Bloomberg recently reported that the Trump administration is considering a new global AI chip export control framework. The proposed rule appears to have been withdrawn for now, but still likely provides an instructive example of the approaches the administration is considering. The framework appeared to focus on authorizing different companies to conduct imports at different scales, rather than requiring licenses for individual shipments. This could help address problems like smuggling by blocking sales to likely smugglers while still being relatively lightweight. But its global scope has received pushback for potentially subjecting all substantial AI chip exports to US government approval. This would position the government as a kingmaker and potentially tie up large compute investments in government-to-government negotiations.

This is a tricky dynamic: Inserting more US government discretion into which companies get to buy large quantities of chips seems like one of the only ways to really counter issues like smuggling and Chinese remote access to chips. But that same discretion could easily lead to delays, regulatory uncertainty, and mission creep.

However, it might be possible to sidestep this problem by delegating some discretion and enforcement responsibility to private companies with appropriately aligned incentives. This is the topic of our new working paper: Export Auditors as Market-Powered Export Enforcement.

Fixed rules don’t work, but case-by-case decisions can be even worse

There is a basic tradeoff in export control policy (and almost all policy). The government can move along a spectrum between two options:

1. The government can set fixed, stable, easily interpretable rules that change slowly. The strongest version of this is for Congress to pass precise regulatory rules. More commonly, this would look like regulatory agencies setting clear rules and rarely changing them.

2. The government can rely more on case-by-case judgments to decide what to allow. In the export control case, this would typically mean imposing a license requirement on a broad class of transactions, and granting licenses on a case-by-case basis. This can be more adversarially robust and dynamic, but creates substantial regulatory uncertainty, and potential for bias and regulatory capture. These approval or licensing processes are also often slow and costly.

As long as they are not too restrictive, fixed rules tend to benefit business because they reduce regulatory uncertainty and ensure fairness. But rigidity often means bad actors will find and exploit loopholes, and the rules can easily become outdated as the relevant industry changes.

Since 2022, US AI chip controls have been relatively close to the fixed, stable end of the spectrum, with approximately annual updates. However, this led to NVIDIA running circles around the government by designing around technical thresholds, and appears to have enabled fairly substantial smuggling of chips into China through Southeast Asia.

In 2025, the Trump administration moved in a more dynamic, case-by-case direction. This had notable upsides: NVIDIA’s repeated efforts to simply design around technical thresholds were finally halted because the administration effectively gave up on setting clear technical thresholds and moved to blocking individual chip models (most importantly the NVIDIA H20) using “is-informed” letters. The deals with the United Arab Emirates and Saudi Arabia also seem to have relatively successfully promoted exports of US chips while securing investment into the US.

Regulatory uncertainty

But there have been clear downsides. The administration has been vacillating on which chips and how many to sell to China, leading NVIDIA to restart and then again interrupt and then again restart production of the H200 chip, and presumably forcing to NVIDIA engineers to work around the clock, so far fruitlessly, developing new chip variants to chase uncertain government approval. The deals with the United Arab Emirates and Saudi Arabia have succeeded in some ways, but heavy government involvement has also caused serious delays.

So far this uncertainty has been largely restricted to sales to China. But any rule like the one Bloomberg reported would potentially extend this uncertainty globally, if any company wishing to export or import significant quantities of chips would need government approval. Even discussion of rules like this can dampen investment, despite the Department of Commerce emphasizing that it is “committed to promoting secure exports of the American tech stack”.

I have no doubt that the Department’s commitment is sincere, but it might not be sufficient. Large chip deployments, like the 200,000 B300s that represent the proposed rule’s highest tier, have to be planned years in advance. If there’s a substantial chance that a future rule would tie up such an investment for months in government-to-government negotiations, or could even be blocked to create leverage in some unrelated trade dispute, potential importers and exporters would likely simply choose to invest less in these projects due to slower expected returns and elevated risk.

And uncertainty goes further back than just Google or NVIDIA: Part of the reason the current chip shortage is so severe is that chip fabricators like TSMC are wary of making massive investments in new fab capacity if there’s a risk that, several years from now when the fabs come online, the market won’t be quite as massive as they expected. The semiconductor industry has grown tremendously cautious after decades of boom-bust cycles. High-discretion rulemaking like this creates precisely the uncertainty and underinvestment that is holding back the US AI industry. And TSMC’s suppliers are similarly wary about investing in new equipment-making capacity without guarantees that TSMC would buy all of the equipment they would make. It all compounds along the supply chain.

Overreach and mission creep

Inserting the government as a gatekeeper to all significant chip exports would also tempt the government to use this as leverage to advance largely unrelated political goals. In the case of exports to China, where this leverage already exists, this has enabled an allegedly unconstitutional attempt to extract a 25% de facto export tax. More generally, various forms of discretionary government leverage over companies always have the potential for abuse, such as the pressure on social media companies seen during the Biden administration. And indeed many of the US companies most likely to deploy more than 200,000 B300s worth of compute abroad are also social media companies.

It’s tempting to treat this as a partisan issue based on which administration one trusts, but administrations ultimately turn over relatively quickly. If you create a particular system now, your political opponents will probably control that system sooner rather than later. And precisely this whiplash between administrations creates the kind of long-term regulatory uncertainty that can dampen, say, decisions to break ground on new chip fabs, which take years to pay back.

A market-based solution

So are you stuck choosing between fixed rules that will simply get circumvented, or flexible case-by-case decision-making that creates costly regulatory uncertainty and mission creep?

Our new working paper discusses one way to dodge this dynamic, by delegating key parts of export control enforcement to for-profit companies. This would create a competitive ecosystem of private actors with the flexibility to adapt and make case-by-case judgments, while still having predictable incentives that investors can plan around.

For the sake of simplicity, I will assume that the government mainly wants to prevent chips from going to foreign adversaries like China, but otherwise wants to export as much as possible. From this follows the problem: You want to sell to as many companies as possible, but you don’t want to sell to companies that would sell the chips to your foreign adversaries. But how can you tell which companies will do that?

In most cases exporters are nominally responsible for making these assessments, but as long as the importer can do a moderately convincing job of pretending to be a legitimate company, the exporter is not liable if the chips are diverted, so they have no incentive to dig deeper. The proposed rule reported by Bloomberg would task the Bureau of Industry and Security (BIS) with making these judgments, but this could be slow, and BIS itself has been known to make mistakes, such as leaving a major Chinese semiconductor manufacturing equipment maker on its Validated End-User list from 2013 to 2024.

Our proposal would improve on this by designating two complementary types of entities, which would need to be involved in relevant export transactions:

1. Export auditors would be responsible for detecting whether chips are diverted to foreign adversaries. This would complement BIS’s limited enforcement capacity.

2. Surety providers, essentially insurance providers, would issue “surety bonds”, i.e., agree to pay the fine to BIS if diversion happens. This positions them as gatekeepers, analogous to BIS deciding whether to grant an export license.

For some risky class of exports, BIS would then require the buyer to contract with an approved auditor and possibly to get a surety bond from an approved surety provider.

Export auditors

The purpose of the export auditor is simply to make it very likely that if diversion happens, it will, at least eventually, be discovered.

In practice, for detecting AI chip diversion, the job of the export auditors would be simple: Do random inspections of data centers and check that chips are still where they were supposed to be. Given that chips are generally housed in large data centers in huge quantities, it would be very quick and cheap for auditors to inspect the vast majority of chips.

Export auditors would also be free to innovate on their methodologies to achieve a given detection rate and speed more efficiently, e.g. by using technical location verification mechanisms or other technology. BIS would be responsible for approving and overseeing the auditors, ensuring that their methodologies and execution are rigorous, and issuing the ultimate fines for violations detected by the export auditors.

BIS currently conducts very few inspections like this. For the most part, the relevant sales to, say, Southeast Asia don’t require any kind of license, so BIS doesn’t even know the sale happened or where the chips are supposed to be, much less are they checking that they still are there.

A diagram of how the export auditor fits into the sales process. Surety not included.

Surety providers as gatekeepers

In many cases, auditing alone will suffice to deter diversion. However, some diverters will not be deterred, for example, because they intend to escape to China with the chips, beyond the reach of local or US law enforcement, so they do not care if the auditor finds out some months later.

To address these undeterred smugglers, some gatekeeper would be needed to block them from obtaining chips in the first place. This is where the surety provider comes in. A surety bond is essentially a three-party contract between the chip buyer, BIS, and the surety provider, in which the surety provider agrees to pay BIS the fine if the buyer is later found to have violated export controls, while the buyer agrees to pay that fine to the surety provider instead. BIS could require buyers to obtain such a surety bond before proceeding with certain transactions.

Importantly, the primary purpose of this is not to ensure that BIS gets the money. Rather, it is to give the surety provider an incentive to do thorough due diligence up front to ensure the buyer is unlikely to violate export controls. If the surety provider considers the prospective buyer suspicious, and the buyer cannot convince them otherwise, the surety provider can either only offer the bond for a high price, or more likely, not offer it at all. If the surety bonds seem too hard to get, BIS could even allow the bonds to only cover part of the fine to tune the bond price level.

Incentive alignment

The primary customer for both the auditors and the surety providers would be the importers. This would give both export auditors and surety providers an incentive to create an ecosystem where large volumes of exports happen (giving them more customers) while reducing rates of diversion. And both of them would be competing to make this process as frictionless as possible for the importers and exporters. At the same time, export auditors would compete for continued BIS approval by driving up their detection rates. (BIS should ideally do some of its own random inspections to have its own independent estimate of diversion rates.)

A competitive market of auditors and surety providers would also ensure that no single actor can unilaterally block a transaction, creating more predictability for exporters. Prospective buyers would also still have the option of going through BIS’s licensing process if they prefer, but working with surety providers would likely be a much smoother experience for most legitimate buyers.

How realistic is this?

The basic pattern of for-profit auditors is extremely common: Most forms of compliance audits and inspections in most industries are already performed by for-profit companies, often overseen by some regulatory body. The Occupational Safety and Health Administration identifies Nationally Recognized Testing Laboratories to do safety testing; the Public Company Accounting Oversight Board oversees US financial auditors; and in the European Union, regulators designate Notified Bodies to certify safety of medical devices and other products.

These regulations have created a class of companies that would be well-positioned to enter the export-auditing business if BIS chooses to create it. Two types of companies seem particularly promising:

1. Professional services firms such as the Big Four already perform various types of audits, which can include physical oversight such as overseeing inventory counts. These companies likely also have existing relationships with many of the relevant companies, making this a smooth expansion of existing auditing activities.

2. Testing, inspection, and certification (TIC) companies like Bureau Veritas and Intertek already perform numerous types of tests and inspections as “recognized laboratories” and “notified bodies”. Simply checking that chips are where they are supposed to be would be simpler than what they usually do, but they could be well-placed to perform more complex inspections.

There are also some startups and tech companies such as Lucid Computing and GeoComply developing relevant technical solutions that could act as export auditors or license their technology to export auditors. Even chip companies like NVIDIA would itself be incentivized to create technical solutions to make auditing easier and its products effectively cheaper for importers. Indeed, NVIDIA is already piloting such solutions.

Surety bonds are a slightly more unusual instrument, but are already used by Customs and Border Protection to ensure tariffs are paid. They are also widely used in construction to ensure that projects will be finished and maintained, or cleaned up, if the contractor goes out of business.

Surety bonds are provided for other purposes by regulated insurance companies, and the same insurance companies could provide these export sureties. Conceivably even the exporter itself could be allowed to issue the surety bond, the provider just needs to be large and liquid enough to be trusted to actually pay the fine if it comes to it.

BIS could likely implement this proposal purely using its existing authorities: BIS can specify practically anything as a condition for a license exception. This means that BIS could create a license requirement for particular countries, or globally (as the rule under current discussion would apparently do) but then create an exception to that license requirement for exports that are protected by an export auditor and a surety bond. Importantly, making this a license exception means that exporters would not need permission from BIS: As long as the exporter (or importer) has secured an auditor and a surety bond, they qualify for the license exception and can proceed, no questions asked.

Concluding thoughts

The maximal version of this idea would apply it globally, and this could be quite affordable once there is a mature ecosystem of sureties and auditors. However, while this proposal is based on existing patterns, the application to export controls would be novel, and there are currently no companies offering export auditing or export surety bonds. Likely the approach should be piloted in a more limited capacity, for example by imposing license requirements for particular Southeast Asian countries, but creating exceptions if the buyer is either:

1. A major US-headquartered cloud provider, or

2. Has hired an export auditor and secured a surety bond.

Export auditors could also be quite useful on their own, without the surety bonds. The surety bond element could be introduced if the auditors prove an insufficient deterrent. The introduction of auditors would also make it very easy to tell whether that deterrence is successful. This would allow the idea to be tested on a limited scale, and scaled up if successful.

Notably, BIS could likely do all of this using its existing authorities and resources, as there is little to no limit on what the conditions of a license exception can be.

In principle, market-powered solutions might be effective for nearly all export controls, but they are exceptionally well suited to the chip export enforcement problem, because it’s very easy for BIS to specify the goal (no diversion to foreign adversaries), and it is relatively straightforward to specify auditing schemes that will reliably detect whether the goal is reached (just count server racks). For the same reasons, this approach would likely generalize well to enforcing location-based restrictions on any high-value physical goods.

This approach could also be extended to verify compliance with more specific export rules regarding allowed end uses, such as detecting whether semiconductor manufacturing equipment is being used to produce a different type of chip than authorized, or whether chips have been connected together into a larger cluster than permitted.

It would be more challenging to extend a market-based approach to cases where the behavior being audited is less physically apparent. For example, verifying whether a particular set of chips in Malaysia are being rented to Chinese users might be of great interest to BIS, but would be tricky to verify, at least without massive privacy and security issues.1 At the same time, conventional BIS enforcement would suffer from the same obstacles, so opening this up to the market could be the best bet for finding a good solution. It would be useful for BIS to at least invite prospective auditors and importers to propose how this verification could be done.

As AI transforms the world, governments are unlikely to be able to keep up on their own. It is necessary to explore new ways to allow AI-enabled companies to innovate solutions to governance challenges as fast as AI itself poses those challenges.

A lot of work still needs to be done to get there. Before our proposal could even be piloted, BIS would likely need some “anchor auditors” and “anchor sureties” who have said they would be interested in providing this service if BIS creates the market. While our working paper is a lot more detailed than this piece, there is still a decent amount of messy policy detail that needs to be figured out, especially related to sureties. We are publishing the working paper to encourage discussion of the best ways to implement ideas like this. If you have feedback, or would like to be involved in making this happen, please reach out to us!