Combat drones and artificial intelligence:

Modern combat drones and artificial intelligence systems are bringing revolutionary possibilities to both the civil and military sectors. However, for companies developing these technologies, this means they need to be familiar with the legal regulations governing so-called dual-use goods – i.e. products, software or technologies that can be used for both civil and military purposes. Failure to understand and comply with these rules can lead to serious penalties, trade restrictions and reputational damage. In the following text, we therefore provide a clear explanation of what the regulation of dual-use goods in the field of AI and drones entails, what obligations it imposes on companies and what to look out for to ensure that your innovations do not end up in conflict with the law.

Author of the article: ​ARROWS (JUDr. Jakub Dohnal, Ph.D., LL.M., office@arws.cz, +420 245 007 740)

An example of a combat drone exhibited at a military trade fair. Although originally intended for military use, similar unmanned systems or their components may also be offered on the civilian market – and thus fall into the category of dual-use goods under applicable regulations.

What are dual-use goods?

Dual-use goods are products, technologies and software that can be used for both civilian and military purposes. This category therefore covers a wide range of items, from materials and components to machines and advanced algorithms. The legal definition in European and Czech regulations explicitly states that dual-use also includes intangible goods such as software and technical documentation. In other words, a product originally developed for legitimate civilian use may, due to its characteristics, also find application in the arms industry and is therefore subject to special supervision.

Typical examples of traditional dual-use goods include CNC machine tools, which can be easily used for the production of weapons in addition to civilian production, or chemical substances commonly used as cleaning agents but which can serve as precursors for chemical warfare agents.

In addition to such ‘tangible’ items, this category now also includes software with AI elements, drones and other digital technologies with potential for military misuse. The European list of controlled dual-use items therefore includes not only weapon components, but also items that can be used for the development of weapons of mass destruction, cyber attacks, missile construction or espionage and surveillance. From a legal perspective, therefore, it is not just about weapons or ammunition, but also about subtle technologies that can indirectly enhance military capabilities.

Legal framework for AI and drones with military potential

The regulation of dual-use goods is based on several levels. In the European Union, a uniform legal framework applies – currently Regulation (EU) 2021/821, which replaced the previous regulation (Council Regulation 428/2009) in September 2021. This regulation harmonises the rules for the control of exports, transit, brokering and technical assistance related to sensitive items. A key element is the common list of dual-use items (Annex I to the Regulation), which defines which goods are subject to authorisation. This list is regularly updated in line with technological developments and international agreements.

Czech legislation (in particular Act No. 594/2004 Coll., as amended) implements the EU Regulation and lays down procedures for granting licences and penalties for infringements. In the Czech Republic, the agenda is administered by the Licensing Administration of the Ministry of Industry and Trade, which assesses companies' applications for export licences and supervises compliance with the regulations.

It is important to note that legal control does not only apply to finished physical products. The export of software or technology electronically (e.g. sending technical data abroad by e-mail or making an AI model available to foreign users on the cloud) may also require a licence. Similarly, providing technical assistance (e.g. consulting on the deployment of an AI system in another country) or brokering trade in dual-use items are activities covered by the legal framework. The development of technology as such is not prohibited, but companies must consider at an early stage whether the final product will be subject to controls when it is subsequently used or exported.

It is necessary to distinguish whether a specific product falls under dual use or purely military material. If your AI system or drone was specifically designed for military purposes, it may be classified as military equipment, which is not subject to the dual-use regime but to even stricter arms regulations (in the Czech Republic, Act No. 38/1994 Coll. and related regulations; in the EU, the Common Military List). On the other hand, many technologies with potential military applications that are not exclusively designed for military use fall under the dual-use category.

Companies in the AI and drone sectors will therefore generally have to deal with the dual-use regime: the obligation to apply for authorisation when exporting to so-called third countries (outside the EU), keep records, indicate in documents that the goods are controlled, etc. Exports within the EU are free for most dual-use items, but there are exceptions and special rules (e.g. for certain highly sensitive technologies).

Key international regimes and regulations

Rules on technology export controls are also based on international agreements and regimes to which the Czech Republic and the EU are parties. The most important ones include:

Wassenaar Arrangement – a multilateral regime for the control of exports of conventional arms and dual-use technologies, with 42 participating states.

The aim is to increase transparency and accountability in the transfer of sensitive items in order to prevent destabilising arms build-up. The Wassenaar Arrangement provides the basis for lists of controlled goods (both military and dual-use) that Member States apply in their legislation. The EU draws directly on this regime when updating its lists.

Other control regimes – there are specialised groups focusing on specific types of threats: e.g. the Nuclear Suppliers Group (NSG) for nuclear materials, the Australia Group for chemical and biological substances, and the Missile Technology Control Regime (MTCR) for guided missiles. These regimes supplement the control of items that may contribute to the proliferation of weapons of mass destruction and their means of delivery.

UN and EU sanctions regimes – in addition to ‘normal’ dual-use controls, companies must also monitor international sanctions. The UN, the EU and individual states impose embargoes and restrictions on certain countries, organisations or individuals. These sanctions may prohibit any trade in advanced technologies (including dual-use goods) with the entity concerned.

Currently, for example, EU sanctions against Russia have significantly restricted the export of a range of technologies that could support the Russian military sector, including drones, encryption equipment, semiconductors and other electronics. Sanctions often go beyond the standard dual-use regime and prohibit the export of items that would otherwise be freely tradable if there is a risk of their military use by the sanctioned party. Companies must therefore check who they sell their products to and keep up to date with sanctions lists.

Practical examples: What to watch out for

What specifically may fall under AI and drone regulations? Below are some typical examples of dual-use items from this sector that companies should watch out for:

Drones and unmanned systems

Many UAVs (unmanned aerial vehicles) used in industry or agriculture have parameters that can also be used by the military. For example, drones with long range, autonomous navigation capabilities or the ability to carry heavier loads may require a licence for export. The EU directly classifies drones, drone engines and their software as key sensitive technologies. Even ordinary ‘hobby’ drones for recreational use may be subject to restrictions if they are misused by the military – EU sanctions following the invasion of Ukraine banned the export of recreational drones to Russia precisely because of their military use.

Your company manufacturing drones should therefore carefully monitor whether its models exceed certain performance characteristics (speed, range, flight altitude, autonomous control, etc.) that would place them on the control list.

Artificial intelligence software

AI systems themselves can be intangible products subject to control. In particular, software designed for data analysis, image recognition or decision-making that could be used for military intelligence or weapon control systems may require an export licence. For example, software for processing satellite images, autonomous drone control or combat scenario simulation would fall under the scrutiny of the authorities. The EU also cites software used to manufacture weapons and specialised algorithms for cryptography as examples.

Be aware of encryption software – strong encryption algorithms or cyber security tools are on the dual-use list (Category 5, Part 2) and their export to certain countries may be restricted. If your AI solution includes advanced encryption, you must take this into account.

Cyber tools and surveillance technologies

In response to modern threats, the EU has introduced a new category of ‘cyber surveillance technologies’. These are dual-use items specifically designed to enable covert surveillance of individuals, such as eavesdropping on communications, spying on IT systems, and monitoring and analysing user data.

Typical examples include spyware (malicious software designed for espionage) and tools for breaking network security.

These tools can be misused by authoritarian regimes to suppress internal opposition or violate human rights, and their export is therefore subject to very strict controls or outright bans. Companies developing security software, monitoring, forensic IT tools, etc. should know whether their products fall into this category – and bear in mind that even if they are not directly listed, they may be subject to a so-called catch-all clause (authorities may require a licence if they find that an unidentified product could be used for repression or rights violations).

Sensors, components and electronics: The field of AI and drones cannot do without hardware – and even that is often regulated. Thermal imaging and night vision cameras, radars, LIDARs, detectors and other highly sensitive sensors are commonly included in dual-use lists as they can improve the capabilities of weapon systems (e.g. missile guidance, battlefield reconnaissance).

Similarly, advanced chips and semiconductors (e.g. powerful FPGAs or GPU accelerators for AI) are subject to controls, especially if they meet certain computing power criteria. In the context of sanctions, the EU explicitly mentions advanced electronics and semiconductors among the technologies that are prohibited from being supplied to the Russian military.

Communication modules (devices for radio transmission, satellite communication, etc.) with interference resistance or encryption are also subject to export restrictions. For manufacturers of electronic components for drones or AI systems, this means that they must check the technical parameters of their products against the items on the list – e.g. the accuracy of GPS modules, the resistance of gyroscopes, the performance of processors, etc.

(The above examples are not exhaustive – dual-use regulations cover many other areas. If you are unsure whether your product is subject to control, it is advisable to conduct a detailed legal analysis.)

Penalties and reputational risks for violating the rules

Failure to comply with export control rules can have very serious consequences for a company. In the Czech Republic, this is an administrative offence (misdemeanour) punishable by heavy fines – up to CZK 20 million for the most serious violations (e.g. illegal export without a licence).

In addition to financial penalties, the authorities usually impose a ban on the issuance of export licences for a certain period, which can effectively paralyse a company's international trade.

Under Czech law, if a company is found guilty of exporting without a licence, it will not be able to obtain a new export licence for the goods in question for a period of three years. In other words, one mistake can knock a company out of lucrative foreign markets for several years.

However, the sanctions can go even further. In cases of deliberate and serious violations (especially if a company circumvents an embargo or supplies technology to prohibited regimes), criminal penalties may be imposed on the individuals responsible.

We know from foreign cases that, for example, the US authorities have prosecuted senior executives of companies that knowingly violated export laws – for example, if it is proven that a company intentionally exported prohibited technology to Iran or North Korea, managers face imprisonment.

For the company itself, such misconduct poses a huge reputational risk: it may end up on a blacklist (a list of untrustworthy exporters), business partners may terminate their cooperation, and the company may be associated in the media with support for undemocratic regimes or the proliferation of weapons. For example, the well-known case of the Chinese company ZTE showed that violating US sanctions led to a seven-year ban on the supply of key components for its products – a consequence that threatened the very existence of the company. However extreme this example may be, it clearly illustrates that compliance in the area of dual-use is not just a formality, but a matter of a company's viability in the global market.

How legal advice and compliance can help

For companies in the AI, drone and other advanced technology sectors, complying with export controls and sanctions regulations is challenging but essential. High-quality legal advice and a well-designed compliance programme can play a crucial role in this area.

What should your company focus on and how can experts help?

Product identification and classification

Legal experts can help you determine whether specific software, hardware or components fall under the dual-use list. This classification according to numerical codes (ECCN in US terminology or Annex I of the EU Regulation) is the first step – without correct identification, it is impossible to know what restrictions apply to exports. In rapidly evolving areas such as artificial intelligence, this can be complex and requires up-to-date knowledge of how the regulations are interpreted.

Export licence applications

If your product is controlled, you must obtain a licence from the Ministry of Industry and Technology (MPO) to export it outside the EU. A legal representative will guide you through the process – helping you fill out the application, communicate with the authorities and provide all the necessary information (purpose, end user, technical parameters, etc.). Properly prepared documentation increases the chances of smooth and quick approval.

Errors or omissions in the application can lead to rejection or delays in trade, which many companies cannot afford.

Internal compliance programme

Regulators emphasise that exporters must have internal control mechanisms in place – known as an Internal Compliance Programme (ICP). This includes employee training, customer verification procedures, monitoring of legislative changes, and so on. In 2021, the European Commission issued recommendations for a uniform approach to export compliance.

A legal advisor can help you set up an ICP tailored to your company so that it complies with the recommendations of the authorities and covers the specific risks of your business. This may include, for example, automated checks of sanctions lists for each new order, contractual clauses prohibiting re-export by your customers, or escalation procedures in case of suspicion that a product could be misused for undesirable purposes.

A well-designed compliance programme not only reduces the risk of non-compliance, but can also be a mitigating factor if an incident occurs (demonstrating the company's good faith).

Ongoing legal monitoring

The area of dual-use and sanctions is constantly evolving – new categories are emerging (see cyber surveillance), sanction regimes are changing in response to the geopolitical situation, and the list of controlled items is updated annually.

Our specialised law firm monitors these changes and notifies you in a timely manner of any new restrictions that could affect your products or markets. This gives you a competitive advantage – you can modify your product in advance, change your sales destination or apply for a licence before others react.

Furthermore, although compliance with export controls can sometimes slow down trade, ignoring them could jeopardise the existence of a company. Ultimately, regulatory requirements also protect exporters themselves – by preventing unintentional involvement in illegal activities, you avoid damaging your business interests and reputation. Therefore, export risk management should be an integral part of the strategy of any technology company targeting global markets.

ARWS – cutting-edge expertise in law and AI

ARWS is a leading law firm in the field of modern technology and artificial intelligence, with a strong international focus. Our specialists understand both the technical aspects of AI and drones and the details of international regulations – from EU regulations and control regimes to UN sanctions.

We will help your company set up effective compliance, assess the export risks of your products and ensure that the innovations you develop can safely and legally conquer global markets. Do not hesitate to contact us for a consultation – we are your reliable partner in the field of law and AI.