AI Sanctions 2025: Trends, Risks, and Practical Controls
This content is provided for educational and informational purposes only and is not intended and should not be construed as legal advice.
December 1, 2025
In 2025, U.S. sanctions administered by the Office of Foreign Assets Control (OFAC) remain a critical — but often under-appreciated — risk for AI companies. While much attention focuses on Bureau of Industry and Security (BIS) export controls for hardware and model weights, OFAC sanctions operate independently: they are person and entity blocking prohibitions, not licensing requirements. Violating them can mean significant civil penalties, criminal referral, and reputational damage that scares away investors and customers.
OFAC does not directly control AI models or software the way BIS does. Instead, sanctions come into play when your AI technology (open-source, closed, inference API, hosted model, or even consulting services) benefits a blocked person or prohibited end-use/end-user, especially military, intelligence, surveillance, or human-rights-abusing applications in sanctioned jurisdictions.
This summary guide focuses exclusively on OFAC sanctions risks for AI companies — what triggers them, real-world examples, and actionable steps to protect your business.
1. How OFAC Sanctions Apply to AI Technology
OFAC sanctions generally apply when a U.S. person or U.S. nexus is involved: any "U.S. person" (citizens, residents, entities, and anyone in the U.S.) is prohibited from providing anything of value — including AI models, inference access, or technical support — to blocked parties. OFAC jurisdiction may also be triggered by involvement of the U.S. financial system or U.S. persons. This includes transactions in U.S. dollars (even if cleared through U.S. correspondent banks), involvement of U.S. citizens/residents/companies, or use of U.S.-origin goods/software/services — even if the activity occurs entirely outside the United States.
Key Nuance for Software/AI: Unlike export controls, OFAC does not require a license — the transaction is simply prohibited (with rare general licenses or specific licenses). Open-weight models uploaded publicly are lower risk (no "provision"), but hosted inference, API access, or custom fine-tuning for prohibited parties is high-risk.
2. Key Sanctions Prohibitions Relevant to AI
| Prohibition Key | Regulation / Source | What It Means for AI Companies | Typical Triggers |
|---|---|---|---|
| SDN / Blocked Persons | OFAC SDN List 50% Rule |
No provision of anything of value (models, inference, API access, consulting) to ~15,000+ designated parties | Hosted model downloaded by SDN; API key issued to blocked entity |
| Sectoral Sanctions (Russia) | Directive 3 (NS-MBS) under E.O. 14024 | Restrictions on new debt/equity + certain services to listed Russian defense/energy entities | Providing advanced AI to Gazprom or Rostec subsidiaries |
| Comprehensive Embargoes | Iran, Syria, Cuba, Crimea | Virtually all services prohibited | Iranian IP address hitting your U.S.-hosted inference endpoint |
| Military-Intelligence End-Use/End-User (China/Russia/Iran) | Section 223 CAATSA + OFAC 2024–2025 guidance | Facilitating AI for foreign military-intelligence is sanctionable | Fine-tuning a vision model later used by PLA Unit 61398 |
| Secondary Sanctions | Various authorities (e.g., E.O. 13959 as amended) | Non-U.S. persons can be added to SDN for significant transactions with sanctioned parties | Foreign cloud provider knowingly routes U.S.-origin model access to Iran |
3. Recent U.S. Sanctions & Export Controls Enforcement Cases
In 2024–2025, enforcement has focused heavily on advanced semiconductors/GPUs and related manufacturing equipment, often involving smuggling to China or Russia for military/AI end-uses.
| Date | Entity / Individual | Violation Summary | Penalty / Outcome | Agency |
|---|---|---|---|---|
| 2025 (ongoing) | A U.S. manufacturer of CNC machine tools | Illegal shipments of CNC machine parts (used in semiconductor/AI hardware production) to Entity List parties in Russia and China | ~$2.5 million combined civil penalties | BIS + OFAC |
| 2024–2025 | Disruptive Technology Strike Force cases (26 criminal cases total) | Multiple smuggling conspiracies involving advanced semiconductors, GPUs, and dual-use tech to China/Russia/Iran for military AI/supercomputing | Criminal charges, indictments, convictions | DOJ / BIS |
| 2024 | Various transshipment networks (e.g., via Singapore/Malaysia) | Diverting U.S.-origin AI GPUs (H100/A100 series) and semiconductor equipment to prohibited Chinese entities | Entity List additions, fines up to $1M+ per violation, prison time in criminal cases | BIS |
| Jan 2025 | Integrity Technology Group (Beijing-based) | Providing support to Chinese malicious cyber actors using AI-enabled intrusions | SDN designation (full blocking sanctions) | OFAC |
| 2024 | Russian procurement networks (affiliates of a Russian electronics distributor) | Importing U.S. electronics/semiconductors for Russian missile systems and supercomputing (AI-related) | SDN additions, civil penalties | OFAC / BIS |
4. Key Enforcement Trends in AI Sanctions & Export Controls (2024–2025)
U.S. enforcement today treats advanced AI hardware — especially high-end GPUs and the semiconductor manufacturing equipment that produces them — as the single most sensitive dual-use technology.
- #1 focus: GPU and advanced chip diversion — BIS has publicly declared preventing exports of ECCN 3A090 items (NVIDIA H100/B200-class GPUs and equivalents) and related semiconductor manufacturing equipment its “top enforcement priority” for 2025.
- Criminalization is the new normal — DOJ’s Disruptive Technology Strike Force (launched 2023, dramatically expanded 2024–2025) is driving the majority of cases. Most involve sophisticated smuggling networks and front companies moving thousands of restricted GPUs at a time — often directly linked to Chinese military AI programs. These are no longer civil matters: indictments, arrests, and 10–20+ year prison sentences are now routine.
- OFAC’s narrower but growing role — OFAC primarily uses SDN designations to block specific procurers, surveillance-AI firms, and cyber actors (e.g., companies supporting APT41 hacking with AI tools). Broad bans on AI services or inference access remain extremely rare.
- Model weights = still zero public cases — The short-lived January 2025 AI Diffusion rule on closed frontier model weights was rescinded before anyone had to comply — so far, no enforcement actions exist in this space.
- Penalties are severe and escalating — Civil settlements routinely hit $1–10M+; criminal smuggling cases frequently end in multi-year prison terms and permanent loss of export privileges.
In practice, this means cloud providers, chip resellers, startups hosting large models, and anyone touching advanced compute now operate in an environment where a single diverted cluster or an overlooked end-user can trigger significant penalties.
5. Practical Compliance Checklist for AI Companies
- Screen Users & Customers
• Real-time screening of sign-ups, API keys, and downloads against U.S. and other applicable denied-party lists, including the OFAC SDN list and sectoral lists.
• In certain cases, collect and verify location (IP + self-certification) and end-use statements.
• If there is a hit → block the transaction completely (no cloud access, no model downloads, no payments). - Geofencing & Access Controls
• Block IP ranges from comprehensively sanctioned countries (Cuba, Iran, North Korea, Syria, Crimea).
• For high-risk models/APIs: require Know-Your-Customer-level verification before granting access. - End-Use Due Diligence
• Ask: “What will you use this model for?” Red flags: military, surveillance, intelligence, or evasive answers.
• Monitor usage patterns (e.g., sudden large-scale inference from unusual locations). - Contractual Protections
• Include strong sanctions representations and warranties, audit rights, and immediate termination clauses in your Terms of Service and enterprise agreements. - Deemed Provision Risks
• Releasing model weights or source code to foreign-person employees in the U.S. can be a “deemed export” if they are nationals of sanctioned countries (rare in AI, but watch Iran, Cuba, Venezuela, etc.). - Voluntary Self-Disclosure
• If you suspect a prohibited user slipped through — investigate promptly and determine whether a voluntary self-disclosure to OFAC is required. Filing voluntarily can earn substantial mitigation credit.
6. How One Lex Partners Helps AI Clients with Sanctions
A single undetected Specially Designated National (SDN) download or API call can trigger an enforcement action that halts fundraising, kills acquisitions, and invites shareholder lawsuits. Investors now demand sanctions diligence in term sheets.
Proactive compliance isn't just defensive — it accelerates global growth by giving confidence to enterprise customers and VCs.
We advise frontier AI labs, inference platforms, open-source projects, and the investors behind them on OFAC-specific risks:
- Compliance programs built around how you actually ship (fully hosted, gated releases, open weights, or hybrid)
- Seamless SDN/Blocked Persons screening baked into auth, billing, and download flows
- Geofencing and country-risk strategies that survive regulator scrutiny
- Sanctions opinions and diligence packages that unblock fundraising and exits
- End-user certification templates and red-flag monitoring
- Due diligence for international expansions, partnerships, and M&A
- Rapid response to potential violations and voluntary self-disclosure (VSD) drafting when something slips through
If you're releasing models, offering inference APIs, or scaling globally — let's make sure sanctions don't become your biggest bottleneck.
