The Framework for AI Diffusion: What You Need to Know

Why the EAR Update Matters 

On January 13, 2025, the Department of Commerce’s Bureau of Industry and Security (BIS) finalized the latest revision to the Export Administration Regulation (EAR) (15 CFR Parts 732, 734, 740, 742, 744, 748, 750, 762, 772, and 774) to enhance controls on advanced computing integrated circuits (ICs) and introduce new requirements for the export control of artificial intelligence (AI) models. The new EAR changes aim to regulate the global distribution (“diffusion”) of AI models to protect U.S. national security and foreign policy, while still allowing for technological advancement. 

Applicability 

The AI Diffusion Memo is specifically targeting Validated End Users (VEUs) and their respective data centers. VEUs are those who have been previously approved by BIS to export, reexport, and transfer eligible items (e.g., AI Models). A data center is the facility or facilities that house advanced computing ICs, including servers, storage devices, and networking equipment, which are essential components to the export, reexport, and transfer of AI models, weights, training data, and other eligible items. 

The party that has the ownership and/or operation over the advanced computing ICs is considered the Data Center VEU. Data Center VEUs can have two authorizations: Universal or National. 

• Universal: Designated for companies headquartered in low-risk countries (See supplement no. 5 to Part 740) which grants data centers with a single authorization to use and build data centers anywhere in the world (with the exception of countries in list Country Group D and Macau) 
• National: Designated for companies headquartered in other countries in Country groups A, B, D1-4.  

Export License Requirements 

To become an Authorized VEU, the organization must meet the following license requirements: 

• Licenses: Required to export, reexport, or transfer advanced computing ICs or the AI model weights to any end user in any destination (with noted exceptions). Licenses typically have a four-year validity period. 
• License exceptions: Available for open-weight models, low-risk countries, and quantities below the amount necessary to train advanced AI models (i.e., up to 26,900,000 Total Processing Performance (TPP) per year). 
• License Authorization: BIS will review applications for export licenses based on the sensitivity of the destination, quality of the computer power, performance of the AI model, and the VEU’s track record for meeting cyber, physical, and supply chain security requirements (see below). 

Key Security Requirements 

In order to become an Authorized VEU, the organization must meet the following cyber, physical, and supply chain security requirements within Supplement No. 10 to Part 748: 

Cybersecurity Requirements: 

• The VEU's datacenters must comply with the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Revision 5 at a FedRAMP High baseline, including controls AC-3(7), AT-2(1), CA-8(3), CM-7(4), CM-11(2), IR-4(14), PE-3(3), PM-3, and PS-7. Compliance with the controls must be annually attested by a Third-Party Assessment Organization (3PAO). 
• The VEU must have a defense in depth risk management framework to assess threats and vulnerabilities to calculate the likelihood and impact of risks 
• The VEU must comply with best practices in the NSA’s Deploying AI Systems Securely 

Physical Security Requirements: 

• Data centers must comply with the Department of Defense (DoD) Unified Facilities Criteria (UFC) 4-010-05, Sections 3-4.4.1, 3-4.6.10, and 3-4.17.3  
• The VEU must have a personnel vetting model for individuals with access to the VEU data center and/or corresponding systems in alignment with U.S. Department of Treasury, Office of Foreign Assets Control (OFAC) Specially Designated Nationals List (SDN) or other OFAC sanctions lists. 

Supply Chain Security Requirements: 

• The VEU data center must maintain a list of all vendors and customers within the AI supply chain and be aware if advanced computing ICs are used for AI model training and if so, validate there are appropriate licenses in place. The VEU should be aware of any “Red Flag” warnings in alignment with Supplement No 3 Part 732.  
• The VEU must work directly with AI chip provider(s) within the supply chain to maintain a shipment security plan to ensure chain of custody, anti-tampering measures, and tracking mechanisms to prevent loss or theft. 
• The VEU must maintain a comprehensive AI lifecycle management process to include appropriate sanitization and disposal procedures 

Note: If the VEU does not have direct control over the data center and its advanced computing ICs, it must inform BIS of other entities involved in operations of the data center and obtain written assurances that the data center meets the requirements of this memo. 

How Coalfire Can Support: 

In order to comply with BIS’s 3PAO attestation requirement, the VEU must find a 3PAO who is accredited and recognized by the FedRAMP Program Management Office (PMO) and who has successfully completed a certification of a FedRAMP-high Cloud Service Provider. 

Coalfire delivers a full lifecycle of solutions through professional services, managed services, and technology platforms to help our clients and federal agencies solve their toughest cyber challenges. With more than 20 years of proven cybersecurity leadership, Coalfire combines extensive cloud expertise, industry knowledge, and innovative approaches to fuel success. 

As a 3PAO since 2015, Coalfire has assessed 114 products listed on the FedRAMP Marketplace. Coalfire’s team of qualified assessors can help navigate the complexities of the EAR update and validate the design and effectiveness of the cyber, physical, and supply chain security requirements.  

For additional information, please see Coalfire’s FedRAMP 3PAO assessment services and AI Risk Management offerings.