Quantum Export Control Regulatory Framework
Interview with Ivon Guo
(Morgan Lewis)
Quantum Geopolitics
MAY 1, 2026 / BY YLAN TRAN
The opinions, interpretations, and conclusions expressed in this article are solely those of the interviewee(s) and do not necessarily reflect the views of their employers, affiliated institutions, or any organizations with which they are associated. The interviewee(s) bear full responsibility for the content.
Quantum Export Control is quietly shaping the future of the quantum supply chain, and rapidly emerging as one of the most strategic legal fields in deep tech as highlighted in our “Will Quantum Export Control Secure the Future or Shatter it?” piece . But what do these rules actually mean for quantum companies in practice? Which regulatory constraints come into play when entering a joint venture, negotiating an M&A transaction, expanding internationally, or even publishing research papers?
As part of our Quantum Geopolitics Series, focusing on Quantum Export Control, and to better understand what’s happening in the field, we had the pleasure to interview JiaZhen (Ivon) Guo, senior associate at Morgan, Lewis & Bockius LLP (Washington, DC), in the Telecommunications, Media & Technology group, with cross-practice work in International Trade & National Security, and Intellectual Property.
Before law, Ivon was trained as an electrical engineer and studied electronic information engineering at Tongji University, before getting a master’s in computer science at George Washington University. He then worked on the technical side as a software engineer at Cvent, one of the largest event technology SaasS companies providing event management tool based in Mclean, Virginia.
His export control practice spans the Export Administration Regulations (”EAR”), International Traffic in Arms Regulations (”ITAR”), as well as the Committee on Foreign Investment in the United States (”CFIUS”), Team Telecom (now CAFPUSTSS), and more recently the Outbound Investment Security Program (”OISP”). The clients he serves sit at the frontier of emerging technology: including cloud infrastructure, data centers, telecommunications equipment, semiconductors, IoT, AI, and increasingly quantum technologies.
Background and Practice
How has quantum become part of your work?
I am not a quantum computing engineer, but I know enough to be dangerous, and my technical background continues to shape how I approach export controls and trade compliance.
Quantum entered the practice through two doors. First, hardware clients building cryogenic, photonic, and superconducting systems whose components started appearing on revised control lists. Second, transactional work in the context of PE/VC, M&A, as well as both outbound and inbound investment where CFIUS and allied Foreign Direct investment (FDI) screening regimes started flagging quantum exposure. Since BIS’ September 2024 interim final rule, what was an ad hoc classification exercise has become a structured compliance workstream.
Who are your clients in the quantum space, and what are they coming to you with? What concerns keep them up at night?
Three buckets: (1) hardware developers building qubit systems, cryogenics, and control electronics; (2) enabling-technology vendors (providers of lasers, RF, specialty semis, software toolchains especially encryption tools) whose products feed into quantum stacks; (3) and investors and corporates doing M&A or strategic investment into quantum companies.
These companies often come to our firm with regard to export control classification questions (e.g., does this system cross 34 qubits at the relevant CNOT fidelity? is this dilution refrigerator captured under 4A906?), licensing strategy for shipments to subsidiaries, joint-ventures, and academic collaborators, deemed export reviews for foreign-national researchers and engineers, supply-chain mapping, CFIUS on inbound deals and OISP on outbound investments.
What keeps them (and me) up at night, as often seen in other emerging technology sectors, is regulatory whiplash. For example, many are anticipating the thresholds set in 2024 may tighten next year, but their hardware roadmap runs three years out. Talent scarcity is another issue, as a large share of U.S. quantum PhDs are foreign nationals, and deemed export rules complicate hiring. Additionally, supply chain concentration in helium-3, niobium, and specialized photonics, where their own jurisdictions are tightening. Lastly, there also is the enforcement exposure if BIS opens an end-use check on a system already in the field. The unknowns dominate the knowns.
Focus on Quantum Export Control
Quantum export control is still very young. From a practitioner’s perspective, how would you characterise where we are in the maturity of this regulatory framework? Do you see differences in maturity between companies in the field?
You are right on point that quantum export control is still nascent. The international scaffolding solidified in late 2024 through 2025: BIS’ September 2024 interim final rule, Japan’s FEFTA update the same month, and the EU’s 2025 dual-use list update finally bringing quantum computing and cryogenic systems under binding rules after years of Russia blocking action at Wassenaar.
In my view, we are roughly where semiconductor controls were around 2018, where I started my export control practice, but the categories (and technical parameters) are still being calibrated against a fast-moving technical frontier. The headline thresholds, qubit count plus two-qubit CNOT fidelity, capture mid-range systems but sit well short of the fault-tolerant horizon that actually carries the strategic risk.
I have also seen stark differences in maturity between companies. Well-capitalized hardware firms, especially those with defense customers or US prime relationships, have built classification matrices, deemed export procedures, and license forecasting into ongoing operations. These are not easy to implement and can be very costly. Other smaller players, particularly university spinouts and startups, still treat compliance as a transactional checkbox and they tend to address those issues at deal close (often in the CFIUS context), then move their attention elsewhere. With BIS getting more budget on enforcement actions, that gap could get expensive as BIS begins running end-use checks on quantum systems already in the field, which I expect within the next eighteen months.
One of the most distinct features of the US framework is the “deemed export” rule, which treats sharing controlled knowledge with certain foreign nationals on US soil as an export. The EU has no equivalent. How significant is that asymmetry in practice for companies, for universities, for hiring?
As I mentioned earlier, it is significant, and often underappreciated outside trade compliance circles. To level set a bit for the readers, the deemed export rule means that releasing controlled technology to a foreign national inside the United States is treated as an export to that person’s most recent country of citizenship or permanent residency (put it in another way, no atom needs to cross a border). In contrast, I am not an EU lawyer, but my understanding of the EU framework is that it triggers only on physical or electronic cross-border transfer.
The asymmetry lands hardest in three places. U.S. universities, where quantum PhD programs run heavily international and license analysis for graduate researchers is administratively burdensome and chilling, especially in light of some of the investigations into the U.S. universities on foreign talents. At the same time, U.S. quantum companies hiring globally, where a non-allied-national postdoc working on a controlled architecture creates compliance exposure. And multinationals running parallel R&D, who increasingly steer sensitive workstreams to EU sites specifically to avoid deemed export concerns and compliance difficulties in the United States. The net effect is a quiet talent and research arbitrage favoring EU jurisdictions.
How does quantum export control compare, in complexity and in legal risk, with other dual-use technology areas you work on, semiconductors, AI, biotech? What makes quantum specific?
This is a very complicated question and each technology area is a different problem.
Semiconductors offer relatively trackable and verifiable chokepoints, including EUV lithography, advanced packaging, leading-edge fabs, performance density, technology node, and a mappable supply chain.
AI is the opposite, as the controlled object is weights, code, and compute (calculated by a defined term “operations” under EAR and computational operations such as integer or floating operations under the OISP), all intangible and often invoked by API, so controls are still searching for a moving target.
Biotech tracks closer to traditional ITAR/EAR logic for pathogens and dual-use research of concern.
Now, quantum has its own profile and three features make it distinctive. First, superconducting, trapped ion, neutral atom, photonic, and topological systems each carry different components and supply chains, so a list calibrated to one modality may not apply to another. Second, today’s controls under the EAR capture systems near 34 physical qubits at certain fidelity, while machines that could actually break public-key cryptography sit several orders of magnitude away in error rate. We are regulating an interesting layer that is not yet decisive. Third, dual-use blurring at the hardware level, as the same machine that accelerates drug discovery executes Shor’s algorithm at scale and you cannot separate application from capability. That makes drawing the export line a genuinely harder engineering judgment than in chips or AI.
Strategic Implications of Quantum Protectionism
Export controls don’t just restrict, but they also shape an industry. How do you see your quantum clients adjusting their IP strategy, their R&D partnerships, or their supply chain decisions in response to the current framework? Could you walk us through a concrete example?
On IP, clients are publishing more cautiously. Disclosures that two years ago went straight to arXiv or OIST now run through trade compliance review first. Does the underlying know-how fall within EAR scope, and does publication itself constitute a release under 15 CFR 734.7? We see more provisional patent filings before disclosure and tighter governance over what stays in fundamental-research status (decontrolled) versus proprietary R&D (not). Under the Invention Secrecy Act of 1951, the U.S. government can impose additional secrecy orders on patent applications, prohibiting public disclosure to protect national security.
On partnerships, foreign collaborators are screened earlier. Multi-party consortia now go through structured trade review before NDAs, not after, and joint-venture structures are designed to keep deemed-export-sensitive work inside jurisdiction-aligned legal entities.
On supply chain, we have seen companies dual-source dilution refrigerators, helium-3, and niobium with allied-country backups, even at meaningful cost.
I can’t provide a concrete example due to confidentiality reasons, but on a very high level, we have advised on compliance programs requiring controlled architecture work, sat with cleared US-person teams (including permanent residents), while foreign-national hires were assigned to fundamental research and applications-adjacent layers.
Beyond export controls, FDI screening regimes, are becoming a parallel layer of quantum governance. How do these interact with export control in your practice? Are they complementary, or do they create conflicting obligations?
In my view, mostly complementary, with friction at the seams. Export controls regulate the outbound flow of technology at the research and development, and the export, reexport, and transfer(in-country) level. FDI screening (including CFIUS in the US for inbound, OISP for outbound, the EU FDI Screening Regulation, the UK’s NSI Act, and other equivalents) regulates inbound and outbound investment at the deal level. They reflect the same underlying concern.
In quantum, the overlap is substantial. CFIUS could treat quantum as a Critical Technology that might trigger a mandatory filing, and the EU’s revised FDI regulation will require Member States to screen quantum investments. So a single Series B with a non-US strategic investor could simultaneously trigger a CFIUS review, a Member-State filing on European operations, and export control license analysis on what the investor will see during diligence and as part of the closing conditions.
At Morgan Lewis, we routinely build clean-team or deal structures, tiered disclosure protocols, and staged technology access to satisfy all applicable regimes simultaneously. In doing so, we often work across our Telecommunications, Media & Technology and International Trade and National Security teams, where I’ve collaborated closely with colleagues including Ulises Pin, Katelyn Hilferty, Michael Huneke, and David Plotinsky. We have developed war plan to address the interaction in semiconductors, biotech, and AI. Quantum is newer to the same dance, but the choreography transfers.
Have you seen FDI screening actually block of significantly condition a transaction in the quantum space, or reshape how a deal was structured to avoid scrutiny? If not, is it something that you have noticed in other deep tech/dual-use fields?
I personally have not experienced that in my recent transactions and I cannot speak on behalf of other practitioners at my firm or in this space. But outright blocks in quantum have been rare publicly and deal volume is still modest. CFIUS may have imposed conditions on quantum investments without making them public, which is typical of the process. Similar to other emerging technology areas, conditioning likely is the more common outcome unless the transaction was a non-notified transaction involving a foreign country of concern deemed by the U.S. government: mitigation agreements, governance restrictions on board observer rights, walled-off logical and physical access to controlled IP, and in some cases divestiture or carve-out of US operations.
I have learned that the UK has been the most visible jurisdiction to actually use NSI Act powers on quantum-relevant transactions, including imposing conditions on US-backed deals. That, in and by itself, is a useful reminder that allied screening regimes do not automatically align with US strategic interests.
In adjacent dual-use fields we do have more visibility because of higher transaction volume. CFIUS has blocked or forced unwind in semiconductors, genomics, and AI/data analytics across multiple matters. The structuring techniques developed there (mitigation agreements with USG monitoring, staged information access) can also be ported preemptively into quantum deals. As such, sophisticated parties on both sides now design transactions assuming review, rather than waiting to be told one is required.
Looking ahead
There is an inherent tension between coalition-building, getting allies to align on the same controls, and the US tendency toward unilateral action. Do you think the current US-EU-Japan alignment on quantum controls is durable, or fragile?
Between the three countries, the underlying concern set is genuinely shared, as all three jurisdictions read quantum decryption risk and dual-use sensitivity the same way. Economic stakes are still modest, so domestic industrial constituencies are not yet pushing back hard. And the technical thresholds in BIS’ 2024 interim final rule, the EU’s 2025 dual-use update, and Japan’s FEFTA revision were calibrated together, which reflects deliberate coordination.
What makes it fragile is the dynamic that has stressed the semiconductor coalition. If Washington unilaterally tightens thresholds, broadens cryogenic controls, or hardens deemed export rules on EU collaborations without genuine multilateral process, European governments will not march along. In other words, this coalition will hold as long as the United States treats it as a coalition, and will start fracturing the moment it does not.
There is an inherent tension between coalition-building, getting allies to align on the same controls, and the US tendency toward unilateral action. Do you think the current US-EU-Japan alignment on quantum controls is durable, or fragile?
This is the billion-dollar question.
First, recalibrate thresholds dynamically and to be fair, this recommendation is applicable to regulations governing all emerging technologies. Static qubit-count and CNOT-fidelity numbers will be obsolete the day they publish. A regime that requires multi-year rulemaking to update parameters simply cannot keep pace with quantum’s roadmap. BIS should continue its technical advisory mechanism, with industry and academic input, that allows frequent recalibration tied to published performance benchmarks.
Second, the U.S. should invest in a credible multilateral process before undertaking further unilateral actions. The semiconductor experience serves more as a cautionary example than a template. Establishing coordination ex ante, whether through a Wassenaar-successor framework, a quantum-focused minilateral, or other targeted multilateral arrangements, is materially less costly than attempting to reconstruct alignment after unilateral measures fragment existing coalitions.
Third, the U.S. should address the talent dimension. The current framework is administratively burdensome, risks deterring foreign quantum researchers from U.S. institutions, and may incentivize the relocation of research activity to jurisdictions such as the EU/UK. A modernized approach, in quantum as well as other fields like semiconductors, should more precisely target national security risks while preserving access to global talent. There is no straightforward solution, but the issue is beyond my pay grade as it warrants deliberate policy design rather than incremental adjustment.
Jiazhen (Ivon) Guo is Associate at Morgan Lewis. He focuses his practice on the telecommunications, media, and technology industry, and advises on a broad array of telecommunications regulatory and statutory issues, national security issues, M&A and financing transactions, US export controls and customs laws, corporate compliance matters relating to data privacy and cybersecurity, and patent litigation. His clients operate at the forefront of emerging technologies and products such as cloud software, consumer electronics, integrated circuit, telecommunications equipment, wireless communications, semiconductor manufacturing, quantum computing, Internet of Things, virtual reality, robotics, and artificial intelligence.