On June 9, a leading American lab launched two of its most capable models. Three days later, a U.S. export-control directive barred foreign nationals from accessing them on national security grounds. Unable to separate foreign users from domestic ones in real time, the company disabled both models globally. The lesson is blunt: an export policy that takes America's best tools offline for Americans too is not security. It is self-sabotage.
The Enforcement Gap No One Solved
The directive assumed a clean line between domestic and foreign users that simply does not exist in cloud-delivered AI. A model served over the internet cannot instantly verify the nationality of every person typing into it. Faced with an impossible compliance demand, the rational corporate response was to shut everything down. Policymakers wrote a rule that the architecture of modern software made unworkable, and pretended the friction would land only on adversaries.
Who Actually Loses
The damage falls in predictable places:
- American researchers and startups lost access to frontier tools overnight.
- The company absorbed reputational and revenue harm for obeying its own government.
- Rivals abroad gained a marketing gift: instability in the U.S. ecosystem.
- The targeted adversaries lost little, since determined actors route around single-vendor blocks.
Europe Reads the Room
The contrast with Europe is instructive. In June the European Commission published its Cloud and AI Development Act, building a sovereignty framework with tiered assurance levels, and bankrolled a frontier-model consortium backed by a 6,000-chip Blackwell cluster. Brussels is investing to build capacity. Washington is issuing directives that force its own champions to switch off. One of these strategies compounds national advantage. The other erodes it.
The Innovation Paradox
The deeper irony is that the same administration issued an executive order in June celebrating America's refusal to stifle AI with burdensome regulation, then days later imposed a control so blunt it functioned as the most burdensome regulation imaginable: a total shutdown. You cannot champion light-touch innovation policy in one breath and hand your labs an impossible compliance mandate in the next. Frontier AI moves at the speed of deployment, and a single poorly scoped directive can vaporize months of market momentum overnight. Adversaries, meanwhile, do not need to steal a model that the United States has helpfully taken offline for everyone. Restraint that lands hardest on your own innovators is not strength projected outward. It is a tax levied inward.
Security Without Sabotage
There is a legitimate national security interest in keeping the most dangerous capabilities out of hostile hands. But security policy has to be technically literate. Controls that ignore how cloud software is delivered will keep producing the same result: blunt rules, global shutdowns, and an American lead quietly handed to competitors who face no such whiplash. The goal should be targeted, enforceable safeguards, not theatrical bans that punish the home team hardest. Until regulators grasp the difference between protecting an edge and amputating it, every well-intentioned directive risks doing the adversary's work for free.