Redefining National Security Governance through Access and Compute

As AI data centers grow more sophisticated, the central question for export control governance shifts from hardware location to compute access.

Redefining National Security Governance through Access and Compute
An illustration of AI and GPU processors, October 2023 | Source: Unsplash

Executive Summary 

AI capabilities now spread across borders through compute access—not physical hardware transfers—rendering traditional export control frameworks structurally inadequate. A growing misalignment exists between data protection law, which already recognizes access-based transfer, and export control law, which remains anchored in physical movement and formal disclosure. This paper argues that two new policy concepts are needed to close this gap: compute quota—the cumulative AI compute consumed by a specific actor over time—as a new licensing and monitoring variable; and Zero Trust, adapted as a risk-tiered policy logic for real-time, access-based governance of AI data centers. Applied as a governance principle for high-risk AI environments rather than a universal mandate, Zero Trust enables the most stringent controls where they matter most—sensitive models, defense-related functions, and dual-use APIs—while permitting greater flexibility for lower-risk allied research collaboration. Taken together, these concepts provide the foundation for U.S.-South Korea joint governance of AI infrastructure: an approach that is both feasible and necessary to manage AI weaponization risks while reducing investment uncertainty for allied firms. 

Background 

The Problem: When Access Becomes Transfer 

Export control regimes in both the United States and South Korea were designed around a straightforward premise: strategic technologies cross borders in physical form. From the Cold War-era CoCom to today’s Wassenaar Arrangement, multilateral controls have focused on hardware shipments and document disclosures. That premise no longer holds. 

In modern AI data centers, a foreign engineer does not need to receive a chip or a document to acquire strategic capabilities. Sustained, repeated access to a high-performance GPU (Graphics Processing Unit) cluster—via remote login, cloud console, or API call (a software command sent over a network to trigger a specific function on a remote system)—can allow an actor to accumulate the same functional AI capability as a physical technology transfer. Yet neither U.S. nor South Korean export control law explicitly captures this dynamic. 

The result is a structural governance gap. South Korean firms investing in U.S. AI infrastructure simultaneously face U.S. deemed export rules—which treat the release of controlled technology to foreign nationals inside the United States as an export—and South Korea’s strategic technology control system, with the same act potentially triggering liability under both regimes, or falling into neither. This regulatory misalignment amplifies investment uncertainty for allied companies and creates exploitable gray zones for adversaries. 

Policy Context: A Window of Alignment 

The current political environment in both Washington and Seoul creates an unusual opportunity for joint governance. In January 2025, the Donald Trump administration issued an executive order prioritizing U.S. AI infrastructure leadership (Executive Order 14179), signaling that compute access is now a national security variable. The Bureau of Industry and Security (BIS) followed with its AI Diffusion Framework (January 2025), introducing Total Processing Performance (TPP) thresholds as a new control metric—the first regulatory acknowledgment that cumulative compute, not just hardware counts, matters. 

Importantly, the Framework also conditions transfers of advanced computing hardware on Validated End-User (VEU) status, clustering limitations, ongoing security and logging obligations, and restrictions on certain forms of model training for non-allied destinations. These measures implicitly address AI Infrastructure-as-a-Service risks and grant provisions to a limited group of trusted countries, including South Korea. This paper’s proposals are not a rejection of this framework, but an attempt to extend its logic by making access and compute explicit, first-order variables in bilateral governance. 

In South Korea, the Lee Jae Myung administration has identified AI and semiconductor supply chains as strategic national priorities. The AI Basic Act entered into force on January 22, 2026, establishing risk management obligations for high-performance AI systems (≥10²⁶ FLOPs), with phased enforcement beginning in 2027. The government also began distributing the first tranche of a ten thousand-unit national GPU pool in March 2026. 

In early March 2026, the United States Department of Commerce circulated a draft rule that would have required licenses for virtually all AI chip exports globally. This planned rule was withdrawn on March 13, 2026, reflecting ongoing policy uncertainty over how to replace the Joe Biden-era AI diffusion framework. The episode illustrates why durable bilateral governance—rather than unilateral regulatory experimentation—is needed. 

Policy Recommendations 

Two New Control Concepts 

Compute Quota.  AI capabilities are no longer determined primarily by hardware ownership but by how much compute a specific actor can concentrate over time. An organization that runs one hundred GPUs for six months of continuous model training accumulates qualitatively different—and strategically significant—AI capability compared to one that uses the same hardware for two days of testing. Compute quota captures this distinction and can serve as a licensing and monitoring variable: “How much AI compute will be permitted to which actors, for what purposes, over what period?” 

At the same time, compute alone does not determine the full significance of a technology transfer. Strategic AI capability also depends on model architecture, data quality, engineering expertise, and deployment context. Compute quota should therefore be understood not as a universal proxy for all AI risk, but as a policy handle most relevant where sustained high-performance compute access is tightly coupled to frontier model training, capability concentration, and high-risk functional deployment. 

Zero Trust as Policy Logic.  Originally a cybersecurity principle, Zero Trust holds that no user or system should be presumed trustworthy—access must be verified at every point based on identity, authorization, and context. Applied as a policy logic for AI data center governance, Zero Trust provides a framework for translating agreed export control principles into real-time, automated access enforcement: defining which nationalities and project types may access which GPU clusters, at what compute levels, and under what monitoring conditions. 

Zero Trust should be understood less as a universal mandate for all allied digital infrastructure than as a governance principle for high-risk AI environments. Its most stringent forms—continuous verification, fine-grained attribute-based policies, real-time enforcement, and strict compute ceilings—are particularly appropriate where access involves sensitive models, high-end training functions, defense-related applications, or high-risk APIs. Lower-risk collaborative research among trusted allied institutions may warrant lighter-touch application, with greater reliance on ex post auditing and institutional safeguards. 

IMPLEMENTATION RECOMMENDATIONS 

• Establish a U.S.-South Korea Joint Working Group on AI Infrastructure Governance to develop shared standards for compute monitoring, access log retention, and high-risk API identification in cross-border data center environments. 

• Incorporate compute quota thresholds into bilateral export licensing frameworks, with differentiated ceilings for allied public research institutions versus commercial or state-affiliated actors. 

• Align deemed export guidance to explicitly address cloud-based and API-based access modalities, clarifying when remote compute access constitutes a “release” of controlled technology or technical data. 

• Adopt Zero Trust-based access control as a compliance architecture standard for data centers handling controlled technology and technical data, embedding licensing conditions into automated monitoring systems. 

• Pilot a compute-quota-based governance model in a limited set of high-risk domains — such as military-relevant model training, critical-infrastructure AI systems, or dual-use intelligence applications—before broader deployment across allied ecosystems. 

• Develop a tiered governance model that permits higher compute ceilings and greater operational flexibility for allied countries, while enabling joint U.S.-South Korea monitoring of sensitive compute concentration. 

Conclusion 

As AI data centers grow more sophisticated, the central question for export control governance shifts from hardware location to compute access: who can use which compute resources, for how long, and for what purpose. Current U.S.-South Korea export control frameworks are not designed to answer that question. 

The U.S. AI Diffusion Framework represents meaningful progress, but remains anchored in hardware export licensing. Closing the remaining gap requires making access-permission structures and cumulative compute quotas explicit units of control in their own right—embedded in real-time monitoring systems and a shared bilateral governance framework. 

Addressing this gap through compute quotas, risk-tiered Zero Trust governance, and a joint bilateral working group would strengthen alliance security while reducing investment uncertainty for South Korean firms operating in the U.S. AI ecosystem. 

ChangHee Kim is a global trade compliance professional with over 20 years of experience specializing in U.S. and South Korean export controls (ITAR/EAR and Korean strategic items regulations), reexport compliance, and national security governance.All views are the author’s alone.

This material is distributed by KEI on behalf of the Korea Institute for International Economic Policy. Additional information is available at the Department of Justice, Washington, DC.

Publication Series

Publication Date