Skip to main content

EU Defense and Dual-Use: Governing AI for Export-Controlled Technology

AI can accelerate engineering, procurement, and document analysis in defense-adjacent environments, but that does not make export-control obligations disappear. In the EU, the main legal anchor for dual-use trade controls is Regulation (EU) 2021/821, alongside national export-control implementation and the Common Military List for defense items. Organizations working with controlled technical data, components, specifications, or supplier communications need more than a generic security policy. They need a route that makes it harder for export-controlled material to flow into or out of an AI system unnoticed. Keeptrusts helps by enforcing technical guardrails at the gateway boundary. It does not determine whether a specific item is legally controlled, and it does not replace export-control review.

Use this page when

  • Your teams use AI around defense, aerospace, advanced manufacturing, or other dual-use technical programs.
  • You need keyword- and route-level controls for potentially controlled technical material.
  • You want an implementation pattern that combines export-control screening with provider restrictions and review.

Primary audience

  • Primary: Security engineers, export-control teams, defense platform owners
  • Secondary: Engineering managers, procurement security teams, compliance officers

The problem

Export-controlled AI failures are often ordinary workflow failures. An engineer pastes a subsystem description into a general assistant. A sourcing team asks an LLM to summarize a supplier packet that includes controlled data. A project team uses AI to draft a response around a defense-adjacent design without realizing the supporting text contains technical details that should have stayed inside a controlled review path.

The mistake is usually not malicious. It is architectural. The AI route was designed like a productivity tool, not a protected technical workflow. That means the organization has no deterministic check for controlled terms, no route-specific provider restrictions, and no enforced review stop when a draft becomes sensitive.

Keyword matching alone is not enough. Export classification is contextual, and many borderline cases need human judgment. But keyword and route controls are still valuable because they remove the easiest failure modes: obvious controlled references, casual copy-paste into the wrong route, and unsupported direct delivery of sensitive drafts.

The solution

The most practical model is a dedicated defense or dual-use route. That route should use technical screening, restrict provider handling, and require review when the workflow is sensitive enough that an assistant response should never be delivered directly.

Keeptrusts has documented policies that support that pattern. Dual-Use Filter screens for dual-use and proliferation-related terms. ITAR/EAR Filter is useful when US-origin controls or joint program requirements are also relevant. Data Routing Policy can narrow provider selection for controlled workflows. Human Oversight forces a review stop. Audit Logger marks the route as auditable. If you also need restricted-party checks, Entity List Filter is the natural companion.

The important governance point is to describe these controls honestly. They are technical guardrails, not export determinations. They make accidental misuse harder and evidence clearer. They do not decide licensing, classification, or end-use legality.

Implementation

The example below shows a guarded route for defense-adjacent technical assistance where obvious export-control markers should trigger blocks and every output should be reviewed.

pack:
  name: eu-dual-use-guarded-route
  version: "1.0.0"
  enabled: true

providers:
  targets:
    - id: controlled-review-provider
      provider: openai
      model: gpt-5.4-mini-mini
      secret_key_ref:
        env: OPENAI_API_KEY
      data_policy:
        zero_data_retention: true
        training_opt_out: true
        retention_days: 0
        in_memory_only: true
        allow_internet_egress: false
        local_only_processing: true

policies:
  chain:
    - dual-use-filter
    - itar-ear-filter
    - data-routing-policy
    - human-oversight
    - audit-logger

policy:
  dual-use-filter:
    blocked_terms:
      - centrifuge
      - maraging steel
      - intrusion software
      - precursor chemical
    action: block
    fuzzy_matching: true
    max_distance: 2

  itar-ear-filter:
    blocked_terms:
      - "missile guidance"
      - "night vision"
      - "export controlled"
    fuzzy_matching: true
    max_distance: 1

  data-routing-policy:
    require_zero_data_retention: true
    require_no_training: true
    max_retention_days: 0
    require_in_memory_only: true
    allow_internet_egress: false
    local_only_processing: true
    on_no_compliant_provider: block
    log_provider_selection: true

  human-oversight:
    action: escalate

  audit-logger: {}

This route is intentionally conservative. It will produce false positives if you try to use it as a general engineering assistant, which is why route separation matters. Use it only where the workflow is already export-sensitive. For ordinary internal drafting, create a different route. For controlled technical work, the friction is part of the governance value.

Results and impact

The first benefit is obvious misuse reduction. Teams are less likely to paste defense-adjacent material into an unconstrained route. The second benefit is better review discipline. If a route handles export-sensitive work, the assistant does not quietly deliver a polished answer that looks ready to send. It escalates, and the decision stream records what happened.

This also improves collaboration between engineering and export teams. Instead of asking people to remember every control requirement in the moment, the platform enforces the first layer and hands the ambiguous cases to human review. That is a stronger operating model than training alone.

Key takeaways

  • EU dual-use and defense-adjacent AI workflows need route-specific controls, not generic productivity tooling.
  • Technical term filters are helpful guardrails, but they are not legal classification engines.
  • Provider restrictions and review stops matter as much as term matching.
  • Use a dedicated route for controlled work so the friction is intentional and explainable.
  • Keeptrusts helps create a defensible first line of control for export-sensitive AI usage.

Next steps