Training Needs for Bridging Export Control and Academic Freedom in AI Research: How Can Malaysian Academia Contribute to AI Governance?

by on with No Comments

Artificial Intelligence (AI) has become a cornerstone of Malaysia’s ambition to emerge as a regional leader in technological innovation. Recent initiatives, including the establishment of specialized AI faculties in top-tier universities, signify a commitment to aligning national capabilities with global advancements. These developments are essential components of Malaysia’s National AI Roadmap, which aims to transform the nation into a hub of AI-driven research and applications. However, alongside this rapid growth comes the responsibility to ensure AI technologies are developed and shared responsibly, with due consideration for ethical, cultural, and security implications. Reflecting on global best practices, I explored how Malaysia’s academic institutions could contextualize these efforts to address both opportunities and challenges in AI governance. This exploration was informed by my participation in the AI Governance course by BlueDot Impact, which deepened my understanding of AI as a dual-use technology and the critical governance challenges it presents.

1.0 Why AI’s Dual-Use Nature Matters

AI technologies span a broad spectrum, including software, algorithms, datasets, computing power, and hardware. These components underpin advancements in autonomous systems, natural language processing, and machine learning. These technology advancements have emerged as a transformative force worldwide, revolutionizing industries such as healthcare, defense, transportation, and communication. However, while they enhance efficiency and problem-solving, these same tools can be weaponized.

1.1 AI in CBRNE and Strategic Domains

AI’s dual-use nature becomes particularly pronounced in areas such as Chemical, Biological, Radiological, Nuclear, and Explosives (CBRNE) technologies, where its capabilities can enhance or endanger global security.

•      Chemical and Biological Applications: AI accelerates advancements in drug discovery, models chemical reactions, and analyzes biological systems. However, these technologies can be misused to create chemical or biological weapons, making oversight critical.

•      Radiological and Nuclear Systems: AI-driven tools improve safety and operational efficiencies in nuclear facilities but could be exploited to compromise security protocols or optimize the design of nuclear weapons.

•      Defense and Explosives: AI supports predictive analytics, autonomous systems, and surveillance, offering strategic advantages in defense. Yet, the same capabilities can be weaponized to develop and deploy advanced weaponry.

1.2 Software and Data as Strategic Technologies

At the core of AI’s functionality lies its reliance on software and data, positioning these elements as strategic technologies. These components are integral to AI’s operation, supporting applications across sectors, yet their dual-use potential demands stringent control:

•      Dual-Use Potential: Software, such as machine learning algorithms, enhances civilian applications like healthcare or industrial optimization but could be weaponized for malicious purposes such as cyberattacks or military applications.

•      Intangible Technology Transfer (ITT): The sharing of software and datasets through collaborative research or open-source platforms introduces risks of inadvertent technology transfer to hostile actors.

•      Enabling Advanced Technologies: Software and data form the backbone of critical technologies, including robotics, cryptographic systems, and autonomous vehicles, making them pivotal in areas with dual-use implications.

The risks associated with AI’s dual-use nature extend beyond isolated misuse to broader national and global security concerns. AI technologies can facilitate cyberattacks, misinformation campaigns, and the development of autonomous weapons systems, amplifying their strategic implications. The potential for intangible technology transfers exacerbates these risks, as knowledge sharing through publications, collaborations, and open-source repositories may unintentionally empower adversarial actors. Mitigating these risks requires robust regulatory frameworks that not only address the technology’s complexities but also ensure its benefits are harnessed responsibly. This balance between maximizing AI’s potential and safeguarding against its misuse remains one of the most pressing challenges for policymakers, researchers, and institutions alike. A report that analyses the threats, trade linkages and mechanisms, and policy options in relation to the dual use of AI technologies and applications can be accessed here: Artificial Intelligence and Strategic Trade Controls.

2.0 Export Control Governance: Learning and Contextualizing

Export control is an essential policy instrument in ensuring that dual-use technologies are not misused. During the training, I explored how countries like the United States and United Kingdom, or economies like the European Union, govern these challenges through comprehensive compliance frameworks. Their approaches revealed valuable lessons, including the need for clear regulatory guidelines, institutional support systems, and regular training initiatives. These frameworks ensure that countries or economies establish robust measures to prevent the misuse of technologies that could threaten national and global security.

2.1 Strategic Trade Act (STA) 2010

At the national level, Malaysia implements its Strategic Trade Act (STA) 2010, which governs the export, transshipment, and transfer of strategic goods and technologies, encompassing both tangible and intangible transfers. This Act is implemented under the jurisdiction of the Ministry of Investment, Trade and Industry (MITI).

AI technologies, though not explicitly mentioned in STA 2010, fall under the Act’s broad scope, as they are increasingly integrated CBRNE domains and depend heavily on software and data—components recognized globally as strategic technologies. The regulation of these components is essential to prevent both tangible technology transfers (TTT) and intangible technology transfers (ITT).

•      TTT: These involve the physical movement of goods, such as exporting AI hardware like advanced robotics, chips, or sensors. Compliance in tangible transfers requires documentation, licensing, and adherence to customs regulations.

•      ITT: ITT includes the non-physical transfer of technology, such as sharing AI algorithms, source code, datasets, or expertise. This can occur through research collaborations, consultancy projects, or open-source publications. ITT is particularly challenging to regulate because it often occurs informally or unintentionally through digital platforms or academic engagements.

2.2 Contrasting Compliance Dynamics: Industries vs. Academic Institutions

STA 2010 is applied to both industries and academic institutions, recognizing that both sectors play pivotal roles in handling dual-use technologies. However, industries and academic institutions operate under fundamentally different frameworks when handling dual-use technologies, resulting in unique challenges for ensuring export control compliance. Unlike industries, which typically function within centralized and structured systems, academic institutions are decentralized environments where researchers often have significant autonomy over their collaborations, research outputs, and dissemination practices.

The academic culture of “publish-or-perish,” combined with an emphasis on open access and extensive international collaborations, amplifies the risks associated with ITT. For example, sensitive algorithms, datasets, or AI tools shared through research publications or consultancy projects can unintentionally be accessed and misused by unauthorized parties. Furthermore, the presence of international students and visiting researchers adds complexity to maintaining compliance, as they may introduce cross-border risks in sharing or applying dual-use technologies.

Industries, in contrast, tend to have well-established compliance systems that align with their transactional and regulated operations. Most industries have undergone structured training and awareness programs, enabling them to adopt mature export control practices. These systems ensure documentation, licensing, and risk assessments are seamlessly integrated into their workflows. This maturity has been achieved partly through targeted outreach programs conducted earlier by the MITI through the Malaysia Strategic Trade Control Community (MYSTCC), which focused on building capacity for managing export control compliance across various dual-use technologies. However, the same level of compliance readiness is often lacking in academic institutions, which operate with less direct oversight and more fluid interactions.

2.3 MITI’s Outreach to Enhance Export Control Compliance

Recognizing these disparities, MITI has expanded its outreach efforts to academic institutions to bridge the compliance gaps. While industries have largely matured in export control governance, academia presents unique challenges that require tailored interventions. MITI’s outreach programs aim to increase awareness of the STA 2010 and provide training tailored to the dynamics of academic environments. Relevant to their role that focuses all categories of exports, these programs have historically addressed dual-use technologies broadly and were not designed with a specific focus on Artificial Intelligence (AI).

This lack of focus on AI highlights a critical gap in current outreach efforts. AI technologies differ significantly from traditional Chemical, Biological, Radiological, Nuclear, and Explosives (CBRNE) domains, where dual-use risks often require substantial resources, specialized labs, and materials. In contrast, AI’s accessibility allows it to be developed and misused with minimal resources, such as open-source tools and datasets. The widespread applicability of AI—ranging from healthcare and defense to education and entertainment—makes it uniquely susceptible to misuse by a broad spectrum of actors, including those without significant technical infrastructure. This ease of access underscores the urgency of addressing AI-specific risks within Malaysia’s export control framework.

Given these distinctions, one-size-fits-all outreach programs are insufficient. While industries may benefit from updates to their already robust compliance systems, academic institutions require targeted approaches that consider their decentralized nature and emphasis on collaboration. For academia, the focus should include:

•      Developing niche-specific training modules tailored to different research disciplines, particularly AI.

•      Establishing institutional compliance support systems to assist researchers in understanding and adhering to STA 2010 requirements.

•      Promoting ethical guidelines that balance academic freedom with regulatory compliance.

By focusing on these initiatives, MITI can foster a culture of responsibility in academic institutions while reinforcing the maturity of compliance systems in industries. With AI continuing to be a transformative yet accessible technology, specialized outreach and training for its governance will play a crucial role in ensuring that Malaysia remains a global leader in innovation while safeguarding national and global security.

3.0 Global Best Practices: Adapting Lessons for Malaysia

Export control compliance training for researchers varies significantly across regions, reflecting differences in regulatory frameworks, institutional cultures, and policy maturity. United States, United Kingdom, and European Union have established robust practices that provide valuable benchmarks for Malaysia. These practices offer insights into addressing the challenges associated with dual-use technologies, particularly AI.

3.1 United States: Comprehensive and Modular Training

In the United States, export control compliance is governed by the Export Administration Regulations (EAR) and the International Traffic in Arms Regulations (ITAR). These regulations place responsibility for compliance on both institutions and individual researchers. Violations can result in severe penalties, including fines and imprisonment, which underscores the importance of robust training programs.

American universities implement modular and mandatory training programs tailored to specific roles and research contexts. Examples of training modules include:

•      Introduction to Export Compliance

•      Export Compliance for Researchers and Research Administrators

•      Export Compliance and Collaborations

•      Export Compliance for International Shipping

Institutions such as the University of Central Florida (UCF) mandate biennial training for personnel working with ITAR-controlled or EAR-controlled technologies. Similarly, the University of Connecticut (UConn) requires annual certification for researchers involved in export-controlled projects. These programs not only ensure regulatory adherence but also foster a compliance-oriented culture.

Key features of U.S. training programs include:

•      Role-Specific Modules: Tailored content for researchers, administrators, and operational staff ensures that training is relevant to individual responsibilities.

•      Regular Certification: Frequent recertification keeps participants updated on evolving regulations

•      Practical Scenarios: Case studies and research-specific examples highlight risks, particularly for intangible technology transfers (ITT).

3.2 United Kingdom: Integration with Research Integrity

The United Kingdom adopts a different approach, emphasizing the integration of export control compliance within research ethics and governance frameworks. Under the oversight of the Export Control Joint Unit (ECJU), institutions such as the Alan Turing Institute align compliance with broader ethical responsibilities.

Key elements of the UK approach include:

•      Targeted Awareness: Training programs focus on high-risk disciplines, including AI, chemical engineering, and defense-related technologies.

•      Ethical Alignment: Compliance is positioned as an integral part of responsible research practices, rather than an administrative burden.

•      Individual Responsibility: Researchers are informed about the personal consequences of non-compliance, including fines and imprisonment.

By framing compliance as a component of research integrity, the UK ensures that researchers view it as a shared responsibility that aligns with institutional values.

3.3 European Union: Tailored and Multi-Level Training

The European Union emphasizes Internal Compliance Programs (ICPs), requiring training tailored to the diverse needs of researchers, administrators, and support staff involved in export-controlled activities. Training programs are structured at three levels:

•      General Awareness: Basic training to raise awareness among all staff and students.

•      Targeted Training: Specialized courses for scientific and administrative staff handling sensitive projects.

•      Customized Modules: Department-specific training for research areas with significant dual-use implications.

EU guidelines encourage institutions to regularly update training materials to reflect changes in regulations and technological advancements. Moreover, embedding export control topics into the curricula of sensitive disciplines fosters a proactive approach to compliance from an early stage.

3.4 Adapting These Practices for Malaysia

Drawing from these examples, Malaysia can enhance its academic and research institutions’ export control awareness and compliance mechanisms. Implementing localized training programs that integrate elements of these global practices can:

•      Raise awareness of dual-use risks, particularly for intangible transfers in collaborative research.

•      Align compliance initiatives with broader research governance and ethics frameworks.

•      Develop tiered training programs that address the specific needs of Malaysian researchers.

By adopting these best practices and contextualizing them to Malaysia’s unique environment, the nation can build a comprehensive framework that promotes responsible AI research and safeguards national security.

4.0 A Training Needs Analysis Framework for Malaysia’s AI Researchers

The challenges of export control compliance in Malaysian academia require tailored solutions that reflect the local governance structure, academic culture, and policy maturity. To address these challenges, a Training Needs Analysis (TNA) serves as a foundational step toward developing a localized export control training module, particularly for AI researchers.

The TNA framework integrates two complementary approaches:

•      Institutional Theory: Focuses on organizational norms, governance structures, and institutional policies that influence researchers’ behaviors.

•      Knowledge-Attitude-Practice (KAP) Model: Examines individual-level dynamics, including researchers’ knowledge, perceptions, and practices related to export control compliance.

This integration ensures a comprehensive understanding of both institutional and individual dimensions of compliance, enabling the design of training modules that address specific gaps and challenges.

4.1 Institutional Theory: The Role of Universities

Academic institutions in Malaysia often operate within decentralized systems where researchers have significant autonomy over their work. This autonomy, combined with the culture of “publish-or-perish,” can create challenges for ensuring compliance with export control regulations. Institutional Theory provides a framework for analyzing:

•      How governance structures influence compliance behaviors.

•      The adequacy of institutional support systems, such as training programs and clear guidelines.

•      Cultural norms that shape researchers’ attitudes toward compliance.

By identifying gaps in institutional support, this approach highlights areas where universities can strengthen their role as gatekeepers of responsible research.

4.2 KAP Model: Understanding Researcher Behavior

The KAP model focuses on the individual behaviors of researchers by examining:

•      Knowledge: Awareness of export control regulations and their implications.

•      Attitudes: Perceptions of compliance and its alignment with academic freedom.

•      Practices: Actual adherence to export control requirements.

This model helps uncover areas where researchers may lack understanding or motivation. For example, if compliance is perceived as a barrier to collaboration, training modules can address these concerns by demonstrating how responsible practices align with ethical research goals.

4.3 Localization and Practical Application

The combined application of Institutional Theory and the KAP model provides a dual focus:

•      At the institutional level, it informs policy development and the creation of supportive governance systems.

•      At the individual level, it guides the design of training programs that build researchers’ capacity for compliance.

This approach ensures that the TNA framework is not only comprehensive but also actionable, paving the way for the development of export control training modules that align with Malaysia’s specific needs.

5.0 What Are the Training Needs of Malaysian Researchers? Participate in This Survey

Grounded in a robust theoretical framework, as well as insights from policy, legal documents, and previous research, a questionnaire survey has been meticulously developed to explore the training needs of researchers, particularly those engaged in AI-related research. This survey is a vital step toward understanding and addressing the unique challenges faced by researchers in balancing export control compliance with academic freedom.

While this document is designed for researchers in Malaysia, most of its items and questions are broadly applicable to researchers specifically who develop, produce, research, integrate, or apply AI in their research settings. The survey focuses on:

•      Identifying gaps in awareness and compliance with export control regulations.

•      Exploring the challenges faced by researchers in managing intangible technology transfers.

•      Informing the development of training programs tailored to Malaysian academia.

Click here to take the survey or scan the QR code below to join.

6.0 Conclusion

The AI Governance course by BlueDot Impact not only provided transformative insights into the dual-use nature of AI but also guided my exploration of policy and training solutions to address these challenges in the Malaysian context. This journey represents more than just a starting point—it serves as a call to action for cultivating a culture where responsibility and innovation coexist harmoniously in AI research.

By building on this foundation and developing tailored, comprehensive training modules, Malaysia can position itself as a regional exemplar in responsible AI governance. Researchers hold the key to this future; their perspectives and collaborative efforts will shape policies that balance academic freedom with national and global security. Together, we can chart a path for Malaysia to be recognized as a responsible and forward-thinking advocate for ethical AI development in the developing world. I am eager to collaborate with my peers to realize this essential vision.

Leave a Reply