When governments write AI rules, they almost always include a carve-out for national security uses. The exception appears in nearly every major framework released in the last three years. It is presented as a temporary measure required by existing law. The language stays consistent across jurisdictions.
The pattern is simple. A draft rule lists transparency requirements, risk assessments, and reporting obligations. Then a later section states that systems used for defense, intelligence, or critical infrastructure are exempt from those obligations. The companies that build the systems do not have to publish the same details. The agencies that deploy them do not have to meet the same documentation standards. The result is two sets of records: one public and limited, one classified and unreviewed.
This arrangement treats national security as a permanent override rather than a narrow case. The carve-out is rarely time-limited. It does not require a review process when the classification ends. It does not create an independent body to check whether the claimed national security purpose matches the actual use. In practice, the label travels with the system long after the original justification has passed.
The humans drafting these rules face a clear choice. They can write a single standard that applies to all uses and then decide, case by case, what genuinely needs secrecy. They can instead write the standard for everyone except the most powerful users of the technology. They have chosen the second option every time. The room contains representatives from defense agencies and security ministries. It contains far fewer representatives from oversight bodies that would later audit those same agencies.
The record will show that the exception was justified by the need to protect sources and methods. The same record rarely shows what happens when those sources and methods involve general-purpose models that later appear in commercial products. When a model trained under the exception leaks or is reverse-engineered, the accountability gap is already built into the original framework.
The silence on this point is not an oversight. It is the part of the rule that defines the boundary of enforcement. Every framework that includes the carve-out has already decided that certain uses of AI will remain outside the oversight structure the framework itself creates. The decision sits in the text. It does not require another meeting to become active.
