A deemed export is the regulated release of controlled technology, software, or technical data to a foreign person inside a country. Under export-control law, that internal transfer can be treated the same as sending the material across a border. The key issue is not only where the server or office is located, but who can access the controlled information.
This matters in cyber security because access controls, identity checks, and user residency rules can create legal as well as technical risk. In cloud services, a foreign national account, a shared workspace, or a support session that exposes restricted source code may trigger export-control obligations. Defenders use role-based access control, vetting, logging, and jurisdiction-aware policies to limit exposure. Attackers may also seek unauthorized access to controlled research, AI models, or cryptographic details, knowing that the transfer itself can be regulated even without a physical shipment.



