Over the past month, only 78 applications were filed for the US Commerce Department’s new AI export licensing plan. That number is far below every internal projection. Washington expected hundreds, maybe thousands. Instead, the inbox is almost empty.
This isn’t a compliance failure. It’s a signal that the architecture of control doesn’t fit the nature of the technology.
For five years, I’ve watched regulators try to apply mid-20th century trade logic to 21st century distributed systems. I audited 150 ICO whitepapers in 2017, saw the same mismatch then. Now it’s AI models instead of tokens, but the lesson is identical: you cannot regulate what you cannot localize.

Context: The Plan That Assumed Geography Still Matters
The plan requires any US company transferring “advanced AI models” – weights, training code, or inference APIs – to certain foreign entities to obtain an export license. Targeted countries include China, Russia, and others deemed adversarial. The premise seems logical: keep cutting-edge AI out of hostile hands.
But the premise ignores how AI actually works today. Most advanced models are either open-sourced (like Meta’s Llama), offered via API from global cloud endpoints, or distributed through peer-to-peer networks. Model weights are just files. Once released, they replicate like memes.
This is where my own experience as a crypto educator sharpens the lens. In 2024, I launched The Decentralized Mind to teach policymakers that blockchain isn’t a database – it’s a social contract enforced by code. AI model export is the same lesson in reverse: code enforces nothing if it can be copied.
Core: 78 Applications – A Number That Tells a Story
Let’s unpack the signal inside that number.
First, the compliance cost of applying is steep. A single license submission requires legal teams, technical documentation of training data, and a promise to monitor downstream use. For a startup burning cash, months of uncertainty is a dealbreaker.
Second, the ambiguity of “advanced AI model” creates a chilling effect. If your model has 70 billion parameters, is that advanced? What about 175B? The line moves every quarter. Most companies chose to stay silent rather than risk an enforcement action.
Third – and this is the insight that most analysts miss – the low application count reveals a technological sovereignty gap. The models that are truly dangerous (if we accept the security premise) are also the ones most easily shared. The US can’t control what it cannot count.

In my work auditing DAO governance, I saw the same pattern. Smart contract upgrade rights always sit with a few multi-sig admins. “Code is law” fails because the keyholders have veto power. Here, the US government acts as a multi-sig of one – but the code (the model weights) has already escaped.
Contrarian: The Real Risk Isn’t Export – It’s Concentration
Every headline frames these 78 applications as a security failure. The contrarian truth is the opposite: the low participation is evidence that the market is self-regulating in a healthier way than any license can enforce.
Why? Because the most capable AI models are increasingly open-source. Developers in Shanghai, Lagos, or São Paulo can download and run models that rival GPT-4. The bottleneck isn’t access to code – it’s access to compute. And compute, unlike weights, is geographically tethered to data centers and energy grids.
The real risk is not that AI technology will leak. It’s that control of the foundational compute – the GPUs, the cloud platforms, the energy supply – consolidates in the hands of three corporations. That’s a centralization problem, not a perimeter enforcement problem.
Bulls react. Bears reflect. We build.
In a bear market, survival matters more than gains. The protocols that survive are those with resilient architectures. The US export plan is a protocol designed for a world that no longer exists. It assumes a linear supply chain. We live in a mesh.
Takeaway: Build Sovereign Systems, Not Permissive Ones
The 78 applications are a canary. The canary is dead.
But its death teaches us something vital: any system that relies on permission to control information flow is structurally unstable. The only way to protect valuable technology is to make it resilient through decentralization – not through walls.
I wrote a paper in 2025 titled “The Soul in the Machine.” I argued that without a decentralized ethical framework, AI would consolidate power rather than liberate it. The export plan confirms the diagnosis.
Verify the code, trust the community.

When you cannot verify the code (because it’s proprietary) and you cannot trust the community (because it’s fragmented by regulation), you have neither code nor community. You have a vacuum. And vacuums get filled – by open systems, by alternative models, by pirates and innovators alike.
Tech changes. Values remain.
The values that matter are sovereignty, resilience, and trustless coordination. The US export plan fails on all three. The 78 applications are not a policy problem. They are a wake-up call for anyone who believes that centralization can control what is inherently decentralized.
As builders, protectors of the covenant, the task is clear. Don’t wait for permission. Build systems that are sovereign by design. The next cycle will not reward compliant silence. It will reward architectures that cannot be shut off with a single license denial.
That is the lesson of 78 applications.
Bulls react. Bears reflect. We build.