AI security demands legal deterrence not just technological innovation
by KaiChieh KJ Hsu · The Washington TimesOPINION:
From the national security bench in Taipei, I have seen firsthand that modern espionage often begins with weaponized ambition inside firms and research centers.
The artificial intelligence contest will hinge less on who builds faster chips than on which legal systems can adapt and coordinate the fastest. High-level summits between politicians may set the diplomatic tone, but the real contest will now play out in export controls, investment reviews and evidentiary rules.
In 2025, three engineers at TSMC were charged with leaking data on the 2-nanometer chip, a technology capable of cutting AI power consumption by roughly 20%. The case underscored how economic espionage has moved from isolated incidents to a systemic risk within the semiconductor supply chain.
Taiwan’s 2022 reform was an important step in combating a rising tide of technology leaks, but the TSMC case exposed how democratic legal systems often move too slowly. Compliance within Taiwan’s semiconductor ecosystem remains shaped more by U.S. government controls than by proactive domestic regulation.
That gap is where economic espionage grows.
In early 2025, a Google engineer in California was indicted on charges of stealing data from an AI model. That case exposed a deeper weakness. Even in the U.S., which is widely regarded as having one of the most comprehensive legal architectures, the law still struggles when the asset in question is an algorithm or a “model-weight bundle.”
This is because the traditional trade secret statutes were not built for new kinds of AI assets. Without a real-time alert and evidence-preservation system that spans jurisdictions, critical data can be exfiltrated and erased before investigators even begin.
The TSMC leak showed how regulatory gaps inside democratic supply chains can become national vulnerabilities. The Google case revealed the same weakness from another angle.
Advertisement Advertisement
System vs. system
Both democracies and authoritarian regimes recognize law as a strategic instrument, but they wield it in opposite directions.
In the former, the law aims to protect the public interest and the integrity of institutions. The U.S. is moving from ethics-based AI governance to deterrence-based governance as a preemptive defense regime takes shape.
Export controls on advanced graphics processing units, the chips that train large AI models, have become a strategic chokepoint. By constraining access to training-class graphics processing units and advanced packaging flows, controls increase the time and capital required to replicate frontier model capability, deterring acquisition by making it uneconomical and slow.
Europe has articulated its own version of responsible sovereignty. The European Union’s AI Act and Chips Act treat semiconductors and data as strategic public assets governed by law rather than by markets alone.
Advertisement Advertisement
Japan also has recently tightened its economic security laws governing advanced manufacturing.
In authoritarian systems, law serves not to deter, but to compel. The Chinese Communist Party has adopted the same legal playbook and inverted it. An expanded counterespionage law, bounties targeting Taiwanese personnel and export controls on rare earths and high-end magnetics operate as coercive legal leverage.
What Washington frames as defense, the Chinese Communist Party wields as compulsion.
How to create legal deterrence
Advertisement Advertisement
To keep their edge, democracies need legal resilience that moves faster than infiltration strategies. They must address three structural gaps.
First, regulation trails economic security realities. Many jurisdictions still rely on punishing spies after the fact rather than building proactive controls around the riskiest technologies, datasets and roles.
Second, remedies arrive too late, and cross-border evidence gathering is slow.
Third, investment screening still focuses too narrowly on ownership and jurisdiction, missing the practical questions of technology control, supply chain leverage and ultimate beneficiaries.
Advertisement Advertisement
To close these gaps, democracies must first secure the human chain. A trusted talent security regime should treat high-risk AI and semiconductor expertise as access to critical infrastructure. That means background disclosures, transparent reporting of side employment, longer noncompete protections and targeted incentives that make compliance credible.
Second, they must build a democratic tech alert network. Create a 24-hour leak alert and evidence-preservation system that links prosecutors, courts and cyber agencies among like-minded partners.
Third, they need to forge a “tech NATO,” a legal framework among the U.S., EU, Taiwan and other key partners and allies to link judicial cooperation, investment screening focused on control and beneficial ownership and supply-chain security oversight.
Together, these mechanisms would weaponize legality and move faster than infiltration.
Advertisement Advertisement
AI will not topple democracy, but hesitation might. In this contest, law is the one frontline that democracies cannot afford to lose.
• KaiChieh KJ Hsu serves on the national security bench at the Taipei District Court, handling espionage and foreign infiltration cases.