Within data centers, Graphics Processing Units (GPUs) have emerged as key components, transforming how complex computations are handled. GPUs are employed for their ability to perform parallel data processing, making them ideal for a range of tasks, including scientific computations, machine learning algorithms, and processing large-scale data. As demand for infrastructure capable of supporting AI model training and inference has grown, the ability to host GPU servers has become increasingly important for data centers.
The increase in processing power that GPUs provide as compared to central processing units (or CPUs) has, however, given rise to disquiet amongst Western governments. In particular, the United States — where the biggest producers of GPUs are based — has expressed concern over their potential application for military and malign uses, and the Biden administration in January 2025 introduced comprehensive restrictions on the export and use of GPUs (the January 2025 AI Diffusion Rule). The Trump administration has also emphasized as a policy imperative the continuation (and even tightening) of these restrictions and has revoked the Biden-era restrictions and indicated that it will be replacing them with new restrictions, which as of the date of this GT Advisory have not yet been issued. This regulatory uncertainty leaves industry in an interim phase questioning how best to manage current and possible future restrictions on GPU exports and use.
Historically, data center operators that merely hosted the GPU servers of their tenants (rather than exporting or providing GPUs as a service) may have assumed U.S. export controls were not a material compliance concern. That assumption, however, may no longer be appropriate. U.S. export controls apply to the GPU hardware in perpetuity— meaning that even non-U.S. operators may face liability under the Export Administration Regulations (EAR) if restricted GPUs, controlled technology, or sanctioned end users are present in their facilities, even indirectly through tenants or sub-tenants. As regulators focus increasingly on the downstream use and custody of advanced computing hardware, data center operators should be prepared to demonstrate robust compliance measures and control frameworks. This includes knowing what GPUs are being hosted, where they were developed and manufactured, who owns and accesses them, and for what purposes they are used. This GT Advisory considers how data center operators who merely host GPU servers might navigate this hugely sensitive area.
We have produced this GT Advisory to give an overview of the current U.S. export and use restrictions and to offer insights that participants in this sector may want to consider to mitigate regulatory and reputational risk and prepare for future regulatory changes.
US Restrictions on GPU Exports and AI Model Use
a. Overview of U.S. Export Controls on GPUs
i. U.S. export controls regulate the physical export of GPUs from the United States and subsequent re-export to third countries. The January 2025 AI Diffusion Rule, and possible replacement regulations, may also seek to control post-delivery use of the GPUs for certain AI models.
ii. Under the Export Administration Regulations (EAR) administered by the U.S. Department of Commerce’s Bureau of Industry and Security (BIS), some U.S. export controls are based on the export control classification number (ECCN) of particular goods, software, and technology (to country destination, to nationality of recipient, to nationality of temporary custodians or lessees).
iii. In addition, the EAR also has restrictions and license requirements that are based on the particular end user, such as end users identified on the BIS Entity List.
iv. Currently, most GPUs are classified under ECCNs 3A090 and 3A991, which carry varying degrees of export licensing requirements. Under the EAR, various license exceptions are available for GPU exports. These require a fact specific, case-by-case analysis and may involve notifications or certifications to BIS.
v. If a license is required and no exceptions are applicable, the U.S. exporter (or third country re-exporter) may apply to BIS for a license. BIS’s review typically takes into account the parties involved, and, in the case of GPU exports or other computing technology, the potential for the exported goods to be diverted to China and/or used for the development of advanced AI or military capabilities.
vi. It is a violation of the EAR (even for non-U.S. persons or entities) to proceed with a transaction knowing that U.S. export controls have been, or will be, violated. For example, it would be a violation for a data center operator to knowingly purchase GPUs that were exported without an appropriate license, even if the GPUs were already outside the United States. Thus, in procuring GPUs, it may be advisable for data center operators to conduct diligence on all parties in the chain of custody of the GPUs and to verify that appropriate export licenses have been sought and obtained.
vii. Liability and penalties under U.S. export controls and economic sanctions:
1. Most export controls and economic sanctions are subject to strict liability, meaning it is irrelevant to a finding of violation whether the person knew or intended to violate the law. However, whether or not the specific offense includes a knowledge or intent element, enforcement agencies will typically view intent or knowledge of a violation as an aggravating factor when assessing heightened penalties. In the most egregious cases, BIS and OFAC may make criminal referrals to the U.S. Department of Justice (DOJ).
2. Current civil monetary potential penalties a U.S. economic sanctions or export controls violation can reach approximately USD $370,000 per violation or twice the value of the underlying transaction, whichever is greater. If U.S. sanctions or export control violations are prosecuted as criminal offenses, the criminal penalty can reach up to USD $1 million and for individuals, imprisonment for up to 20 years, though criminal referrals generally occur only in the most egregious cases (circumvention, evasion, or willful pattern of conduct with high-risk technologies and end users). Additionally, egregious violations may result in denial of export privileges or designation to the Entity List as a prohibited recipient of items subject to the EAR.
3. The responsibility for seeking export licenses (or determining the applicability of exceptions) falls on the exporter from the United States (and/or re-exporter from a third country). Recipients or intermediate consignees have a responsibility to prevent diversion of the items to unauthorized destinations or end users.
Operators should understand who owns and uses the GPUs in their facilities and verify (or at least take reasonable steps to verify) their compliance for risk management purposes.
b. Overview of Restrictions on AI Model Use of GPUs
i. The January 2025 AI Diffusion rule placed new restrictions on the export of GPUs (under ECCNs 3A090 and 4A090), but also on certain related services and use of AI technology itself.
ii. Specifically, the January 2025 AI Diffusion Rule applied export restrictions to closed-weight AI models trained with 10^26 computational operations or more. Additionally, the rule created a new foreign direct product rule that applied these controls to certain model weights produced abroad using advanced computing chips made with U.S. technology or equipment. Accordingly, even AI models developed outside of the United States with controlled U.S. technology were subject to the EAR end-use controls (which, for example, prohibit exports for the use of certain weapons development).
iii. The rule established a framework of license exceptions and allocations that depended on the destination country of the above-referenced chips and services. It separated countries into three groups: 1) U.S.-allied countries eligible for broad license exceptions (specifically, Australia, Belgium, Canada, Denmark, Finland, France, Germany, Ireland, Italy, Japan, Netherlands, New Zealand, Norway, Republic of Korea, Spain, Sweden, Taiwan, United Kingdom, and the United States); 2) restricted, arms-embargoed countries that are subject to stringent licensing requirements with a presumption of denial (China, Macau, Afghanistan, Belarus, Burma, Cambodia, Central African Republic, DRC, Cuba, Cyprus, Eritrea, Haiti, Iran, Iraq, North Korea, Lebanon, Libya, Nicaragua, Russia, Somalia, South Sudan, Sudan, Syria, Venezuela, and Zimbabwe); and 3) all other countries, a broad group, which included Malaysia.
iv. Violations of the model weight export carried the same penalties and risk as violative GPU exports noted above.
v. The Trump administration rescinded the January 2025 AI Diffusion Rule in May 2025 and we await a replacement rule (which is likely to be based on similar policy concerns and may be more stringent than its predecessor in some regards).
vi. Given the strict restrictions on transfers to China (including in some cases Chinese nationals or Chinese controlled companies in third countries), any company that exports, reexports, receives, or utilizes advanced GPUs should be mindful of the EAR controls and diversion risks. For example, if a data center operator provided access and/or GPUs as a service to a Chinese military end user, that may run afoul of U.S. export controls.
For data center operators, this means that even if no physical export occurs, AI workloads hosted within their facility may still trigger U.S. export concerns — especially if tenants are training or deploying advanced models involving Chinese entities or nationals.
c. Considerations for All Companies in the Sector (Whether Operators, Users, or Tenants)
Some GPUs are export restricted, and if exporters do not follow appropriate precautions, the GPUs may carry the “taint” of an EAR violation and create circumstances where future use and transfer of the GPUs might violate the EAR. Failure to perform due diligence or to manage restricted tenants might create liability exposure and reputational risk.
i. Exporters, data center operators, and tenants should consider the identity of the owner/landlord or tenant that may have physical access to the data center equipment (including in the course of installation/repair/servicing, site visits/inspections, government regulators/inspectors, etc.). Certain U.S. sanctions lists (including the Office of Foreign Assets Control (OFAC) Specially Designated Nationals and Blocked Persons (SDN) List and the Department of Commerce Entity List) include a “50%” rule that extends sanctions to the direct and indirect subsidiaries of sanctioned parties, so diligence reviews should extend to, and include, ultimate beneficial owners/parent entities.
ii. Data center operators and investors should note that any involvement by an Entity List party – whether through ownership, access to controlled items, or service relationships – triggers heightened compliance obligations and may preclude the transaction entirely without prior BIS authorization. Companies should consider maintaining robust compliance protocols, including screening counterparties and subcontractors against the Entity List, and consider obtaining legal counsel when assessing risk or applying for BIS licenses. Other restricted party lists that may arise in the context of data center transactions (particularly those with any nexus to China) include: (1) the Chinese Military-Industrial Complex Companies (CMICs) list, which targets investments by U.S. persons in China’s military-industrial complex and its related military, intelligence, surveillance, security research and development programs; and (2) the Department of Defense (DOD) list of entities owned or controlled by the Chinese military or communist party.
iii. Operators providing GPUs as a service should be aware that AI model training for malign uses is a concern for the U.S. government and may be part of the replacement to the AI Diffusion rule.
iv. Investors should note that U.S. regulatory regimes impose a range of restrictions and review mechanisms relevant to cross-border transactions in this space. For example, the U.S. government imposes restrictions on U.S. investor dealings in certain outbound investment transactions in the AI, semiconductor, and quantum computing sectors with parties in, or with a significant nexus to, China, Hong Kong, or Macau. On the flip side, non-U.S. investors looking at opportunities in the United States should be mindful of national security review under the Committee on Foreign Investment in the United States (CFIUS). Separately, the U.S. government also has broad authority to review cross-border transactions in information and communications technology or services (ICTS) involving U.S. entities or property subject to U.S. jurisdiction. Investors should consider these regimes when evaluating potential cross-border opportunities and partnerships.
d. Considerations for Data Center Operators Who Are Hosting Servers with GPUs (But Are Not Themselves Importing or Owning the GPUs)
i. Conduct detailed due diligence. Right-sized due diligence will depend on the circumstances but might include:
1. Diligence on all parties in the supply chain and project team and include a review of ownership;
2. Certification from the GPU exporters, reexporters, and intermediaries confirming their compliance with applicable export controls;
3. Confirmation from the GPU tenant/exporter as to the applicable ECCN of the GPUs to be located at the data center facility, together with the details of the relevant export license (or the applicable license exception) for the GPUs; and
4. Review of the Electronic Export Information supplied by the U.S. exporter of the GPUs.
Any gaps in a transaction or intermediaries who refuse to provide information may be viewed as a potential red flag. Note that a failure by intermediaries to obtain required information typically would not shield an operator from liability, particularly when there are inconsistencies in the supply chain or red flags that the operator fails to follow up on.
ii. Review the physical and virtual security protocols of the data center (e.g., visitor logs and badges and authentication and ID requirements for contractors).
iii. While we are waiting for BIS to issue a replacement rule, key compliance elements derived from the January 2025 AI Diffusion Rule may serve as a helpful commercial benchmark. For example, companies may wish to use the three-tier country groupings established in the January 2025 AI Diffusion Rule to conduct risk assessments or require additional contractual restrictions.
iv. Request warranties and indemnities in the lease/master service agreement that commit the tenant to compliance with U.S. laws (including laws and regulations related to GPUs), and include provisions for termination of the lease/master service agreement by the landlord in case of any breach of such laws (preferably with an acceleration of the rental payments for the remainder of the lease) or modification in the event of new laws being introduced.
v. Seek and obtain certifications from customers that the services will not be used to develop advanced AI models or AI for use in the military or surveillance sectors (particularly in regions with strong connections to China). Include audit rights, as well as termination provisions for breach of these. Require periodic recertifications.
vi. Require evidence of customers’ compliance measures to prevent use of services for prohibited activities.
vii. Review end-user requests and press statements for signs or red flags they are using services in a manner inconsistent with certifications.
viii. Monitor regulatory changes and develop contractual provisions to account for changing requirements.
For operators, compliance with U.S. restrictions on export control and use of GPUs is a matter of managing key operational and reputational risk. Investors, lenders, and major tenants increasingly expect to see documented compliance frameworks covering GPU hosting and AI workloads. Proactively integrating these considerations into leases, MSAs, and onboarding procedures may help protect operators from inadvertent violations and position them as trusted partners in the AI supply chain.