EU Defense AI: Dual-Use Technology Controls with EU AI Act Compliance
European defense organizations are trying to use AI without creating a compliance gap between export-control obligations, national security handling, and EU AI Act expectations around oversight and documentation. That usually means the operating challenge is not “which model is best.” It is “which interactions must never flow straight through, which providers are even eligible, and what evidence can we show afterward?” Keeptrusts is useful because it can make those questions operational. A defense route can use Dual-Use Filter to block or redact clear dual-use terms, Data Routing Policy to exclude providers that do not match the declared handling standard, Human Oversight to force an escalation result instead of normal output delivery, and Audit Logger to mark the decision stream for evidence export.
Use this page when
- You are deploying AI in an EU defense or national-security-adjacent environment that handles dual-use technology discussions.
- You need a practical runtime design for oversight, routing, and evidence, not a generic “responsible AI” statement.
- You want to line up export-control screening with review stops and compliance artifacts.
Primary audience
- Primary: Technical Leaders
- Secondary: Technical Engineers, compliance architects
The problem
EU defense AI programs often mix several distinct risk categories into one workflow. An assistant might summarize maintenance findings, draft export-review notes, analyze vendor documentation, or produce internal planning text. Some of those uses are ordinary productivity. Some touch dual-use technology terms or high-impact operational material. If everything runs through one route, the organization loses the ability to express different review rules for different outcomes.
There is also a data-handling problem. Even when content itself is not blocked, provider routing still matters. If an assistant route can fall through to a target with an unacceptable retention window, training posture, or internet-egress profile, the compliance story is already weak. This is why content controls alone are not enough for defense AI. Provider posture has to be part of the runtime decision.
The final challenge is honesty about scope. The EU AI Act is not satisfied by one gateway setting. Runtime controls can help enforce oversight, constrain routing, and produce documentation, but they do not replace your system-level risk classification, testing, documentation, or legal review. Teams get into trouble when they use a narrow technical control to imply full conformity. A better pattern is to be explicit: use the gateway for enforceable runtime boundaries and connect that evidence to the broader compliance program.
The solution
Start by separating dual-use screening from oversight. Dual-Use Filter gives you a term-based guardrail for clearly sensitive technical content. That is helpful because dual-use risk often begins with ordinary-seeming engineering language. The filter is not a substitute for export analysis, but it is a reliable way to stop obviously problematic requests from flowing onward.
Next, constrain the provider path with Data Routing Policy. In regulated defense environments, this is usually the control that turns a policy preference into an enforceable provider decision. Require zero-data-retention, training opt-out, short or zero retention windows, and local-only or no-egress posture when the route calls for it. If no configured provider satisfies that standard, block instead of quietly falling back.
Then use Human Oversight as an actual review stop. The currently documented implementation is simple: when action: escalate is present, the gateway returns an escalation result and withholds assistant content. That is precisely what many defense teams need for high-impact lanes. Pair it with Audit Logger and Export Compliance Evidence so the route produces artifacts that program governance can review. If the organization also wants fairness or discrimination analysis for a specific lane, keep expectations narrow and treat heuristic checks as supplementary rather than as a complete Article 10 answer.
Implementation
The route below is intentionally conservative. It blocks obvious dual-use terms, filters providers before selection, and escalates outputs instead of delivering them directly. That makes it appropriate for defense review lanes where the organization wants a human decision point before operational use.
pack:
name: eu-defense-review-lane
version: 1.0.0
enabled: true
providers:
targets:
- id: eu-local-review
provider: ollama
model: llama3.1:70b
base_url: http://localhost:11434
data_policy:
zero_data_retention: true
training_opt_out: true
retention_days: 0
in_memory_only: true
sanitized: true
allow_internet_egress: false
local_only_processing: true
policies:
chain:
- dual-use-filter
- data-routing-policy
- human-oversight
- audit-logger
policy:
dual-use-filter:
blocked_terms:
- intrusion software
- telecommunications interception
- uranium enrichment
- precursor chemical
action: block
fuzzy_matching: true
max_distance: 1
data-routing-policy:
require_zero_data_retention: true
require_no_training: true
max_retention_days: 0
require_in_memory_only: true
allow_internet_egress: false
local_only_processing: true
on_no_compliant_provider: block
log_provider_selection: true
human-oversight:
action: escalate
audit-logger: {}
This route is useful because every control does one clear job. dual-use-filter handles obvious content risk. data-routing-policy removes non-compliant providers before routing. human-oversight forces a review stop. audit-logger marks the route in the decision stream so downstream evidence export remains tied to an identifiable control set. The shortest validation loop is to lint the config, run the gateway, submit a known dual-use prompt, submit a known non-dual-use prompt, and confirm that the second case still escalates rather than returning assistant content directly.
Results and impact
The main benefit is that EU defense teams stop collapsing several governance questions into one vague notion of “safe AI.” They get a route that screens content, constrains routing, and forces human review where it matters. That is a much better operational fit for high-impact defense workflows than a permissive assistant with a policy document sitting somewhere else.
It also improves documentation quality. When reviewers ask how the route enforces oversight or what happens when no provider satisfies the declared handling standard, the answer is visible in the route and the event trail. That gives the broader compliance program better raw material for audits, conformity work, and internal control reviews.
Key takeaways
- EU defense AI needs separate answers for content screening, provider eligibility, and human review.
- Dual-Use Filter is a useful export-control helper for clear terms, not a full legal judgment.
- Data Routing Policy is what turns provider-handling requirements into runtime enforcement.
- Human Oversight should be treated as a deliberate escalation switch, not as a full workflow engine.
- Runtime controls support EU AI Act compliance work, but they do not replace full system-level conformity obligations.