TL;DR — Five Things Your Operations and Legal Teams Need to Know Right Now
- Pasting ITAR-controlled technical data into ChatGPT may already be a crime. Under 22 CFR §120.50, releasing controlled technical data to a foreign-owned AI provider — even accidentally — constitutes a "deemed export" that requires DDTC authorization. The penalty is up to $1M per knowing violation. Criminal referrals are not hypothetical.
- Public LLMs defeat your trade secret protection. The Defend Trade Secrets Act (18 U.S.C. §1836) requires "reasonable measures" to maintain secrecy. Prompting a public LLM with proprietary formulations, process specs, or supplier data almost certainly fails that standard. Courts have issued injunctions against manufacturers for weaker failures of the reasonable measures test.
- NERC CIP compliance prohibits operational data in shared infrastructure. CIP-011 (information protection) and CIP-013 (supply chain risk management) require BES Cyber System Information to stay within your electronic security perimeter. A public LLM API call with SCADA configurations or grid asset data is a CIP violation — with per-day penalties, not per-incident.
- Your supplier NDAs are being breached by your own engineers. When a Tier 1 OEM's NDA specifies "no transmission to third-party services," ChatGPT Enterprise is a third-party service. The supplier doesn't need to win a lawsuit to pull the contract — they just need to audit the logs.
- The fix exists and it doesn't require your engineers to stop working faster. Air-gapped private AI infrastructure keeps your technical data, supplier docs, and operational information inside your network. Build cost: $35K–$55K. The risk it's mitigating could end your defense contracts.
The ITAR / EAR Exposure Surface
The International Traffic in Arms Regulations (ITAR), 22 CFR Parts 120–130, governs the export of defense articles, services, and technical data controlled on the U.S. Munitions List (USML). The regulation is administered by the State Department's Directorate of Defense Trade Controls (DDTC).
What counts as a controlled technical data export under ITAR?
Under 22 CFR §120.50, "export" means:
"(1) An actual shipment or transmission out of the United States... OR
(strong) (2) Releasing or otherwise transferring technical data to a foreign person in the United States (a deemed export)..."
A "foreign person" is defined under 22 CFR §120.54 as anyone who is not a U.S. citizen or lawful permanent resident. This includes foreign-national employees, contractors, and subsidiaries — even inside your facility.
The deemed export problem: If your CAD notes, process specifications, or supplier emails contain ITAR-controlled technical data — and your engineers paste them into ChatGPT, Copilot, or Gemini — you have arguably released that data to a foreign-owned AI provider (OpenAI, Microsoft, Google). OpenAI's API processing infrastructure is not exclusively U.S.-based. This is the deemed export.
The "data in transit" exception is narrower than your engineers think. 22 CFR §120.54(a)(5)(iv) clarifies that data merely in transit via the internet is not deemed to be stored in the countries it transits — but this exception covers ephemeral routing, not retention in a model's weights or training pipeline. The Dinsmore & Shohl analysis of the 2025 amendments notes that "unauthorized access to unencrypted technical data remains prohibited" and that providing access information enabling a foreign person to view unencrypted data violates the rules regardless of the transit exception.
What is ITAR-controlled technical data in a manufacturing context?
ITAR-controlled technical data includes information "required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance, or modification" of defense articles (22 CFR §120.33). This includes:
- Engineering drawings and CAD files for USML-listed components
- CNC programs, process parameters, and tolerance specifications for defense subcontracts
- Technical data provided by prime contractors (Lockheed Martin, Raytheon, etc.) under flow-down ITAR clauses
- Process know-how for manufacturing USML-listed items
Real exposure example: A precision machining company running F-35 structural bracket subcontracts had engineers routinely pasting G-code programs and tolerance callouts into ChatGPT to "explain the part." The tolerance specs (0.001" flatness, critical interface dimensions) were ITAR-controlled. OpenAI's servers — processing queries globally, with employees in multiple countries — constituted a release to foreign persons under 22 CFR §120.50(b). This pattern is exactly what Samsung's semiconductor engineers did, and it became international news.
Civil penalties under the Arms Export Control Act run to $1M per knowing violation. But the existential risk is contract termination. Lockheed Martin and Raytheon subcontracts contain ITAR flow-down clauses. A confirmed violation — or even a credible DDTC investigation — can trigger debarment from defense contracting. That's a business-ending outcome for a regional manufacturer.
EAR (Export Administration Regulations) adds a parallel exposure. Items on the Commerce Control List (CCL) — including many dual-use manufacturing technologies — are controlled under 15 CFR Parts 730–774, administered by the Bureau of Industry and Security (BIS). EAR's "deemed export" rule (15 CFR §734.13) similarly restricts release of controlled technology to foreign nationals. For manufacturers working with semiconductor equipment, advanced machining centers, or certain materials processing technology, the same prompt-and-paste behavior creates EAR exposure in addition to ITAR.
The DTSA and "Reasonable Measures"
The Defend Trade Secrets Act (DTSA), 18 U.S.C. §1836–1839, provides the federal civil remedy for trade secret misappropriation. To establish a trade secret claim, a plaintiff must show:
- The information derives independent economic value from not being generally known
- The owner has taken reasonable measures to keep it secret
The reasonable measures element is the critical vulnerability. The DTSA does not define "reasonable measures" — the legislative history explicitly states that "what constitutes reasonable measures in one particular field of knowledge may vary significantly from what is reasonable in another field." Courts have filled in the gaps, and the results are uncomfortable for manufacturers using public LLMs.
Recent case law on reasonable measures
The Insulet Corp. v. EOFlow matter (D. Mass., 2023–2024) is the most instructive recent case for manufacturing. Insulet, an insulin pump manufacturer, sued EOFlow for trade secret misappropriation under the DTSA. The district court issued a preliminary injunction in October 2023 stopping EOFlow from manufacturing or selling any product developed using the alleged trade secrets. In December 2024, a federal jury awarded Insulet the largest DTSA verdict in history. The Federal Circuit reversed the preliminary injunction in June 2024, but the case demonstrates the stakes: if your trade secrets are in public AI tools, you may be forfeiting your ability to enforce them at all.
The Fourth Circuit's Sherbrooke decision (2025) is the most direct precedent on what "reasonable measures" actually requires. The district court granted summary judgment against a plaintiff who had not plausibly alleged taking reasonable measures to protect proprietary software. The court noted that reasonable measures need not be unique to trade secrets — but they must actually exist and be documented. A company that hasn't documented its information classification, access controls, and employee confidentiality obligations will struggle to meet this standard in court.
How public LLM usage defeats reasonable measures
When an engineer pastes proprietary process parameters, formulations, supplier pricing logic, or manufacturing know-how into ChatGPT, three things happen that destroy the reasonable measures defense:
- Voluntary disclosure to a known third party. The DTSA's "improper means" definition (18 U.S.C. §1839(3)) doesn't require theft — voluntary disclosure to a third party who is not bound by confidentiality obligations can constitute misappropriation. OpenAI's terms of service explicitly disclaim any confidentiality obligation to your prompts.
- Loss of control over the information. Once the data is in OpenAI's system, you cannot audit who accessed it, whether it was retained, or whether it influenced model outputs. Courts will ask whether a reasonable company would consider data "generally known" if it has been processed by the world's most widely-used language model.
- Documentation gap. If your employees are prompting public LLMs with trade secrets and you have no policy, no monitoring, and no documentation of what's been shared — you will not be able to demonstrate reasonable measures. You won't even know what you lost.
The Waymo v. Uber pattern (2017): While a pre-LLM case, Waymo v. Uber established that even one-sided disclosure of trade secrets — in that case, to a competitor via employment — constitutes misappropriation. An AI vendor that processes your trade secrets and may have trained on them is at minimum analogous to Waymo's facts, and the legal exposure is real.
DTSA remedies available to your competitors if you forfeit protection: Injunctive relief, actual damages (lost profits or unjust enrichment), exemplary damages up to 2x actual damages (for willful and malicious misappropriation), and attorney's fees.
NERC CIP — Why Operational Data Can't Touch Shared Infrastructure
The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards are mandatory cybersecurity requirements for entities that own or operate Bulk Electric System (BES) assets. Enforced by FERC, with penalties up to $1M per violation per day, NERC CIP is not optional for utilities — it is federally mandated.
CIP-011 (Information Protection) requires responsible entities to protect BES Cyber System Information (BCSI) — operational data, network diagrams, configuration files, and physical security information related to BES Cyber Systems.
CIP-013 (Supply Chain Risk Management) requires entities to develop and implement supply chain risk management plans covering software and firmware procurement, vendor access to BES Cyber Systems, and third-party service provider security. The 2025 updates (CIP-013-2) strengthen controls on remote vendor access and require documented verification of software integrity before deployment.
What this means for AI tool usage
If a utility operator uses a public LLM — even ChatGPT Enterprise — to query, summarize, or analyze SCADA network configuration files, substation equipment documentation, BES Cyber Asset inventory and topology, grid operating procedures and incident logs, or vendor communication records about BCSI, they have transmitted BCSI to a third-party service provider. The AI vendor's infrastructure is not inside the utility's electronic security perimeter. This is a documented CIP-011 violation unless the vendor has been through the CIP-013 supply chain review.
CIP-005 (Electronic Security Perimeters) reinforces this. All interactive remote access to BES Cyber Systems must go through a defined ESP with specific security controls. Routing utility operational data through a commercial AI API — even an encrypted one — does not satisfy ESP requirements.
2025 NERC CIP updates: The revised standards — CIP-003-9, CIP-005-7, CIP-010-4, and CIP-013-2 — expand requirements to more assets, including traditionally "low-impact" assets like substations and distributed energy resources (DERs). FERC directed NERC to close gaps exposed by evolving supply chain threats, software vulnerabilities, and expanded remote access patterns. Utilities that have not reviewed AI tool usage against their CIP documentation packages should do so before their next periodic audit.
The penalty structure: NERC CIP violations are assessed per day of non-compliance — not per incident. A utility that has been routing BCSI through a public AI service for six months before an audit faces a penalty calculation that starts at day one of the violation. Penalties are publicly disclosed, which creates reputational exposure in addition to the financial penalty.
Supplier NDAs and Downstream Liability
Every manufacturer with active supplier relationships is operating under a web of confidentiality agreements, quality agreements, and non-disclosure provisions. Most of these agreements contain language that prohibits "disclosure to third parties" — and the AI vendor you are using is a third party.
How AI usage creates NDA breach exposure
A Tier 1 OEM (automotive, aerospace, defense) typically includes provisions in its supplier quality and confidentiality agreements:
- No transmission to third-party services: Supplier technical data, process specifications, and quality requirements shall not be disclosed to parties outside the direct supply relationship.
- Data handling obligations: Supplier shall handle OEM-provided technical data in accordance with the OEM's information protection requirements, which may include ITAR flow-down, DFARS, or customer-specific requirements.
- Audit rights: OEM reserves the right to audit supplier's data handling practices, including IT and AI tool usage against customer data.
When your engineers paste supplier technical data into ChatGPT or Copilot, you have disclosed that data to a third-party AI service in direct violation of these provisions.
Real exposure from named sectors
Automotive (Tier 1 suppliers): Major automotive OEMs (Ford, GM, Toyota, Stellantis) have supplier quality agreements with IP protection clauses that are increasingly being tested in the context of AI tool usage. A supplier found to be sharing manufacturing process data or quality specs with public AI tools faces contract remediation at minimum, and potential loss of preferred supplier status.
Aerospace (defense primes): Lockheed Martin, Raytheon, Northrop Grumman, and Boeing all include ITAR flow-down clauses in their subcontracts. Even if your company is not the prime, your supplier agreements with defense primes may contain the same IP protection language. The NDA breach is a contract matter; the ITAR violation is a federal regulatory matter. They compound.
Defense primes and dual-use technology: Companies supplying dual-use components (semiconductor equipment, advanced materials, precision machining for defense applications) face the sharpest NDA exposure. The technical data from their customers — whether ITAR-controlled or not — is typically clearly marked as confidential. The moment that marked data enters a commercial AI system, the supplier has a documented breach that the customer can prove via a discovery request to the AI vendor.
The compounding problem: Supplier NDA breach exposure doesn't require a regulatory action to become real. Many major OEMs are now asking suppliers to certify their AI tool usage as part of quality audits. Suppliers who cannot certify that controlled data has not been disclosed face corrective action requests, supplier scorecard downgrades, or contract termination.
Where ChatGPT Enterprise and Copilot Fall Short for Industrials
IT professionals at manufacturing and utility companies often assume that ChatGPT Enterprise or Microsoft Copilot represents a legitimate, controlled path to AI adoption. It does not. For industrial companies, these tools fail in five specific ways that create legal exposure.
1. Training data ambiguity is legally fatal for trade secrets
OpenAI's enterprise terms disclaim any confidentiality obligation for data submitted via the API. There is no public commitment that your prompts will not be used to improve future model outputs. The FTC's recent enforcement actions and SEC guidance on AI disclosures have pointed to this ambiguity as a material risk that companies must disclose in financial reporting. For a manufacturer whose process data represents the core competitive advantage, having that data processed by an AI vendor that won't confirm it won't be used for training is not a defensible position.
2. The Samsung pattern is not a consumer story — it's your story
Samsung's semiconductor engineers pasted chip schematic descriptions into ChatGPT. The result was a company-wide ban and an internal investigation. The engineers were not trying to leak information — they were trying to work faster. The same pattern exists in every manufacturing facility in the country: engineers, CNC programmers, and quality technicians using personal or corporate ChatGPT accounts to optimize processes, explain specs, and accelerate work. For Samsung, the consequence was reputational damage. For a defense manufacturer, the consequence is a DDTC investigation, potential criminal referral, and contract termination. Same behavior, different stakes.
3. No air-gap option for ITAR-controlled environments
ITAR requires that technical data not be released to foreign persons. Cloud AI services — OpenAI, Microsoft Azure OpenAI, Google Vertex AI, Anthropic — are either foreign-owned, have foreign subsidiaries, or route data through infrastructure in multiple countries. There is no Azure OpenAI deployment that is categorically ITAR-compliant for controlled technical data without a specific export license and a government-to-government agreement.
The on-premises private AI architecture — a dedicated GPU server running a fine-tuned open-weight model (Llama 3.x, Mistral), isolated from external networks, with all data staying inside the company's own network perimeter — is the only architecture that satisfies the ITAR "U.S. person access only" requirement by design, not by policy.
4. No on-premises deployment for NERC CIP environments
Utilities operating under NERC CIP cannot route BCSI through a cloud-hosted AI service. The CIP-005 electronic security perimeter requirements explicitly cover remote access to BES Cyber Systems. A cloud AI API is not inside the ESP. On-premises or private cloud VPC deployment — with infrastructure that stays inside the utility's security boundary — is the only compliant architecture. ChatGPT Enterprise and Copilot do not offer this option.
5. M365 Copilot has data residency and compliance gaps specific to manufacturing data
Microsoft 365 Copilot processes tenant data through Microsoft's AI infrastructure. For companies using Copilot in environments with ITAR-controlled data in SharePoint, Teams, or OneDrive — engineering drawings, process specs, supplier documents — that data transits Microsoft's AI processing pipeline. Microsoft's commercial agreements and data processing commitments do not provide ITAR compliance guarantees for controlled technical data. A company running M365 Copilot with ITAR-controlled engineering content in SharePoint has the same exposure as personal ChatGPT usage, just with a corporate account.
A "Reasonable Measures" Checklist for Plant and Engineering Leaders
The DTSA requires "reasonable measures" to maintain trade secret protection. Below is a 10-item checklist. If you're checking "no" on three or more, your trade secrets are not protected.
Information Governance
- Your company has a formal, documented data classification scheme (Confidential / Restricted / Public) that is communicated to all employees and applied to engineering documents, supplier data, and operational records.
- Engineering drawings, CAD files, and process specifications are marked with classification labels and access restrictions at the file level, not just the folder level.
- A vendor AI tool policy has been formally adopted with a prohibited/approved list, and all employees have acknowledged it in writing. This policy specifically addresses consumer AI (personal ChatGPT, Gemini) and commercial AI (Enterprise, Copilot).
Technical Controls
- Network controls prevent ITAR-controlled technical data from reaching consumer AI services. This includes URL filtering, data loss prevention tools, and documented exception processes.
- Supplier documents are reviewed for NDA confidentiality clauses and indexed in a way that flags documents requiring restricted access in any AI training corpus.
- AI vendor agreements have been reviewed for data retention and training data provisions. All agreements where the vendor can use your prompts for model improvement should be flagged and reviewed by legal.
Operational Practices
- Incident response procedures exist for AI data exposure. If an engineer realizes they pasted controlled data into a public LLM, there is a documented process: who do they tell, what happens next, what documentation is created.
- Departing employees have their AI tool usage reviewed as part of the offboarding process. Prompts submitted to commercial AI systems during employment should be treated as potential IP disclosures.
- Your IT team maintains an inventory of all AI tools in use across the company — including personal accounts — and the categories of data each tool touches.
- You have a documented audit trail for AI tool usage in regulated environments (ITAR-controlled programs, NERC CIP BCSI handling). For ITAR, this is a compliance requirement. For trade secrets, it is the evidence you will need in court.
The 90-Day Private AI Adoption Path for a Regional Manufacturer
The following is a realistic implementation path for a regional precision manufacturer with 150–400 employees, $30M–$100M revenue, and exposure to both ITAR and supplier NDA requirements.
AI Readiness Assessment
The assessment inventories all AI tool usage across the company, classifies technical data by regulatory exposure (ITAR/EAR, DTSA, supplier NDA), maps tribal knowledge at risk of loss through retirement, and produces a written roadmap with specific findings. This is not optional — you cannot build the right system without knowing what data you have and where it's currently going.
Deliverables: AI tool usage inventory by department, data sensitivity map, ITAR/EAR classification findings, supplier NDA exposure audit, tribal knowledge risk report, implementation roadmap.
On-Premises Infrastructure Build
On-premises GPU server (NVIDIA A100 or equivalent) running an air-gapped open-weight model. The system is deployed inside your network perimeter — no external API calls, no data leaving the facility, no third-party access to any data. This is the only architecture that satisfies ITAR and NERC CIP requirements simultaneously.
Three core capabilities, scoped to your actual operational data:
- Production knowledge assistant: Q&A interface against your SOPs, equipment manuals, tribal knowledge capture, and setup documentation. Built from your own data — it learns your terms, your part numbers, your processes.
- Supplier document Q&A: Natural language search across your supplier quotes, technical packages, and NDA-covered documents. An NDA compliance filter flags and blocks queries that would surface restricted supplier data.
- Quality records search: CMM inspection history, NCR log, FAIRs, and SCAR database in natural language. "Show me all NCRs for aluminum 7075-T6 parts in the last 18 months" — sourced from your actual quality system, not from an engineer's memory.
Operational Handoff and Ongoing Retainer
Model weights and deployment configuration transfer to you — you own the system. Monthly retainer covers GPU server monitoring, quarterly model retraining on updated operational data, new tribal knowledge capture, and security patch management.
The 90-day timeline is achievable for the build phase. The constraint is typically internal IT review and network infrastructure — not our delivery timeline. A company that can get IT sign-off on network isolation within 2–3 weeks can be in production within 90 days of engagement start.
Stop hoping your data stays private. It doesn't.
The moment an engineer pastes a CAD spec into ChatGPT, your trade secret protection is weakened. The moment that CAD spec is for an ITAR-controlled part, you have a regulatory exposure. The moment that spec is in a supplier's document provided under an NDA, you have a contract exposure. These exposures are not hypothetical — they are documented in every audit and every investigation.
We offer a $7,500 AI Readiness Assessment for manufacturing companies — same format as the Precision Components Vermont sample assessment.