Key Takeaway

The US enforcement environment for AI technology exports has shifted materially in the first quarter of 2026. Record penalties, criminal indictments reaching into corporate boardrooms, novel securities liability exposure, and a unanimous Congressional committee vote mandating hardware-level chip location verification have collectively transformed the risk calculus for every company in the AI technology supply chain: exporters, data center operators, cloud providers, and investors alike. The apparent relaxation of controls on H200 chip exports to China has not changed this trajectory; if anything, the two dynamics are running simultaneously and in the same direction. This alert identifies five enforcement signals from the past 90 days that should prompt an immediate review of AI-related compliance programs.

Signal 1: Record Penalties Confirm That Corporate Structures Do Not Insulate Exporters

In February 2026, BIS announced a $252 million settlement with a materials engineering company, the second-largest standalone penalty in BIS history and a statutory maximum, for the illegal export of semiconductor manufacturing equipment to a Chinese Entity List company through a South Korean subsidiary. [1] The routing of controlled technology through an intermediate subsidiary did not provide a defense; compliance personnel responsible for the shipments were terminated as a condition of settlement.

This case follows the July 2025 resolution with an electronic design automation company, in which coordinated DOJ and BIS penalties exceeded $140 million for illegal exports of semiconductor design technology to Chinese entities supporting military supercomputer development. [2] Violations in the case occurred between 2015 and 2020; enforcement concluded a decade later. The lesson is not merely that penalties are large. It is that corporate structures, subsidiary relationships, and the passage of time do not insulate organizations from liability. With BIS seeking to double the ECRA statute of limitations from five to 10 years, the extension if enacted would make compliance failures occurring today actionable through the mid-2030s. The tail risk of unresolved compliance exposure is extending, not contracting.

BIS Assistant Secretary for Export Enforcement David Peters has stated publicly that “too often, companies treat BIS’ penalties as a mere cost of doing business.” [3] Current maximum civil penalties of approximately $374,000 per violation are well below the $1.2 million ceiling available under the Arms Export Control Act, and Peters has asked Congress to close that gap. Companies should plan for a penalty environment that is materially harsher than the one in which they have historically operated.

DOJ is sending parallel signals. On March 30, 2026, the DOJ National Security Division (“NSD”) issued a Press Release adopting the previously announced DOJ-wide Corporate Enforcement Policy (“CEP”). [4] The NSD alert states that, technology businesses and their personnel, “are at the forefront of protecting the national security of the United States by preventing the unlawful export of sensitive commodities, technologies, and services, as well as unlawful transactions with sanctioned countries and designated individuals and entities.”  The alert also emphasizes NSD’s commitment to vigorous criminal enforcement of EAR, ITAR, and CFIUS authorities. This communication drives home the criticality of active controls for identification, escalation, reporting, and resolution of potential national security regulatory violations.

Signal 2: Criminal Liability Is Reaching Corporate Leadership

The March 2026 indictment of the cofounder and then-senior vice president of an information technology company for allegedly directing the diversion of $2.5 billion in Nvidia-powered servers to China through a Southeast Asian intermediary represents a significant escalation in the criminal enforcement posture. [5] The indictment alleges that the scheme was orchestrated at the senior leadership level, not by rogue employees acting outside corporate knowledge.

A separate March 2026 indictment charged two US citizens and a Chinese national with using a Thailand-based front company to acquire export-controlled chips for illegal shipment to China. These cases follow DOJ’s December 2025 Operation Gatekeeper, which disrupted a multi-defendant network responsible for at least $160 million in AI chip exports to mainland China and Hong Kong SAR. The enforcement theory in these cases shares a common feature: the use of third-country intermediaries and front companies to obscure the ultimate Chinese destination of controlled technology. This is the same diversion pathway that BIS’s May 2025 AI chip diversion guidance specifically identified as a red flag requiring enhanced due diligence. Companies that have not updated their distributor and reseller oversight programs to reflect that guidance face meaningful exposure. [6]

Signal 3: Securities Liability Is Now a Downstream Consequence of Compliance Failures

On March 25, 2026, a class-action complaint was filed in the Northern District of California against an information technology company, alleging that the company misled investors by failing to disclose that a significant portion of its server sales to Chinese companies violated US export controls and that its export compliance program had material weaknesses. [7] The complaint followed the indictment of the company’s cofounder by approximately one week.

This case introduces a compliance risk dimension that most AI technology companies have not fully integrated into their governance frameworks. Export control failures that are not disclosed and that later emerge through enforcement action or indictment are now directly actionable as securities fraud claims, affecting not only the company’s regulatory standing but its share price, investor relationships, and director and officer exposure. Boards and audit committees of public companies with material AI technology export activity should treat this investor litigation as a threshold warning and assess whether their disclosures adequately reflect export compliance risk.

Signal 4: Remote Access to Controlled Computing Infrastructure Is an Active Enforcement Priority

The Remote Access Security Act (RASA), passed by the House, 369–22, in January 2026, would extend export control jurisdiction to cloud-based access to controlled GPU capacity, treating the provision of remote compute access to a foreign person as an export transaction subject to the same licensing requirements as a physical shipment. [8] BIS has already signaled, without waiting for RASA to become law, that providing access to advanced computing integrated circuits for training AI models may trigger existing EAR Part 744 catchall controls when there is reason to know the access will benefit Country Group D:5 end users.

A federal prosecution concluded in March 2026 illustrates how the remote access theory translates into criminal liability. Three individuals, including an active-duty US Army soldier, pleaded guilty to wire fraud conspiracy for allowing overseas IT workers (believed to be North Korean) to access US-based computer networks through credential-sharing. The defendants were not charged with physically exporting technology. They were charged with facilitating unauthorized remote access through credentialing, and one defendant received a one-year prison sentence with forfeiture of over $193,000. [9]

For data center operators, cloud service providers, and sovereign AI platform operators, this enforcement posture creates affirmative obligations that go well beyond traditional know-your-customer programs. Every tenant relationship, every API access grant, and every IaaS arrangement involving foreign persons in countries of concern is a potential compliance event. The identity verification, access control, usage logging, and anomaly detection architecture governing who can connect to controlled computing infrastructure are not IT governance choices; they are export compliance mechanisms.

Signal 5: Congress Is Mandating Hardware-Level Verification, and the Vote Was Unanimous

On March 26, 2026, the House Foreign Affairs Committee voted 42–0 to advance the Chip Security Act, which would require BIS to establish chip security mechanisms for export-controlled advanced integrated circuits classified under ECCNs 3A090 and 3A001.z. [10] The bill’s mandated mechanisms include periodic on-site audits or inventories of exported chips, periodic attestations from license holders, and ping-based location verification. Chipmakers would be required to report credible information about potential diversion of sensitive technology to restricted actors. A Senate companion bill has been introduced by Sen. Tom Cotton.

The 42–0 vote is notable not just for its outcome but for what it reveals about the political dynamics. The bill attracted support from Republicans and Democrats, China hawks and commercial pragmatists, in a committee that has been deeply divided on related questions of chip export policy. The unanimity reflects a consensus that verification of where exported chips actually end up, and who is using them, is a national security imperative that transcends the commercial and diplomatic debates over how many chips should be sold to whom.

The Chip Security Act should be read alongside RASA, the AI Overwatch Act (advanced 42–2 in January 2026), the Match Act, and the GAIN AI Act as part of a coherent legislative architecture: Congress intends that advanced AI chips be subject to continuous, verifiable oversight from export through operational life. Companies that are waiting for a specific bill to become law before building verification architecture into their compliance programs are waiting too long. The legislative direction is clear, and regulators do not require enacted legislation to raise compliance expectations in advance of enactment. [11] The operational architecture that satisfies this legislative direction is what A&M NSTT calls verification-by-design: compliance and verification controls built into the full AI stack from the first design decision, not retrofitted after deployment. A forthcoming white paper and policy implementation convening, “Verifying the Stack: How to Promote Global Adoption of US AI While Preventing Adversary Exploitation,” will provide a detailed treatment of that architecture and its implementation.

A Note on the H200 Licensing Policy: What It Does and Does Not Signal

Several of the enforcement developments above have occurred simultaneously with BIS’s January 2026 shift of H200-equivalent chip exports to China from “presumption of denial” to case-by-case review. Some market participants have read this as a signal that the enforcement environment is loosening. It is not.

The H200 framework is a narrow, transaction-specific licensing pathway conditioned on individual vetting, security certifications, end-user identification, and license conditions that are at least as stringent as those governing existing authorized deployments. [12] Whether any H200s have actually shipped remains unclear: Chinese authorities retain final import approval, and relevant Chinese ministries have imposed conditions still being finalized. The Trump–Xi summit at which the commercial framework was expected to be further developed was postponed from March to May 2026 due to the Iran conflict. The diplomatic and commercial conditions that produced the H200 licensing posture are not stable.

Expanded licensing access in one narrow channel and aggressive enforcement everywhere else are not contradictory. They reflect a consistent underlying framework: market access conditioned on verifiable, enforceable compliance. [13] The compliance obligations applicable to existing licensed deployments, and the enforcement risk applicable to unlicensed or noncompliant activity, are unaffected by the H200 policy shift. [14]

What Companies Should Do Now

The five enforcement signals above, taken together, call for immediate action across four categories of organizations:

Technology suppliers and chip ecosystem participants

• Audit distribution and reseller arrangements against BIS’s May 2025 AI chip diversion red flag guidance. Verify that downstream oversight programs identify potential Country of Concern connections at the sub-tier level, not just at the direct purchaser level.
• Review post-delivery obligations against the January 2026 BIS final rule’s certification requirements and build contractual mechanisms for ongoing visibility into end-use and end-user.
• Assess whether current voluntary self-disclosure practices are adequate in light of NSD's adoption of the CEP. Two of the cases highlighted above both involved compliance failures the government discovered through enforcement channels rather than voluntary disclosure. Under the CEP, companies that voluntarily self-disclose to NSD, fully cooperate, and remediate now receive a presumption of declination—the strongest available benefit.

Data center operators and cloud service providers

• Conduct an access control audit against the EAR Part 744 catchall standard. Identity verification, usage logging, and anomaly detection systems governing foreign person access to advanced compute infrastructure must meet regulatory expectations, not just IT governance standards.
• Build and document escalation paths for anomalous access patterns. The remote access prosecution theory makes it clear that organizations face liability not only for affirmatively granting unauthorized access but for failing to detect and terminate it.
• Review IaaS and GPU-as-a-service customer agreements for contractual provisions that support denial and termination authority, compliance audits, and usage reporting.

Public companies with material AI export activity

• Assess whether current SEC filings adequately disclose AI export compliance risk, including the company’s exposure to the evolving regulatory framework, the status of its compliance program, and any known or suspected compliance gaps. The investor litigation turned on the gap between what the company said and what its compliance program was actually doing.
• Engage the board audit committee on export compliance program maturity and ensure directors have visibility into material enforcement risk.

Sovereign AI platform operators and data center investors

• Commission an independent gap assessment against current BIS license condition frameworks and NIST SP 800-53 High baselines before a specific license is sought, not after. The compliance infrastructure for a sovereign AI program takes months to build. Starting after authorization arrives means starting late.
• Evaluate whether existing and prospective investments include adequate representations and warranties regarding export compliance program maturity and known compliance gaps. The securities litigation theory makes export compliance a material investment diligence item, not just a regulatory one.

References

1. Bureau of Industry and Security, “Applied Materials to Pay $252 Million Penalty to BIS for Illegally Exporting Semiconductor Manufacturing Equipment,” Press Release, February 11, 2026. ↩
2. U.S. Department of Justice, “Cadence Design Systems Agrees to Plead Guilty and Pay Over $140 Million for Unlawfully Exporting Semiconductor Design Tools to a Restricted PRC Military University,” Press Release, July 28, 2025. ↩
3. David Peters, Testimony before the House Foreign Affairs Committee, Subcommittee on South and Central Asia, Hearing on Strengthening Export Control Enforcement, February 24, 2026. ↩
4. US Department of Justice, National Security Division, "Reporting Voluntary Self-Disclosures of Violations of National Security Laws Under the Department-wide Corporate Enforcement Policy." March 30, 2026. ↩
5. U.S. Department of Justice, “Three Charged with Conspiring to Unlawfully Divert Cutting Edge U.S. Artificial Intelligence Technology to China,” Press Release, March 19, 2026. ↩
6. Bureau of Industry and Security, “Industry Guidance to Prevent Diversion of Advanced Computing Integrated Circuits,” May 13, 2025. ↩
7. “SMCI INVESTOR ALERT: Robbins Geller Rudman & Dowd LLP Announces that Super Micro Computer, Inc. Investors with Substantial Losses Have Opportunity to Lead Class Action Lawsuit,” regarding Bhuva v. Super Micro Computer, Inc., No. 26-cv-02606 (N.D. Cal.), filed March 25, 2026, Globe Newswire, March 28, 2026. ↩
8. Remote Access Security Act, H.R. 2683, 119th Cong. (passed House 369–22, January 12, 2026). ↩
9. See U.S. Department of Justice, “Justice Department Announces Nationwide Actions to Combat Illicit North Korean Government Revenue Generation,” Press Release, November 14, 2025; Export Compliance Daily, “3 Sentenced for Allowing Overseas IT Workers to Evade US Sanctions,” March 24, 2026. ↩
10. House Committee on Foreign Affairs, “Chairman Mast, HFAC, advances AI Overwatch Act,” Press Release, January 21, 2026, (Markup, Chip Security Act, H.R. 3447, 119th Cong., March 26, 2026). ↩
11. Randall Cook, Bridget Johnson, and Kevin DeVilbiss, “What the US AI Action Plan Means for Export Controls and US National Security,” Alvarez & Marsal, September 23, 2025. ↩
12. Randall Cook, Brian Francis, and Caitlin McKibben-Golub, “BIS Revises Review Policy for H200 AI Chip Exports: What Changed, What Did Not, and What Companies and Investors Should Do Now,” Alvarez & Marsal, January 28, 2026. ↩
13. Randall Cook, Kevin DeVilbiss, and Bridget Johnson, “American AI Exports Program: A&M NSTT’s Comments Provide Blueprint for Trusted, Efficient, High ROI US AI Exports,” Alvarez & Marsal, January 16, 2026. ↩
14. Randall Cook and Vincent Mekles, “What the 2025 US National Security Strategy Means for Transnational Companies, Investors, and Advisors: Takeaways and Recommendations,” Alvarez & Marsal, January 12, 2026. ↩

About the Authors

Randall Cook is a Managing Director at Alvarez & Marsal and co-leader of the National Security, Trade, and Technology (NSTT) practice, with extensive experience implementing AI export compliance programs for sovereign computing deployments in the Middle East. He is a Colonel in the U.S. Army Reserve and a former Assistant U.S. Attorney.

Louis Conde is a Senior Director at Alvarez & Marsal with expertise in supply chain integrity, technology traceability, and export compliance program design.

Caitlin McKibben is a Director at Alvarez & Marsal specializing in AI export controls, advanced computing compliance, and technology governance for national security-sensitive deployments.

A&M NSTT’s prior publications on AI export controls include analyses of the AI Action Plan and its export control implications [10], the BIS H200 review policy shift [11], the American AI Exports Program RFI [12], and the 2025 National Security Strategy [13]. A forthcoming white paper and policy convening, “Verifying the Stack: How to Promote Global Adoption of US AI While Preventing Adversary Exploitation” (Washington, DC, June 3, 2026), will provide a deeper treatment of verification-by-design architecture, hardware-enabled controls, and lessons from first-generation sovereign AI deployments.

This alert is based on publicly available information as of March 27, 2026. It is provided for informational purposes only and does not constitute legal advice.