The Policy Gap That Undermines AI Safety

The Real Problem With AI Export Controls
The story everyone is telling is that the U.S. is finally getting serious about AI safety by slapping export controls on Anthropic’s latest models. That story is dangerously incomplete. The real problem isn’t how we restrict foreign access — it’s that we have no meaningful domestic guardrails to match.
Export controls are a supply-side lever. They block the movement of advanced AI systems across borders. But they do absolutely nothing to govern how those same systems are built, tested, or deployed inside the country. This creates a fundamental asymmetry: foreign nations and companies are penalized for obtaining the technology, while domestic actors face few binding constraints on pushing models to market.
That is not a safety strategy. It is a trade policy masquerading as risk management.
The Overlooked Angle: The Policy Gap
The narrow angle most analysts miss is the structural disconnect between the export regime and the domestic regulatory vacuum. When the government restricts a model’s export, it implicitly signals that the model is dangerous. Yet it does not require the model to be safe at home. This contradiction has real economic and operational consequences.
Consider the logic: if a model is too risky to sell abroad, why is it not too risky to deploy in domestic critical infrastructure, healthcare, or legal systems? The absence of domestic licensing, testing, or liability rules means companies can release the same model in the U.S. with impunity. Export controls become a selective barrier that protects geopolitical advantage, not public safety.
Why This Small Detail Matters
This policy gap matters because it creates a distorted incentive structure. Companies like Anthropic and OpenAI face a choice: they can comply with export controls and lose foreign revenue, or they can design models that are inherently less risky to avoid triggering controls in the first place. But without domestic requirements, there is no penalty for taking risks at home. The marginal cost of releasing an unsafe model domestically is zero — no fines, no lawsuits, no license revocations.
In business terms, this is a moral hazard subsidy. The government effectively insures companies against the downside of unsafe deployment at home while blocking their ability to monetize those risks abroad. The result is a misallocation of safety investment: companies spend resources on making models export-compliant (e.g., certification for foreign buyers) rather than on fundamental safety research that would benefit all users.
The Economic Mechanism
Let’s break down the unit economics. Suppose an AI company spends $100 million training a frontier model. It faces two potential revenue streams: domestic sales (enterprise, API) and foreign sales (export licenses, partnerships). Export controls cut off the foreign stream, reducing total addressable market by perhaps 30-40%. That’s a direct hit to return on investment.
Now consider the cost of safety. Making a model “safe” — via red-teaming, alignment, monitoring — adds roughly 10-20% to development cost. Without domestic regulation, there is no requirement to spend that 10-20%. But export controls create a soft incentive: if you want to sell abroad despite restrictions, you need to demonstrate safety to regulators. However, that incentive only applies to the foreign market. The domestic market remains unregulated.
The rational profit-maximizing response is to split model versions: a “safe” version for export (costing more) and a “fast” version for domestic use (costing less). This bifurcation is already happening beneath the surface. It is inefficient, risky, and undermines the entire purpose of guardrails.
Consider the pricing implications. The export-safe model will carry a premium to cover additional compliance and testing costs. Domestic customers get a cheaper product but with no safety guarantees. This creates a two-tier market for risk: wealthy foreign buyers pay for safety, domestic users get exposed. Over time, the domestic market becomes a dumping ground for less-reliable models, increasing the probability of catastrophic failures at home.
Furthermore, the cost of maintaining two separate model pipelines is non-trivial. Engineering teams must maintain distinct codebases, testing protocols, and deployment pipelines. This duplication strains R&D budgets and slows innovation. The net effect is a drag on both safety and competitiveness — a lose-lose for the industry.
The Strategic Consequence
Who benefits from this policy gap? Geopolitically, the U.S. hopes to slow down competitors like China. But in practice, export controls without domestic regulation create a knowledge leakage risk. Researchers and engineers can still work with unsafe models at home, learn from their failures, and then take that tacit knowledge abroad. The controls only restrict the code, not the expertise.
Meanwhile, the domestic market becomes a laboratory for high-risk experiments. Companies test dangerous capabilities in the U.S., collect data, and then use those insights to improve export-friendly models. The policy gap turns the country into a safety testing ground — exactly the opposite of what guardrails should achieve.
Who loses? Small and medium enterprises that cannot afford to build two model tracks. They rely on API access from frontier labs. If the labs limit API access to only the “safe” export model, SMEs get a safer but weaker product. If the labs offer a “domestic” version, SMEs face liability exposure without the resources to mitigate it. The gap widens inequality in AI capabilities.
Open-source models complicate the picture further. Export controls on proprietary models do little to stop the proliferation of open-source alternatives, which are often less safe and can be downloaded anywhere. The policy gap actually incentivizes companies to keep models closed and export-controlled, reducing transparency and auditability. This is the opposite of what safety advocates want.
What Most Commentary Gets Wrong
Most commentators argue that export controls are either too strict or not strict enough. They miss the point. The real flaw is not the stringency of export controls; it is the absence of a symmetrical domestic regime. Comparison with nuclear technology is instructive. We do not only restrict export of nuclear materials — we require domestic nuclear facilities to be licensed, inspected, and regulated. If we treated AI like nuclear, we would have a dedicated regulatory agency with power to certify models, mandate testing, and revoke deployment rights. Instead, we have a patchwork of executive orders and voluntary commitments.
The “Sputnik moment” narrative drives policymakers to act quickly. But acting quickly on export controls while ignoring domestic regulation is like building a fence around half the field. It creates a false sense of security. The real Sputnik lesson is that the U.S. built both an export control regime (CoCom) and a domestic regulatory framework (NASA, DARPA). For AI, we have only half the structure.
Another common mistake is to assume that export controls will reduce overall risk. In reality, they may increase it by driving the development of less-accountable models in unregulated domestic environments. The lack of domestic guardrails means there is no mechanism to stop a company from releasing a model that, say, automatically generates disinformation at scale. Export controls do nothing to prevent that.
The Hard Business Lesson
The hard lesson for AI companies is that the policy gap will not last. The asymmetry between export controls and domestic rules is fragile. Once a major domestic incident occurs — an AI-driven market crash, a false medical diagnosis at scale, a manipulated election — the backlash will bring sweeping domestic regulation. The companies that lobbied against domestic guardrails will face far worse outcomes retroactively.
The smarter strategy is to voluntarily adopt domestic safety standards now, even without legal requirement. This turns compliance into a competitive advantage. When regulation comes, the companies that already have processes in place will transition smoothly, while laggards will scramble. Moreover, domestic adoption of robust safety practices can help reset the narrative with foreign buyers, potentially easing export restrictions.
For investors, the gap signals where the real risk lies. Do not look at export control compliance; look at the company’s domestic safety governance. That is the existential black swan. A company that deploys recklessly at home is one incident away from regulatory suffocation.
For policymakers, the lesson is clear: export controls without domestic regulation are not a safety policy. They are a feel-good geopolitical gesture that leaves the public exposed. The next administration, whether in the U.S. or Europe, must close the gap by building a domestic AI safety regime that matches the rigor of the export controls. That means binding testing requirements, licensing for high-capability models, and legal liability for harms. Only then will we have a coherent safety architecture.
In conclusion, the policy gap between export controls and domestic guardrails is the hidden mechanism that undermines AI safety. It creates perverse incentives, distorts investment, and leaves the public exposed. Fixing it requires not more export restrictions but a domestic regulatory framework that matches the rigor we apply to foreign threats. Until then, the loudest voices in AI policy are arguing about the wrong half of the problem.