Unit Tools

Blacklisted Chinese firms still buy AI through Singapore

 ·  By Zenobia Blythemore
Blacklisted Chinese firms still buy AI through Singapore - ai export loophole
Blacklisted Chinese firms still buy AI through Singapore

OpenAI and Google have confirmed they are supplying advanced artificial intelligence services to Singapore-based subsidiaries of Alibaba, Baidu, and Tencent. A detailed investigation by the Financial Times reveals that while all three Chinese tech giants sit squarely on the US Pentagon’s military blacklist due to alleged ties to China’s defense sector, these high-level software sales remain entirely legal. This highlights a massive, gaping loophole in Washington’s current AI export control policies. The blacklist designation stems from Pentagon assessments that these companies have operational or financial links to the People’s Liberation Army, yet the legal framework governing AI exports has not kept pace with how multinational corporations structure their global operations.

A Geography-Based Rule

Current US trade restrictions focus on physical locations rather than corporate ownership. Federal laws ban American companies from deploying cutting-edge AI models directly on mainland Chinese soil but leave international hubs like Singapore unrestricted. By registering subsidiaries there, blacklisted firms create new legal entities that appear as local businesses, bypassing direct bans. The core problem stems from the fact that current US trade restrictions target physical geography rather than ultimate corporate ownership. While federal laws strictly ban American companies from deploying cutting-edge AI models directly onto mainland Chinese soil, neutral international hubs like Singapore remain completely unrestricted. By registering a subsidiary in Singapore, a blacklisted firm essentially creates a brand-new legal entity. On paper, that unit is a local Singaporean business. This allows it to easily sign premium cloud computing and AI software agreements that its parent headquarters in Hangzhou or Shenzhen are legally blocked from touching. The Singapore subsidiaries can lease server capacity, access API endpoints, and integrate AI tools into their workflows without triggering the same export controls that would apply if the same request originated from a mainland Chinese IP address.

OpenAI and Google defend their operations by citing strict internal usage policies. OpenAI blocks direct access from mainland China but argues that nationality alone should not dictate software access. The firm prefers global technology to be shaped by democratic values. Google emphasizes that its tools are available in international markets like Singapore and Hong Kong under strict terms of service. Both companies maintain that their contractual agreements prohibit misuse, including military applications or unauthorized data extraction, and they conduct periodic reviews of how their services are being used by enterprise customers in these jurisdictions. Google noted that its tools are available in international markets like Singapore and Hong Kong under strict terms of service, which prohibit activities such as weapons development or surveillance that violates international norms.

Both platforms face a major security risk: “distillation,” where outside developers use prompts from advanced American models to train in-house systems. OpenAI suspended API access for some Alibaba-affiliated users after detecting suspected distillation and reported the incident to the US government. Google admits geographic borders do little to stop determined users from circumventing software controls. The distillation technique is particularly concerning because it allows a competitor to replicate the core capabilities of a frontier model without investing billions in compute infrastructure and proprietary training data. Instead, the adversary simply queries the model thousands or millions of times, records the outputs, and uses that dataset to fine-tune a smaller, cheaper model. OpenAI recently suspended API access for several Alibaba-affiliated users after catching them engaging in suspected distillation and subsequently flagged the incident to the US government. Google also openly conceded that simple geographic borders do very little to stop sophisticated, determined users from routing around software controls, noting that virtual private networks and cloud-based relay services can easily mask the true origin of API calls.

Related: EU demands redesign of addictive Instagram and Facebook

Competitor Takes a Harder Line

Not all Silicon Valley firms accept this workaround. Anthropic has banned Chinese-headquartered firms and their foreign subsidiaries from accessing its frontier models. The company reported to Congress that Alibaba allegedly created 25,000 fake accounts to bypass security filters and run millions of unauthorized interactions with its Claude model. Anthropic took this step after its internal monitoring systems flagged a pattern of rapid account creation from email domains associated with Alibaba and its affiliates. The 25,000 accounts were used to run millions of unauthorized interactions, suggesting a coordinated effort to extract training data or benchmark the model’s capabilities. Anthropic’s policy applies not only to Chinese-headquartered companies but also to any foreign entities they own, including subsidiaries in Singapore, Hong Kong, or elsewhere. This approach closes the very side door that OpenAI and Google have left open, though it also limits Anthropic’s potential revenue from one of the world’s largest markets for cloud computing and AI services.

Experts warn that the current framework is outdated. Tracking corporate lineage rather than server locations could close the loophole, but such changes have not yet materialized. For now, the gap remains open, allowing blacklisted firms to operate through international subsidiaries. As national security concerns mount, policy experts are urging Washington to overhaul its trade frameworks. Instead of restricting where a server sits or what regional address is on the mailbox, future regulations will likely have to focus on tracking the actual corporate lineage of the end-user. Until those laws catch up, the software loophole remains wide open. Policymakers face the difficult task of defining what constitutes a controlled entity in an era where a single holding company can own dozens of subsidiaries across multiple jurisdictions, each with its own legal identity and data-handling practices.

The situation raises questions about how global tech access will evolve. Companies must balance innovation with security risks, while policymakers grapple with how to enforce rules in a world where digital borders are easier to cross than physical ones. The challenge lies in ensuring that tools designed for global use don’t inadvertently fuel systems that undermine the very values they claim to uphold. Both OpenAI and Google continue to operate under the current legal framework, arguing that their compliance teams actively monitor for violations and that suspending service to entire regions would harm legitimate businesses and researchers who have no connection to China’s defense sector. Meanwhile, the three Chinese tech giants maintain that their Singapore subsidiaries are independent operational units that comply with all local laws and US export regulations as they currently stand.

Leave a Comment

Your email address will not be published.