Dual-use AI risk arises when AI systems developed for civilian purposes can be repurposed for military, surveillance, or harmful applications, triggering export control obligations under the EU Dual-Use Regulation (2021/821), the Wassenaar Arrangement, and US BIS controls, alongside ethical governance challenges.
Dual-Use AI Risk: Military Applications, Export Controls, and Ethical Boundaries
Understanding Dual-Use in AI
Dual-use technology has civilian and military applications. For AI, the dual-use problem is acute because the same foundational technologies (computer vision, natural language processing, reinforcement learning, autonomous navigation) serve both beneficial civilian applications and potentially harmful military, surveillance, or offensive cyber capabilities. Unlike traditional dual-use items (nuclear centrifuges, chemical precursors), AI models are intangible, easily reproduced, and difficult to control once distributed.
Export Control Frameworks
| Framework | Scope | AI Relevance |
|---|---|---|
| EU Dual-Use Regulation (2021/821) | EU exports of listed items + catch-all for cyber-surveillance | Category 4 (computers), Category 5 (telecommunications/cryptography) may capture AI components |
| Wassenaar Arrangement | 42 participating states, munitions and dual-use lists | Intrusion software, IP network surveillance; AI-specific listings under discussion |
| US Export Administration Regulations (EAR) | US-origin items and technology | Advanced AI chips (A100/H100+), AI model weights, compute access restrictions |
| US ITAR | Defense articles and services | AI systems specifically designed for military applications |
| UK Strategic Export Controls | UK exports aligned with Wassenaar | Similar scope to EU, with independent licensing decisions post-Brexit |
EU Dual-Use Regulation and AI
Regulation (EU) 2021/821 controls exports of dual-use items listed in Annex I (aligned with Wassenaar) and introduces a catch-all provision for cyber-surveillance items in Article 5. AI systems designed for or capable of enabling surveillance, interception, or intrusion may trigger export authorisation requirements even if not specifically listed in Annex I.
The Regulation requires exporters to conduct due diligence on end-use and end-users. For AI providers, this means assessing whether customers or their customers might use AI capabilities for military surveillance, weapons targeting, autonomous weapons systems, or mass surveillance. Article 4(1) imposes a catch-all control where the exporter is aware or has been informed that items are or may be intended for WMD, military, or prohibited end-uses.
US Compute and Model Export Controls
The US Bureau of Industry and Security (BIS) has implemented a layered export control regime for AI. The October 2022 and subsequent rules restrict export of advanced AI training chips to China and other restricted destinations. The January 2025 AI Diffusion Interim Final Rule extends controls to cloud compute access and AI model weights, establishing three tiers of destination countries with different access levels. These controls have extraterritorial implications for non-US organisations using US-origin AI hardware, software, or cloud infrastructure.
Military AI Applications
AI applications with military relevance include autonomous weapons systems (lethal autonomous weapons, or LAWS), intelligence analysis and surveillance, cyber offensive operations, logistics and supply chain optimization, predictive maintenance for military equipment, and command and control decision support. The EU AI Act explicitly excludes AI systems developed or used exclusively for military purposes (Article 2(3)), but dual-use systems serving both civilian and military purposes may fall within scope for their civilian applications.
Ethical Governance for Dual-Use AI
Beyond legal compliance, organisations developing AI with dual-use potential should establish ethical governance mechanisms. These include ethical review boards that assess potential misuse before product release, customer screening procedures that go beyond legal export control requirements, publication review processes for research with dual-use implications, engagement with responsible disclosure frameworks for AI vulnerabilities, and participation in industry initiatives on responsible AI development (such as the Frontier AI Safety Commitments).
- Maintain an up-to-date assessment of which AI capabilities have dual-use potential
- Implement technical controls (access restrictions, use monitoring, model watermarking) that limit misuse potential
- Screen customers and end-users against sanctions lists and for dual-use risk indicators
- Monitor how deployed AI systems are actually used and investigate anomalous usage patterns
- Establish clear red lines for applications the organisation will not support regardless of commercial value
International Negotiations
International efforts to regulate dual-use AI include the Political Declaration on Responsible Military Use of AI and Autonomy (REAIM, February 2023, endorsed by 60+ states), the Convention on Certain Conventional Weapons (CCW) discussions on LAWS, the Council of Europe Framework Convention on AI (which includes security and defense considerations), and bilateral US-China AI safety dialogues. These non-binding instruments suggest growing international consensus on principles, though binding controls on military AI remain distant.
Check your AI compliance readiness — free.
Take the Readiness Check 3 minutes · 10 questions · no signup requiredThis article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.