Two Tracks, One Model: The Export Control Authority Behind Washington's Mandatory AI Enforcement Power

On June 12, 2026, Anthropic disabled Fable 5 and Mythos 5 globally. Not because the company chose to. Because the Department of Commerce’s Bureau of Industry and Security directed it to restrict access to non-US nationals, and Anthropic’s engineering team reportedly had approximately 90 minutes to comply.

That timeline matters. So does the legal authority behind it.

The June 12 directive didn’t come from the voluntary pre-deployment review framework that President Trump established ten days earlier. It came from a separate, older, and considerably harder mechanism, one that compliance teams focused on the EO’s structure may not have fully mapped into their AI governance programs.

The June 2 EO: What “Voluntary” Actually Covers

The June 2, 2026, Executive Order established a pre-deployment review process for frontier AI models. Skadden’s analysis of the order confirmed the 30-day voluntary review window: developers submit frontier models to a federal review process before public deployment, and agencies can flag national security concerns during that window.

That word, voluntary, has a specific legal meaning. Voluntary participation means developers choose to enter the review process, and the EO’s enforcement mechanisms operate within that consent structure. A company that participates in good faith, completes the 30-day window, and receives no objection has a reasonable basis to proceed.

What the EO doesn’t do is displace other legal authorities. It doesn’t override export control law. It doesn’t supersede BIS’s authority under the Export Administration Regulations. And it doesn’t create a safe harbor that insulates a developer from mandatory action under separate statutory frameworks.

That’s the structural gap the June 12 directive revealed.

BIS Authority: How It Works and Why It’s Different

Export control authority operates on a different legal foundation than executive branch review frameworks. BIS administers the Export Administration Regulations, which govern the transfer of goods, software, and technology, including, now, advanced AI models, to foreign nationals and foreign entities.

The critical distinction is that BIS can act without developer consent and without a pre-deployment window. When BIS identifies a national security concern, it can issue a directive requiring immediate compliance. There’s no 30-day review. There’s no voluntary submission process. The directive is mandatory.

In the June 12 case, Anthropic’s public statement confirmed the government cited concerns about a potential jailbreak method as the national security basis. Anthropic disputed the characterization. The company stated in its public response that the assessed jailbreak exposed only minor, previously known vulnerabilities, and contended that similar capabilities are available in other publicly accessible models.

That dispute is ongoing. But it doesn’t affect the underlying enforcement mechanics. Under BIS authority, the directive stands while the review proceeds. Anthropic has indicated it intends to pursue the licensing restoration process, though the timeline and likelihood of approval remain unclear.

Two Tracks, Running in Parallel

The practical architecture now looks like this:

The EO’s voluntary pre-deployment review is Track 1. It applies to frontier model releases. Developers who participate get a structured 30-day window, federal access, and a process for flagging concerns before deployment. Participation is the developer’s choice. The EO’s enforcement mechanisms operate within that consensual structure.

BIS export control authority is Track 2. It applies to any AI model that can be accessed by foreign nationals, which, for cloud-deployed models with global APIs, means essentially every commercial frontier model. BIS can act at any time, on any national security trigger, without advance notice, and with a compliance window measured in hours rather than days.

Neither track displaces the other. A model can clear the EO’s voluntary review and still face mandatory BIS action if new information surfaces post-deployment. The two mechanisms operate independently, under different statutory authorities, with different trigger conditions and different timelines.

What Compliance Teams Must Re-Evaluate

Three specific areas need attention.

First, foreign national access. Any AI model with a global API, meaning any model accessible to users outside the United States, carries exposure under BIS export control authority. That exposure doesn’t disappear because the model cleared a voluntary federal review. Compliance programs need to assess whether their models’ access controls can execute a rapid nationality-restriction directive. The June 12 case reportedly required that capability within 90 minutes.

Second, the license restoration pathway. BIS export control directives don’t necessarily mean permanent suspension. The EAR includes an individually validated license process that companies can pursue to restore restricted access. Reporting from Nextgov on the June 12 directive confirmed BIS’s involvement, and Anthropic has indicated it intends to pursue this pathway. What that process requires, documentation, timeline, likelihood of approval, is the open question compliance teams at any frontier lab should now be researching.

Third, the precedent this sets. The June 12 directive is the first known mandatory BIS action against a commercial AI model on national security grounds. That makes it a data point of one. But it also establishes that BIS is willing to use this authority, that the mechanism isn’t theoretical, and that the trigger condition (a potential jailbreak capable of bypassing model safeguards) is one that applies broadly across frontier AI development.

What to Watch

The license restoration process is the near-term signal. If Anthropic pursues individually validated licenses and BIS grants them, that outcome will tell compliance teams what documentation and assurances BIS considers sufficient. If BIS denies restoration, that sets a harder precedent about what jailbreak risk thresholds trigger permanent export control restrictions.

Longer term, the June 12 directive creates pressure on the voluntary EO framework. The EO’s 30-day review was designed, in part, as a mechanism for surfacing national security concerns before deployment. If BIS can act independently post-deployment with greater speed and mandatory authority, the incentive structure for voluntary pre-deployment review looks different. Why participate in a 30-day window if the mandatory mechanism operates on its own timeline regardless?

Congress hasn’t addressed this gap. There’s no pending legislation that would integrate BIS export control authority into the EO’s voluntary review structure. The two tracks are, for now, genuinely parallel, coordinated only by the shared fact that BIS and the EO framework both sit within the executive branch.

TJS Synthesis

The Anthropic recall revealed something that was always true but hadn’t been tested at this scale: voluntary AI governance frameworks and mandatory export control authority coexist without formal integration. A compliance program built around the EO’s structure is a complete response to one track. It’s not a response to the other. The real question for any organization deploying frontier AI with international access isn’t whether they’ve engaged with the EO’s review process, it’s whether their access control infrastructure can execute a BIS directive on 90 minutes’ notice. That’s an engineering question as much as a legal one, and most AI governance programs aren’t asking it yet. The Anthropic case won’t be the last time BIS uses this authority. Organizations that map this second track into their governance frameworks now will be better positioned when the next directive lands.