It’s now well reported that on June 12, 2026, US Commerce Secretary Howard Lutnick sent Anthropic a letter requiring a license to export its Claude Mythos 5 and Claude Fable 5 models to any foreign national, located abroad or in the United States.1 The letter is an “is-informed” notice, an official type of notification the Bureau of Industry and Security (BIS) can send to a specific company to tell it a license is required without having to first go through the typical notice-and-comment rulemaking process. This letter relies on BIS authorities established in the Export Control Reform Act of 2018 (ECRA), which is the legislation that provides BIS with its statutory authority to regulate US exports. According to reports, the administration’s concern over vulnerabilities in Anthropic’s model had been building after it found out that a South Korean telecom company suspected of ties to China received access to Mythos during Anthropic’s expansion of Project Glasswing to US partner countries.2 Anthropic’s statement about the letter also points toward a jailbreak report on Mythos and Fable that it believes the administration is relying on when it cites national security concerns.

This type of export control on a frontier AI model has not been done before. Apart from the control the Biden administration briefly placed on certain closed-model weights in its AI Diffusion Rule before it was rescinded, this is the first time the US government has placed a license restriction on an AI model. And from the information available to the public so far, the government appears to be restricting not just model weights, but remote access to the model by targeting user access via API, web browser, and app services.3 Following the letter’s instructions that Anthropic needs a license to transmit or release the models, Anthropic shut down user access. If this new export control is restricting remote access to Anthropic’s model as it appears to do, this could constitute a reinterpretation of what BIS counts as an “export,” challenging how the Bureau has historically viewed authorities over remote access, and therefore cloud services.

This post reviews three things: BIS authorities cited in Secretary Lutnick’s letter, uncertainties over how the license restriction is implemented and what new precedents Commerce could be setting for BIS authorities, and what this means for remote access and cloud services. The post concludes that:

1. What is controlled? The most likely reading of the letter is that it controls user access to Anthropic’s model, not just the model weights, which is the first time the US government has taken such action.

2. Which end users require a license? The letter points to license restrictions on a set of end users broader than those covered by cited authorities. It cites its authorities as being based on a “catch-all” military-intelligence control written in the Code of Federal Regulations as scoped to a defined set of countries. However, the letter imposes restrictions on all destinations worldwide. This could set a new legal precedent.

3. What does this mean for remote access? The letter has implications for BIS authorities over remote access services. If remote access to the Anthropic models counts as a transmission or release of controlled technology as the letter implies, this conflicts with previous advisory opinions on remote access to other controlled items, like uncontrolled cloud services that provide controlled compute.

What is controlled and which end users require a license?

ECRA authorities cited in the letter

The letter to Anthropic rests on statutory authorities established in ECRA and several implementing regulations in BIS’ Export Administration Regulations (EAR). The letter cites the following ECRA authorities which cover Commerce’s ability to establish interim controls on emerging technology and send an “is-informed” letter to an individual company:

• 50 U.S.C. § 4817(b)(1) - BIS can establish export controls through the EAR on emerging and foundational technology, including through interim controls, “such as informing a person that a license is required for export.”

• 50 U.S.C. § 4813(a)(15) - BIS can maintain a process to inform persons by specific notice that a license is required.

The EAR are the implementing regulations for ECRA. The letter specifically cites several sections from it that authorizes BIS to send a company like Anthropic an “is-informed” letter and to place a license requirement on sending a model out of the United States, sending the model from one foreign country to another, in-country transfers within a foreign country, and releasing the model to a foreign person within the United States:

• § 744.22(b) - authorizes BIS to inform persons by specific notice that a license is required for certain exports, reexports, or in-country transfers of items subject to the EAR because there is an unacceptable risk of military-intelligence end use in a prohibited country.4

  • There are several sections in the EAR that reference BIS’ ability to send an “is-informed” letter; this is one of them. In this section the restriction is tied to “certain military-intelligence end uses or end users.” This is worth noting as the letter says, “consistent with these authorities”, the Mythos and Fable models are under a license requirement to all destinations worldwide and to all foreign persons, wherever located. The military-intelligence end users listed in § 744.22(b) are only a subset of countries, not “destinations worldwide.”

• § 734.13(a)(1) and § 734.14(a)(1) - authorizes BIS to restrict exports defined as “an actual shipment or transmission out of the United States,” or “from one foreign country to another.”

  • As discussed below, it’s not yet clear what exact shipment or transmission is being restricted. The letter says it’s the model but what part of the model does that mean?

• § 734.16 - authorizes BIS to restrict in-country transfers, meaning “a change in end use or end user within the same foreign country.”

• § 734.13(a)(2) and § 734.14(a)(2) - authorizes BIS to restrict “releasing or otherwise transferring ‘technology’ or source code (but not object code) to a foreign person in the United States” or “to a foreign person of a country other than the foreign country where the release or transfer takes place” (referred to as a “deemed export or reexport”).

These authorities and implementing regulations are clear and well-established. What is not so clear is how Commerce is considering Anthropic’s AI models “subject to the EAR”5 or how these authorities are used to impose license restrictions on foreign persons worldwide.

What part of the model is controlled?

It’s not clear what aspect of the model is subject to the EAR, but it seems like at least the model application layer is being restricted here. The letter says that Fable and Mythos models are subject to the EAR, but what does that mean? BIS does not have an established definition of “AI model.” Is it the model weights, algorithms, applications providing access to the model, or specific model outputs? All of the above? Each would carry different implications, and some could set a new legal precedent as discussed below regarding remote access.

Given that Anthropic responded to Lutnick’s letter by restricting both models at the application layer, it seems the licensing requirement is on more than just the model weights, but any user access to the model.

• Restricting model weights: In January 2025, the Biden administration added an export control classification number (ECCN) 4E091 to the Commerce Control List (CCL) which would control closed AI model weights trained above a certain compute threshold, which Mythos and Fable would certainly have met. The rule was rescinded in May 2025 and though 4E091 remains listed on the BIS CCL, it is no longer enforced. The Trump administration’s statement rescinding the rule last year said BIS would publish a regulation formalizing the rescission and would issue a replacement rule in the future. It’s possible the administration is reinstating enforcement on 4E091. If in Anthropic’s planned rollout of Mythos to partner countries the intention was to store the model weights in that country, 4E091 could come into play. But it wouldn’t explain the restriction on access to the model at the application layer.

• Restricting model application: If this was the level the licensing requirement was intended to apply at, it would be the first time BIS has placed a licensing requirement on an AI model at this level. The use of the 50 U.S.C. § 4817(b)(1) authority makes sense in this light because it is explicitly scoped to include interim controls on emerging technology. Restricting the model application would include access to API services and user interfaces like the web browser and desktop/mobile applications. If this is the case, there could be a new legal precedent set here for BIS rules on remote access more generally, including cloud services discussed further below.

  • It’s worth noting that BIS already controls software extensively, even software categorized under EAR99. For example, this June 2024 rule prohibiting software updates to Russia and Belarus. But that control is still about transmitting software outside of the country, which does not contradict limits to BIS authorities over remote access services as described in the next section. Controls at the model application layer restrict access of a running model, rather than a software transmission.

• Restricting model outputs: Another option is that Commerce could treat certain model outputs as the item subject to the EAR.6 Because users are able to use these LLMs to write source code, it’s possible that some outputs could be classified as an existing ECCN that covers certain types of cyber software programs, or potentially outputs that contribute to WMD development or AI decision support to military-intelligence end users. The letter doesn’t cite the CCL or a specific ECCN number, so I don’t think BIS chose this option.

What end users are restricted?

It’s not clear where the authorities lie to restrict exports to “all destinations worldwide.” The military-intelligence “catch-all” control referenced in Part 744.22 of the EAR can be used to impose a license restriction if there is knowledge that the item is intended for military-intelligence end use in or by an end user of one of the following listed countries:

• Belarus, Burma, Cambodia, China, Russia, Venezuela

• Country Group E:1 or E:2, which includes Cuba, Iran, North Korea, and Syria.

The authority used here is far from reaching foreign nationals “worldwide.” It could be that BIS assumes Anthropic is unable to perform adequate Know-Your-Customer protocols, and therefore delineating between all customers worldwide and prohibited military-intelligence end users is infeasible, so in order to prevent prohibited foreign nationals’ access, Anthropic must prohibit all foreign nationals. Alternatively, there may not be methods to restrict model outputs once acquired, even if by users in countries not covered above. It is possible one of these reasons is why Anthropic chose to restrict access to US citizens as well. From its statement, “the net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance.”7

What does this mean for remote access and cloud services?

Since 2009, a series of BIS advisory opinions have held that providing computational capacity is not an export, because the provider transmits no commodity, software, or technology to the user.8 The 2014 opinion specifically addresses Software-as-a-Service, concluding that when a user operates software in a cloud without downloading it, there is no export of software and no basis for a license requirement.

The US House of Representatives passed the Remote Access Security Act (RASA) earlier this year, and the Senate has a more detailed companion bill in the works that would update and clarify BIS authorities with regard to cloud services.

To be clear, RASA and the Mythos/Fable letter target different layers of the AI stack. RASA is aimed at the compute and infrastructure layer via the cloud service providers that provide compute capacity to foreign persons. The Mythos/Fable letter is aimed at the model layer, and presumably, user access to the model as discussed above. But depending on how BIS is implementing the license restrictions, this could change how ECRA authorities on remote access are considered to any layer of the AI stack. If the letter means that BIS is regulating users’ remote access to AI models, this potentially introduces a new standard for remote access across the board.

Does the letter overturn the advisories? If the license requirement targets access to the hosted model through the API, website, or app interface, then it contradicts the 2009 services advisory, and could arguably overturn it by implication. The advisory stated that providing computational capacity is not an export because no item subject to the EAR is transmitted. But if a foreign person querying a hosted model counts as an “export” of that model, the premise of the advisory might no longer hold. Legal analysis would be required to explore the extent to which this sets relevant precedent.

What does this mean for RASA? The RASA bills were drafted because members of Congress wanted to ensure BIS had clear statutory footing to act on remote access to controlled compute. If all the above holds true, the letter to Anthropic could make it seem like a RASA-type legislation is unnecessary for BIS to move forward on cloud controls, but I think this past week emphasizes why specific, scoped definitions in RASA are really important. First, if the goal is to establish BIS authority over remote access to controlled items, a statute is preferable to a one-off is-informed letter. Second, there is a scoping question on what kinds of services will be included. The Senate version of RASA defines cloud infrastructure services at the Infrastructure-as-a-Service level. But if BIS is extending authorities over access to a model’s API, website, and app services, that’s at the Platform-as-a-Service (PaaS) and SaaS levels, which is more encompassing than IaaS. This could mean nearly unlimited scope over remote access more akin to the House version, which doesn’t bound internet and cloud services with a specific definition.9

Conclusion

For now, it’s not certain what this will mean for cloud services, or other remote access services in general, until Commerce clarifies what it is actually restricting when it says the “model” is controlled. It’s also worth considering that the dynamics of this export control case may change quickly. G7 talks earlier this week could lead to access for “trusted partners” again as country leaders reportedly discussed with Secretary Lutnick a scheme to grant access to frontier US models.10 If something like that comes together, the legal questions here might be deferred and remain unanswered. But still, if the letter stands, the authorities cited here will likely resurface again in future cases down the road and could potentially serve as a new reference point for cloud services instead of the three previous advisory opinions.