?asOf= parameter to see the current catalog state.The recurring exclusion of military, intelligence, and national-security AI uses from civilian AI-governance instruments. EU AIA Art. 2(3) explicit exclusion; US EO 14110 §11 + NSM-10 separate track; CoE AI Convention Art. 3 carve-out; UK White Paper sectoral-regulator-only scope; India DPDPA state-security exemptions. China's approach is notable for treating state security as the central concern, not a carveout.
Definition & scope
The cross-jurisdiction picture below shows how each of 45 tracked instruments treats this topic. The patterns vary substantially — and 33 regimes are silent, leaving gaps that future policy work could address.
Coverage across jurisdictions
Historical primacy & cross-jurisdiction tension
First addressed by DFARS Subpart 252.204 (Safeguarding Covered Defense Information and Cyber Incident Reporting) on (governs). Subsequent regimes have either codified, diverged from, or remained silent on this baseline.
- Forum-shoppingEU AI Act↔Executive Order 14179 — Removing Barriers to American Leadership in AI
- Forum-shoppingExecutive Order 14110 on Safe, Secure, Trustworthy AI↔Interim Measures for Generative AI Service Management
- Forum-shoppingCouncil of Europe Framework Convention on AI↔G7 Hiroshima AI Process Code of Conduct
Compare jurisdictions: EU vs US · EU vs UK · EU vs CN
Enforcement & impact
Silent regimes — gap signal
Instruments that do not address National Security Carveouts in AI Regulation — candidates for future policy work.
- Executive Order 14179 — Removing Barriers to American Leadership in AIUS
- Interim Measures for Generative AI Service ManagementCN
- G7 Hiroshima AI Process Code of ConductG7
- OECD AI Principles (Recommendation)OECD
- UN GA Resolution on Safe, Secure, Trustworthy AIUN
- NIST AI Risk Management FrameworkUS
- Bletchley Declaration on AI Safetyglobal
- Seoul Declaration on Safe, Innovative and Inclusive AIglobal
- NIST AI RMF Generative AI ProfileUS
- California SB-1047: Safe and Secure Innovation for Frontier AI Models ActUS
- Brazil AI Bill (PL 2338/2023)BR
- ASEAN Guide on AI Governance and EthicsASEAN
- African Union Continental AI StrategyAfrican_Union
- Anthropic Responsible Scaling Policy (RSP) v2US
- OpenAI Preparedness FrameworkUS
- Google DeepMind Frontier Safety FrameworkUS
- Meta Frontier AI FrameworkUS
- UK-US AI Safety Institute Memorandum of Understandingglobal
- White House Voluntary AI CommitmentsUS
- Singapore Model AI Governance Framework for Generative AISG
- Japan METI AI Guidelines for BusinessJP
- General Data Protection Regulation (GDPR)EU
- EU General-Purpose AI Code of PracticeEU
- OMB Memorandum M-24-10 (Advancing Governance, Innovation, and Risk Management for Agency Use of AI)US
- California SB-53: Transparency in Frontier Artificial Intelligence Act (TFAIA)US
- California SB 243: Companion ChatbotsUS
- California SB 942: AI Transparency ActUS
- Revised Product Liability Directive (Directive (EU) 2024/2853)EU
- UNESCO Recommendation on the Ethics of Artificial IntelligenceUNESCO
- Directive (EU) 2024/2831 on improving working conditions in platform workEU
- New York RAISE Act: Responsible AI Safety and Education ActUS
- TAKE IT DOWN Act (Tools to Address Known Exploitation by Immobilizing Technological Deepfakes on Websites and Networks Act)US
- UN Global Digital CompactUN
See also
Further reading
14 academic & grey-literature sources bearing on this topic — catalogued metadata with a primary link; one-line findings are ✦ AI-generated summaries, labeled as such (charter §7.9). Browse the full literature index.
- Predictive policing and predictive justice: Ethics, data protection, and the AI act Peer-reviewed✦ AIExamines how predictive-policing and predictive-justice systems interact with data-protection law and the AI Act's law-enforcement provisions, exposing accountability and oversight shortfalls.
- National Security and New Forms of Surveillance: From the Data Retention Saga to a Data Subject Centred Approach Peer-reviewed✦ AIArgues the CJEU's controller-based route for applying EU law to national-security surveillance 'creates significant legal uncertainties,' proposing a data-subject-focused scope instead.
- Cop out: security exemptions in the Artificial Intelligence Act (in: Automating Authority — AI in European police and border regimes) Civil society✦ AIDocuments how AI Act security exemptions plus police powers to restrict supervisory information-sharing will make meaningful supervision of policing and migration AI 'extremely difficult.'
- The AI Act Roller Coaster: The Evolution of Fundamental Rights Protection in the Legislative Process and the Future of the Regulation Peer-reviewed✦ AITraces how the AI Act's law-enforcement and national-security exceptions widened during negotiations, producing 'double standards for fundamental rights protection' and gaps in the regulatory framework.
- Toward a global standard for ethical AI regulation: addressing gaps in AI-driven biometric and high-resolution satellite imaging in the EU AI Act Peer-reviewed✦ AIIdentifies how the AI Act's military, defence and national-security exclusions leave biometric and satellite-imaging surveillance under-regulated, arguing for a global standard to close these gaps.
- Prohibited AI surveillance practices in the Artificial Intelligence Act: promises and pitfalls in protecting fundamental rights Peer-reviewed✦ AIArgues the AI Act's Article 5 surveillance prohibitions are undercut by broad law-enforcement and security exceptions, so 'enforcement of fundamental rights and data protection law' must do the heavy lifting against mass survei…
- The EU AI Act: National Security Implications (CETaS Explainer) Research institute✦ AIExplains the AI Act's national-security exclusion 'does not apply to any dual-use technologies that are also used outside of the national security context,' and that rights groups dispute it.
- Facial Recognition Technology in Policing and Security—Case Studies in Regulation Peer-reviewed✦ AIThrough regulatory case studies, argues facial recognition in policing requires a tailored governance framework grounded in necessity and proportionality rather than ad hoc deployment.
- The AI Act National Security Exception: room for manoeuvres? Think tank✦ AIArgues the AI Act's exclusion of systems used 'exclusively for military, defence or national security purposes' will be destabilised by the unresolved CJEU/member-state contest over what national security means.
- A Struggle for Competence: National Security, Surveillance and the Scope of EU Law at the Court of Justice of European Union Peer-reviewed✦ AIAnalyses how the CJEU in Privacy International and La Quadrature du Net subjected member-state national-security surveillance to EU law, turning the national-security boundary into a contested struggle over competence.
- Big Brother Watch and Others v. the United Kingdom Peer-reviewed✦ AICase note on the ECtHR Grand Chamber's first post-Snowden bulk-interception ruling, holding bulk surveillance not per se disproportionate but requiring end-to-end independent oversight safeguards.
- Bulk Surveillance in the Digital Age: Rethinking the Human Rights Law Approach to Bulk Monitoring of Communications Data Peer-reviewed✦ AIContends 'utility and harm calculations can conceal the complex nature of contemporary digital surveillance practices,' rethinking human-rights-law tests for bulk communications surveillance.
- Data retention as mass surveillance: the need for an evaluative framework Peer-reviewed✦ AIArgues data-retention mandates justified by national security amount to mass surveillance and proposes an evaluative framework because such 'highly intrusive proposals' lack an agreed basis for assessment.
- The Executive Order on Removing Barriers to American Leadership in Artificial Intelligence (implementation tracker) Research institute✦ AIProvision-by-provision tracker of EO 14179 implementation and its America's AI Action Plan follow-on (Jul 2025).
References
The primary instrument sources behind the article's classifications.
- EU-AIA-2024: Art. 2(3) explicitly excludes AI systems used exclusively for military, defence, or national-security purposes
- US-EO-14110: §11 national-security exemption; NSM-10 parallel-track governance for national-security AI
- UK-WHITEPAPER-2023: Defence + intelligence excluded via sectoral-regulator scope; carveout via omission rather than explicit clause
- COE-AI-CONV: Art. 3 — does not apply to AI used for national security / defence
- IN-DPDP-2023: DPDPA exemptions for state-security functions (Art. 17); not specifically AI but applies
- GSA-AI-GUIDE-2024: Guide references existing federal supply-chain risk-management framework (FAR Part 4 Subpart 4.21) which carries national-security overlays
- DOD-RAI-2022: The S&IP IS the DoD-specific RAI framework; tenets + ethical principles operationalise the national-security AI use case rather than carving out from a civilian framework
- FEDRAMP-AI-2024: FedRAMP High baseline + JAB authorisation route exists for higher-sensitivity use cases; classified systems are outside FedRAMP scope and governed by separate ICD-503 / NIST SP 800-53 IC overlay frameworks
- DFARS-252-204: 252.204-7012 + CMMC clauses (-7019/-7020/-7021) are the operative national-security-overlay framework for defence-acquisition information security; the subpart IS the carveout regime
- CN-DEEPSYN-2022: Art. 6, Art. 19 & Art. 20
- IT-AILAW-2025: Art. 6 — activities for national-security purposes by the intelligence services, ACN cybersecurity/resilience, national-defence by the Armed Forces, and certain national-security policing are excluded from the law's scope (subject to fundamental-rights respect; further rules by regulation under l. 124/2007 art. 43).
- JP-AIPROMO-2025: Act No. 53 of 2025, Art. 3(2)
Cite this article 8 formats · BibTeX, RIS, APA, Chicago, … · 1-click copy
Persistent identifier: https://policywindow.org/wiki/national-security-carveouts — committed-stable URL with content-versioning via ?asOf= (rollout pending per methodology §7). DOIs via Zenodo are on the roadmap.
Article tools — track changes, suggest an edit
View history — every captured revision of this article · What links here
12 instruments tracked.