On June 12, the Commerce Department directed Anthropic to deny foreign nationals access to its Fable 5 and Mythos 5 models, regardless of where those users are located. In response, Anthropic has removed access to these models for all users. Through a secret letter issued without warning, the U.S. government effectively withdrew a technology globally. The Commerce order spotlights an unsettled question: When a person abroad — or a foreign national inside the United States — sends a prompt to an AI model and receives a reply, has the AI provider “exported” anything?
Targeting Fable/Mythos
On June 16, Bloomberg published the letter from Commerce that Anthropic received. As expected by commentators, the order was structured as an “is informed” license requirement under Part 744 of the Export Administration Regulations (the EAR), the rules administered by Commerce’s Bureau of Industry and Security (BIS) that govern what U.S. companies may send abroad. An “is informed” requirement is a tool that lets BIS notify a specific company, confidentially and in writing, that it now needs a license to export something.
This license requirement attaches to a kind of transaction that Commerce wants to target. Oddly, Commerce cited 15 C.F.R. § 744.22, a subsection specific to military-intelligence end uses by users from a defined set of countries, including Russia, China, and Venezuela. Yet the order purported to restrict access for all foreign nationals, as broadly defined by § 772.1. That definition includes all natural persons who are not lawful residents or citizens of the United States, as well as other entities not incorporated in the U.S. The letter also did not explain which military-intelligence end uses were enabled by Fable/Mythos.
Commerce also cited 50 U.S.C. § 4817(b)(1), a provision of the Export Control Reform Act (ECRA). The ECRA is the statutory backing for the EAR. This provision states that an agency may establish “interim controls” for emerging technology essential to national security.
Under the EAR, Anthropic has a plausible out: § 734.7 excepts from the EAR software that has been widely disseminated. The exception parallels the exception for preexisting “informational materials” in the Office of Foreign Assets Control (OFAC)’s sanctions regimes authorized by the International Emergency Economic Powers Act (IEEPA). Broadly speaking, both codify First Amendment values of free access to information.
What Is the Export?
Even granting that Fable/Mythos are controlled technologies, neither the regulation nor the statute establishes that access is an export. The letter targets export both by territory —“sending or taking” the model outside the United States — and by citizenship — “release of the model” to a foreign national. The second kind of transaction is called a “deemed export” under § 734.13(b), which states: “Any release in the United States of ‘technology’ or source code to a foreign person is a deemed export to the foreign person’s most recent country of citizenship or permanent residency.” In plain terms, handing controlled technology to a foreign national on American soil may count, in the eyes of the law, as shipping it to their home country.
Another interpretive question remains to be answered. Per the text of the EAR, a “deemed export” must be the release of a technology. Apart from Anthropic employees who directly use model weights,1 is permitting access to Fable by a foreign national “releasing” that model?
Recent regulations suggest that it is not. In a 2016 final rule, BIS explained that “merely seeing an item briefly” is not necessarily a release; nor is “potential access” to technology, because it does not “reveal” the underlying technology. BIS traditionally frames release as the transfer of an artifact of the technology — paradigmatically, source code. Cloud computing, for instance, was classified as a service not subject to the EAR. Similar to cloud computing, a Fable user never sees the model’s weights, its architecture, or its source code. The user sends a prompt over the internet and receives an HTTP response bearing the model’s answer. Treating that exchange as a “release” of the model’s technology is a considerable stretch. If it is not a release, then Commerce lacked the authority to restrict access for foreign nationals within the U.S.
Commerce will likely argue that cloud access to a frontier model is a subcategory of release. It may argue that the risk of “distillation” means mere access is equivalent to release. Distillation is the process by which some group of users can send a trained AI model a massive number of questions, then use those answers to train its own model. Anthropic itself has frequently cautioned that foreign AI laboratories such as DeepSeek have extracted model capabilities by systematically querying Anthropic’s models.
On the other hand, existing analogues in the EAR do not favor Commerce. As stated above, “theoretical or potential access” is not a release. Moreover, the EAR deals with a similar situation within software. Programs come in two forms: “source code,” the human-readable instructions written by a programmer, and “object code,” the inscrutable version actually executed by a computer. § 734.13(a)(2) expressly excludes object code from its definition of “deemed export.” And much like distillation, source code can be reverse engineered from object code — though the process is challenging and inefficient. If the bare possibility of laborious extraction does not turn object code into a controlled “release,” it is hard to see why the possibility of distillation should do so for model access.
Alternative Legal Theories
Professor Alan Rozenshtein has raised the possibility that individual AI outputs might each be an instance of “technology” if they are “information necessary” to develop items otherwise regulated by the EAR. That would dodge the problem of “release,” because each output is obviously released to a user. But the sweeping directive did not reference individual outputs, and it did not specify which controlled items were downstream of Anthropic’s models. Instead, the letter clearly targets the models themselves, imposing a license requirement on “Anthropic’s Claude Mythos 5 Model and Claude Fable 5 Model.” And further, Commerce may be targeting “potential access” to such outputs since they do not exist yet, which BIS has said is not release.
Could Commerce have sidestepped the “export” problem under a different legal authority within the EAR? In principle, instead of the deemed-export theory, it could have classified the models themselves under an Export Control Classification Number (ECCN). The ECCN system is the EAR’s list-based system, which assigns specific items to specific control categories. But that path is unlikely based on available information. The ECCN that would have covered model weights was to be created by the Biden-era AI Diffusion Rule, but in May 2025 Trump’s BIS rescinded that rule.2
If the EAR is a strained fit, could the Trump administration have leaned on a different agency? One candidate is the sanctions power wielded by Treasury’s OFAC under IEEPA. But comparing the two agencies reveals a checkerboard of authority in which no single regime squarely supports the directive.
In some respects, IEEPA reaches further than the EAR: Its delegation to the President covers not just exports but “transactions in foreign exchange” and dealings in property in which a foreign national holds an interest. OFAC’s Russia sanctions already extend to providing certain “cloud-based services.” Similarly, an access limitation on Fable/Mythos might be justified as implementing Executive Order 13873, which declared a national emergency with respect to the ability of foreign adversaries to exploit weaknesses in American information and communications technology or services (ICTS).
This alternative is even shakier than the EAR. First, as mentioned above, IEEPA carries a limit the EAR lacks — the Berman Amendment, 50 U.S.C. § 1702(b)(3), which bars controls on “informational materials.”3 Second, the ICTS Order is also an ill-fitting basis: it was designed to target imports, not exports; and it asks implementing agencies to determine whether “particular countries or persons are foreign adversaries.” Third, OFAC also has no direct analogue to the “is informed” license requirement under the EAR.
Commerce may attempt to analogize from OFAC’s sanctions regime to justify export controls on cloud services. However, the EAR draws its authority from a different statute — the ECRA — under which Congress has, through legislative acquiescence, appeared to ratify BIS’s authority to define “export” to include deemed exports. Whether OFAC’s reading of “transaction” to cover “cloud-based services” can simply be transplanted into the EAR to stretch the meaning of “release” is far from clear.
The upshot is that the directive’s legal backing appears novel and uncertain. The EAR permits regulation of deemed exports, but such exports must be “releases” of technology. OFAC, under its sanctions regime, regulates cloud-based services — but the two systems originate in different statutes. As a lawsuit filed on June 23 argues, Commerce’s probable position equating cloud-based model access to a release does not easily follow from either the ECRA or § 734.13.