SCOI Atlas · L3 Gates
L3A Compliance & Export Controls
Export licenses, sanctions, national-security controls on models and compute.
TL;DR · Direct answer
L3A Compliance & Export Controls is a sublayer of L3 Gates in the Supply Chain of Intelligence™ (SCOI) by Anand Arivukkarasu. It is a required capability but not on its own a durable moat. Assume enterprise sales will ask compliance questions your Series A team cannot answer. Hire for it earlier than you want to.
What actually matters at L3A
- Export controls now cover model weights, not just chips.
- Compliance is increasingly extraterritorial — EU AI Act reaches beyond EU customers.
- This gate is binary at enterprise sales, not a soft criterion.
The startup lens
Assume enterprise sales will ask compliance questions your Series A team cannot answer. Hire for it earlier than you want to.
Vertical lens — how this plays across categories
Defense AI
ITAR-cleared stack is table stakes.
Financial AI
OCC / EBA model risk management (MRM) frameworks are mandatory.
Healthcare AI
FDA / MDR pathways drive product architecture from day one.
How to defend L3A
- Compliance-by-design architecture.
- Model cards, audit trails, incident logs as engineering artifacts.
Other sublayers in L3 Gates
L3B
Quality Gates
Evals, benchmarks, regression suites — the tests that decide what ships.
L3C
Safety, Security & Provenance
Guardrails, jailbreak defenses, PII redaction, content provenance and watermarking.
L3D ★
Editorial Gates
Human editorial control over what models say — style, tone, factual thresholds, brand voice.
L3E ★
Distribution Gates
App stores, model marketplaces, enterprise procurement — who is allowed to reach the user.