally accessible to the public without restrictions
- Published: Made available through public channels (GitHub, npm, PyPI)
- Open source: Released under recognized open source licenses (MIT, Apache, GPL)
Olla is published on public repositories and released under an open source license, which may exempt it from certain export licensing requirements under the "publicly available" exception.
Exceptions and Limitations
Even publicly available open source software may be subject to controls if:
- It contains encryption or information security features above certain thresholds
- It is specifically designed for military applications
- It is provided to embargoed countries or sanctioned entities
- It is used in connection with weapons of mass destruction programs
TensorFoundry believes that Olla qualifies as publicly available open source software and is generally exempt from export licensing requirements for non-military, civilian end uses in non-embargoed countries. However, users are responsible for ensuring compliance with applicable laws when using Olla in regulated contexts or jurisdictions.
Questions About Export Controls?
Export control compliance can be complex. We're here to help you understand your obligations and navigate the regulatory landscape. If you have questions about TensorFoundry's products, export classifications, or specific compliance scenarios, please reach out.
Export Control Inquiries
export@tensorfoundry.ioFor classification requests and export compliance questions
Official Resources and Further Reading
Authoritative sources for export control information
Australian Resources
- Defence Export Controls Office
Official guidance on Australian export control laws
- Australian Sanctions Office (DFAT)
Information on Australian sanctions and trade restrictions
- Defence Strategic Goods List (DSGL)
The list of controlled goods and technologies
United States Resources
- Bureau of Industry and Security (BIS)
Administers the Export Administration Regulations (EAR)
- Consolidated Screening List
Searchable database of restricted parties
- Office of Foreign Assets Control (OFAC)
US sanctions programs and SDN List
European Union Resources
- EU Export Controls
Information on EU dual-use export control regulations
- EU Sanctions Map
Interactive map of EU restrictive measures
- EU Dual-Use Regulation (2021/821)
Official text of the EU dual-use export control regulation
International Organisations
- Wassenaar Arrangement
Multilateral export control regime for conventional arms and dual-use goods
- UN Security Council Sanctions
Information on UN-mandated sanctions regimes