Get App
Download App Scanner
Scan to Download
Advertisement

Building Resilience In The Age Of Export-Controlled AI

The Anthropic restriction highlights AI concentration risks as RBI-regulated banks and NBFCs increasingly depend on US-based LLMs for critical operations.

Building Resilience In The Age Of Export-Controlled AI
Anthropic's AI restrictions expose risks for Indian banks relying on US-based LLM providers.
Photo Source: NDTV Profit/AI generated image

By L. Viswanathan and Kush Wadehra (Partners at Cyril Amarchand Mangaldas)

On June 12, 2026 basis a directive from the US administration, Anthropic PBC ("Anthropic"), barred non-US customers from accessing Fable 5 and Mythos 5, the most advanced LLM platforms functioning under the Claude universe. This follows the "Framework for Artificial Intelligence Diffusion" introduced by the US government in January, 2025 which establishes a destination-based licensing architecture.

Under this regime, clients based in countries which are not 'close U.S. allies' (i.e., states which have implemented adequate export control and advanced computing governance frameworks - India is not on this list) may be denied access to advanced models on a case-by-case basis. These actions highlight that concentration of AI development in the US provides effective control to the US administration to allow selective access to the most advanced AI models.

While the cause, on this occasion, was a regulatory directive, a cyberattack or vendor insolvency or a contractual dispute could all bring into focus the business-continuity plans of enterprises, especially regulated financial institutions, which are deploying these tools.

ALSO READ | 'Ordered Us All To Like, Hold Hands': Anthropic CEO Calls India AI Summit Super Disorganised

Many banks and NBFCs in India are expanding credit reach due to near-instantaneous AI-enabled credit risk decisions, but impacted use cases in regulated Indian institutions ("RE") could also include KYC and AML monitoring, stressed cases and fraud detection, customer grievance redressal and investment decisioning (both proprietary and advisory services) . 

A majority of these REs are utilising wrappers on underlying models developed in the US (ChatGPT, Copilot, Gemini) through API access. These arrangements are largely enabled through API-based LLM agreements (akin to traditional licensing agreements). 

AI integration for the use-cases discussed would be considered to be 'outsourcing', under applicable RBI regulations  and depending on the level of integration and dependence could be considered 'material outsourcing', thereby requiring a half-yearly review by the board, with senior management having to undertake periodic assessments. The RBI expects  banks to assess exit strategy risk; country risk; and concentration and systemic risk for all outsourcing arrangements. 

The Anthropic incident could trigger all the categories of risks mentioned above, thereby requiring institutions to develop mitigation strategies for such a scenario. The RBI specifically requires that RE's, "in establishing a viable contingency plan, a bank shall consider the availability of alternative service providers or the possibility of bringing the outsourced activity back in-house in an emergency, and the costs, time, and resources that would be involved".

A solution of moving such an activity in-house would not be feasible for the current scenario, as:

1. Banks have not and may not invest in directly building compute hardware to run the LLMs locally and using outsourced compute would be cost prohibitive; and

2. API licensing arrangement with frontier model developers would typically contain accepted carve-outs for a direct regulatory direction, as in the case of Anthropic . While banks may have developed unique "wrappers", the underlying 'brain' of the operation remains a licensed intellectual property, access to which could be subject to usage restrictions arising out of both, regulatory reasons, as was the case here, or counterparty risk i.e., Anthropic, absent of any specific BIS order, could choose to anyway implement certain restrictions for an identified subset of customers.

ALSO READ | LTM Launches Board-Ready Framework BlueVerse RightLogic To Counter AI-Driven Cyber Threats

Institutional AI governance is a baseline standard, requiring a board-approved policy covering governance structure, accountability, and model lifecycle management.  The risks that boards of REs ought to have been working through since the advent of modern LLMs are now materialising. Institutions must assess concentration risk, at an individual, operational level, across their AI deployments and maintain formal, documented oversight records for each critical system, updated periodically.

The RBI too must actively understand any dependencies, at a sectoral level, to ensure that no single AI service provider is essentially rendered 'too big to fail', by posing a systemic risk. While these would be ongoing measures to minimise impacts of such an outage in the future, the RBI and the industry must look to build long-term systemic resilience through a combination of:

a. Encouraging utilisation of existing indigenous alternatives by regulatory directives: The Anthropic restriction is applicable only to the most advanced models available i.e. Fable 5 and Mythos 5. Access to the older models continues uninterrupted. Therefore, REs may assess specific, limited use cases where advanced models would be required, thereby creating an internal grading allowing routine processes being automated by AI to continue to operate on the relatively less complex models, which can be run locally and developed in India; 

b. Model localisation: Introduce regulations for REs requiring them to utilise only 'on-shore' compute and models, similar to the data localisation regime. The expectation would be for these requirements would flow to the frontier model developers through their contractual arrangements with the REs; and

c. India-focused development: The banking sector previously has come together to implement systemic upgrades to reduce dependency on offshore service providers in critical areas, such as establishment of 'Rupay' as an alternative to existing card networks and UPI, for enabling domestic rails for retail transactions/ transfers. A similar approach may be adopted for development of indigenous LLMs, specifically trained on the India data-stack, which may deliver more accurate outcomes for the REs, albeit with upfront investment requirements both in development and compute.

While the risks posed by such a usage restriction would apply to all customers, from various sectors, which are utilising such AI tools, REs play a critical role in the functioning of the domestic economy. Accordingly, the implications and mitigation plans of REs may be required to be more calibrated to the regulatory expectations, given this systemic role.

Disclaimer: The views expressed in this article are solely those of the author and do not necessarily reflect the opinion of NDTV Profit or its affiliates. Readers are advised to conduct their own research or consult a qualified professional before making any investment or business decisions. NDTV Profit does not guarantee the accuracy, completeness, or reliability of the information presented in this article.

Essential Business Intelligence, Sharp Market Insights, Practical Personal Finance Advice, Daily Fuel, Gold and Silver Prices and Latest Stories — On NDTV Profit.

Newsletters

Update Email
to get newsletters straight to your inbox
⚠️ Add your Email ID to receive Newsletters
Note: You will be signed up automatically after adding email

News for You

Set as Trusted Source
on Google Search
Add NDTV Profit As Google Preferred Source