Export Controls Meet Commercial Space: The Regulatory Gray Zone

Last updated 4 days ago. Our resources are updated regularly but please keep in mind that links, programs, policies, and contact information do change.

On February 2, 2026, Elon Musk announced a $1.25 trillion merger between SpaceX and his artificial intelligence firm xAI. The deal combines satellites that orbit Earth—heavily regulated because they could be used militarily—with AI development, one of the fastest-moving sectors in the economy. What nobody seems able to answer is which government agency has authority over the resulting entity, or what rules it needs to follow.

Regulatory uncertainty affects what technology SpaceX can develop, which engineers it can hire, which countries it can serve, and whether the merged firm can function as intended. The U.S. government’s export control system, built over decades to prevent weapons technology from reaching adversaries, has no clear rules for technologies that didn’t exist during the Cold War.

Regulations governing satellite exports and regulations governing AI exports were written by different agencies, at different times, for different purposes. When a satellite becomes a distributed processing node for AI models, the law offers no clear answer about which rules apply.

Two Regulatory Systems Built for Different Technologies

The United States maintains two primary export control systems. The International Traffic in Arms Regulations (ITAR)—rules that control military technology exports—covers items specifically designed for military use. Administered by the State Department, ITAR is notoriously restrictive. Violating it can mean civil penalties up to $1 million per violation, criminal charges, imprisonment, and permanent loss of export privileges.

The Export Administration Regulations (EAR) cover items that can be used for both civilian and military purposes. Run by the Commerce Department’s Bureau of Industry and Security, EAR is theoretically more flexible. Items get assigned Export Control Classification Numbers based on detailed technical specifications. A semiconductor might require a license for export to certain countries if it exceeds particular performance specifications. A nearly identical component might be uncontrolled if it falls below those thresholds.

Space launch vehicles and rocket engines were clearly ITAR-controlled because they were explicitly designed as weapons or closely related to weapons development. A commercial satellite in low Earth orbit is now generally EAR-controlled rather than ITAR-controlled, assuming it doesn’t contain ITAR components and isn’t specifically designed with military features.

Artificial intelligence presents an entirely different problem. For years, AI systems existed in regulatory limbo—no explicit controls in either ITAR or EAR. When a satellite runs an AI model, have you exported both items, one item, or something entirely new that existing regulations don’t contemplate? The law doesn’t say.

Deemed Export: Sharing Information as Technology Transfer

Under both ITAR and EAR, a firm can commit an export violation without sending anything overseas. Revealing controlled technology to a foreign national—through showing technical drawings, discussing design approaches in a meeting, or even writing technical information in an email that a foreign employee reads—is legally treated as if you exported technology to that person’s home country. The penalties are identical to physically shipping controlled items to restricted countries.

For SpaceX specifically, this has been a chronic problem. The firm has faced challenges in hiring the best talent from around the world because it feared violating export controls.

Now magnify this problem across a merged SpaceX-xAI entity. xAI, as an AI firm, presumably wants to hire leading researchers and engineers from around the world—many of whom are foreign nationals or immigrants. Integrating these researchers into a satellite operation subject to strict ITAR controls becomes exceptionally difficult. How do you allow an AI researcher from Canada or Germany to work on training models without potentially creating deemed export violations if that work somehow touches satellite technology? Firms default to the most restrictive interpretation, limiting their own competitiveness to avoid catastrophic penalties.

Satellite Export Reform and Its Gaps

For decades, most commercial satellites were on the official list of military equipment that required government approval to sell overseas. This created a burden for firms competing internationally. A U.S. satellite manufacturer wanting to sell to a foreign customer had to obtain a State Department license, a process that could take months and was sometimes denied on foreign policy grounds.

Certain satellite systems still remain under ITAR control, particularly those designed to avoid detection. The rules determining which satellites are ITAR-controlled and which are EAR-controlled are technical and sometimes ambiguous. Many satellite components, subsystems, and the associated technical data about satellite design remain controlled under ITAR, even if the complete satellite might be EAR-controlled.

The satellite reform assumed a straightforward scenario: a satellite is either a commercial communications satellite (civilian application, suggests EAR) or a military satellite (military application, suggests ITAR). This assumption breaks down when satellites become part of a larger AI system. Is a satellite that processes AI models primarily a communications satellite (civilian application) or a military support system (military application)? The distinction matters enormously for what licenses the firm needs, which countries it can serve, and which employees can work on the technology. The law provides no clear answer.

AI Export Controls Still Evolving

Unlike ITAR, which has existed in relatively stable form since the 1970s, AI export controls are brand new and still rapidly evolving. Multiple bills have been proposed in Congress that would clarify or modify the AI export control framework, but none have become law yet.

The AI export control framework focuses on the models themselves—the mathematical formulas that give an AI system its capabilities. The SpaceX-xAI merger raises questions about what else might require control. What about the training data used to develop AI models? What about the technical documentation explaining how models work? What about access to computational infrastructure—the satellites that provide AI processing power—used to train models? None of these fall clearly within existing frameworks, yet they could all arguably facilitate foreign AI development.

Successor Liability: Inheriting Past Violations

History provides sobering examples of what happens when firms misjudge export control compliance. In a notable case, Sigma-Aldrich Corporation acquired Research Biochemicals Limited Partnership in an asset sale. Years after the acquisition, the Commerce Department brought enforcement action against Sigma-Aldrich for export violations that RBLP had committed before the sale. Sigma-Aldrich argued it shouldn’t be liable for violations it didn’t commit and didn’t know about. The government disagreed, citing the legal principle that a firm buying another can be held responsible for the old firm’s violations. Sigma-Aldrich eventually settled for $1.76 million.

For the SpaceX-xAI merger, these precedents raise a concern: if either firm has committed any export violations in the past, the merged entity could inherit liability. The government’s enforcement authorities have shown willingness to pursue violations years after they occur and to hold successor firms liable even when they played no role in the original violations. The sheer complexity of export controls makes violations surprisingly common. Firms frequently discover, during due diligence processes, that they have inadvertently violated export rules—perhaps by allowing a foreign national to view a technical document, perhaps by shipping a controlled component with insufficient documentation, perhaps through miscategorization of product classifications.

China and the National Security Imperative

Underlying all of these regulatory questions is a fundamental national security concern: preventing China from accessing sensitive technology. This reflects the Trump Administration’s stated goal of maintaining technological superiority in artificial intelligence, a capability viewed as central to both military and economic competition.

The SpaceX-Starlink constellation poses particular challenges in this context. Starlink is banned in mainland China and several other countries that restrict independent satellite communications. Governments ban these services because satellite internet bypasses ground-based phone and internet networks that governments can monitor and control.

If Starlink evolves toward providing AI-powered services—if satellites become distributed processing nodes for computational tasks—the nature of the technology changes. It becomes not a communications network but an AI infrastructure system. A Starlink satellite in orbit might simultaneously serve countries with which the U.S. has close relationships, countries with which it has no particular relationship, and countries to which export restrictions apply. If that satellite contains or processes controlled AI models, the firm must somehow prevent users in restricted countries from using those AI services while allowing lawful users to do so. The technical feasibility of this “geofencing” of AI capabilities remains uncertain. Some experts argue that location verification systems could help identify when AI chips are being sent to unauthorized countries, but others question whether such systems could withstand determined efforts to circumvent them.

Competitive Disadvantage and Regulatory Arbitrage

Regulatory uncertainty creates a competitive disadvantage for firms. Chinese competitors developing integrated space-AI systems face no such ambiguity—the Chinese government’s regulatory framework is more unified and expedited. The European Union is similarly streamlining its approach to space-based AI, potentially enabling faster innovation by European firms.

Meanwhile, firms like SpaceX face the prospect of regulatory review by multiple government agencies, each with somewhat different priorities and authorities, each potentially demanding different compliance measures. For a startup developing space-based AI, the choice to locate in Singapore, Luxembourg, or another permissive jurisdiction might become economically rational. This would represent a significant loss for the United States, which views space-based AI as strategically important for both economic and national security reasons.

The White House’s push to promote space leadership, articulated in a December 2025 executive order emphasizing space superiority, implicitly acknowledges this competitive concern. The order directed agencies to streamline acquisition processes and reduce regulatory burden for commercial space operations. Yet the export control framework—administered by State and Commerce departments that sometimes disagree about priorities—remains largely unaffected by these deregulatory impulses.

Regulatory Review Processes in Parallel

The merged entity almost certainly must notify CFIUS (the Committee on Foreign Investment in the United States), which reviews deals for national security risks. CFIUS will assess whether the transaction poses national security risks. The agency will likely examine what foreign investors own stakes in either firm, what information foreign entities might gain access to, and whether the merged entity’s control of critical space infrastructure and AI capabilities creates new vulnerabilities.

Simultaneously, the State Department office that oversees military technology exports must assess whether the merger affects SpaceX’s permissions. SpaceX, as a firm handling ITAR-controlled information, maintains a facility security clearance (government approval to handle classified information). DDTC must verify that the merger doesn’t require changes to the firm’s security posture, management structure, or technology access controls. If the merger would place xAI’s research or technology development under the same corporate roof as SpaceX’s ITAR work, regulators might demand new restrictions to prevent any sharing of ITAR information with xAI personnel.

The Bureau of Industry and Security faces overlapping concerns. If the merged entity plans to export AI models or associated technology, BIS must verify that such exports comply with AI-related export restrictions. BIS must also assess whether the satellite-AI integration creates new export control classification issues—whether certain combined products should be classified differently from their component parts.

The Federal Communications Commission, which licenses satellite operations, might also take an interest in any changes to SpaceX’s operational plans resulting from the merger. While the FCC’s authority over export controls is limited, the agency has begun examining how to ensure that satellite operators maintain transparency about data flows and prevent diversion of technology to prohibited parties.

Timing Pressure and Regulatory Leverage

For the merged entity, this regulatory uncertainty creates acute timing pressure. The announced plan to pursue an initial public offering later in 2026 depends on regulatory clarity. Investors will want assurance that the firm can operate without threat of major regulatory constraints or enforcement actions.

CFIUS review can take 45 to 90 days, or potentially much longer if extended. State Department licensing reviews can require months. Commerce Department determinations on novel classification questions can take even longer. This timing pressure creates a perverse incentive for regulators to delay decisions. If CFIUS announces that it has “concerns” about the transaction, it can extend the review period, potentially causing the firm to postpone the IPO. If the State Department delays granting permission for the merged firm’s new plans, the same effect occurs.

Regulatory agencies sometimes use these delay mechanisms as negotiating tactics, holding up approvals until firms agree to conditions the agencies favor—restrictions on foreign hiring, limitations on technology sharing between divisions, requirements to install additional security measures, or other compliance burdens. For an entity the size and complexity of merged SpaceX-xAI, these conditional approvals could be substantial. Regulators might require that the satellite and AI divisions keep separate teams and computer systems to prevent military secrets from mixing with AI work. This would, in effect, undo much of the merger’s intended synergy. Alternatively, regulators might impose strict requirements about which countries the operation can serve with its integrated systems, which employees can work on certain projects, or how the firm must handle data processed through its satellite-AI infrastructure.

Congressional Scrutiny and Legislative Uncertainty

Congress has shown increasing interest in both space commerce and AI governance, creating another source of uncertainty for the merged entity. Congressional committees have held hearings on updating space law and export control rules. Legislators have expressed frustration with what they view as overly restrictive regulations that hamper competitiveness, but they’ve also expressed concern that insufficient controls could enable technology transfer to competitors.

These discussions revealed deep disagreement about whether current controls are too restrictive or too permissive. Some members of Congress emphasized that export control reform—particularly regarding satellite exports—was needed for competitiveness. Others warned that loosening controls too much would threaten national security. Regulators reviewing the merger must consider not current law but laws Congress might pass, which could change the firm’s legal status. Investments made today—in certain foreign markets, in particular technology development directions—could become problematic if Congress legislates changes to export control frameworks.

International Responses and Competing Systems

The merger raises questions about how other countries will respond to the deepening integration of space and AI infrastructure. China has developed its own satellite internet system called BeiDou, and is investing heavily in domestic AI development specifically to reduce dependence on foreign technology. The European Union has announced plans to develop its own space and AI technology instead of relying on systems from elsewhere, attempting to reduce dependence so they’re not vulnerable to U.S. export restrictions.

If the U.S. government uses export controls to prevent other countries from accessing space-AI technology, those countries will likely develop alternative systems, potentially splitting the global internet into separate systems controlled by different countries. Israel has taken a different approach—allowing Israeli firms more freedom while strictly controlling what technology they can sell abroad. Japan and South Korea have adopted varied approaches, but all face similar choices about whether to restrict access to advanced space and AI technology or to embrace more permissive regulations that might give their firms competitive advantages. These international developments matter because they shape what other countries will allow firms to do within their borders. If the U.S. government imposes strict controls on SpaceX-xAI’s operations, other countries might impose similar restrictions on operations in their territories. This could constrain the merged firm’s global reach more than the export restrictions themselves.

Three Possible Regulatory Paths

The merger will force regulators to grapple with questions they’ve successfully avoided through regulatory ambiguity. The government cannot stay silent when an entity this large tries to combine military satellites with advanced AI. At some point, the State Department, Commerce Department, and other relevant agencies will need to make explicit determinations about how export controls apply to integrated space-AI systems.

The most straightforward path would be for regulators to clarify that the merged firm’s satellites follow less restrictive Commerce Department rules, while the AI components remain under AI controls, with clear rules about how the two regimes interact. This would provide certainty but might require developing new policies about how to prevent ITAR information from mixing with EAR-controlled AI work.

Alternatively, regulators might decide that satellite-AI systems should follow the strictest military export rules—systems that are mainly useful for military purposes. This would bring them under the more restrictive ITAR regime, requiring licenses for exports and stricter security controls domestically. This approach would provide clarity but would substantially constrain the firm’s ability to innovate and commercialize space-AI technologies globally.

A third path would involve Congress passing new laws that clearly explain how export rules apply to space-AI systems. This could take the form of legislation explicitly authorizing the Commerce Department to regulate space-AI systems or legislatively establishing how ITAR and EAR apply to integrated technologies. Such legislation could explain how military and commercial export rules work together and which agency takes the lead in reviewing novel technologies that fall into regulatory gray zones.

The current export control framework is inadequate for the technological reality of the 2020s. Firms waste money trying to figure out what rules apply, costs borne by the government as it struggles to enforce unclear regulations, and costs borne by the economy if regulatory uncertainty drives investment in space-AI technology to other countries. The merger will ultimately force a resolution to these questions.

Our articles make government information more accessible. Please consult a qualified professional for financial, legal, or health advice specific to your circumstances.