ITAR / EAR compliant OpenAI API

I am helping one of my companies to become compliant with ITAR. This is the import-export regulation (similar to EAR, but a bit stricter, if I’m understanding this correctly).

The company’s employees currently use ChatGPT via the website and also the OpenAI API via VS Code’s Copilot. I am trying to figure out if they can continue to use either of these.

Is there an ITAR compliant version of ChatGPT? And is there an ITAR compliant API for GPT-4o? I understand that we can request zero data retention (ZDR) for eligible endpoints. This can help a company meet HIPPA compliance, for example. However, there are stricter requirements for ITAR.

If the answer to both of my questions is no, then do you know if Microsoft “Azure for Government” offers a version of the GPT-4o API within that suite? (I’ll try to reach out to Microsoft on this but I figured I’d also ask it here).

Welcome to the community!

I’d encourage you to head over to azure and talk to their support - they’ve always been super timely and expedient with this sort of stuff. I don’t think it’s a question of if they can do it, but rather of money and availability.

If you want to stick with OpenAI, you’ll have to contact their sales team. https://openai.com/contact-sales/

The fastest way to become compliant here is to self-host, although there’s a bunch of license gotchas and client expectations you need to weed through.

You have a potentially long and expensive road ahead of you! Good luck!

Thanks for your note. I pinged OpenAI sales so hopefully I’ll hear back soon, but I also thought I am probably not the only one looking into this so maybe someone will come out of the woodwork and be able to share how they solved this.

Yeah, as mentioned, the fastest and most expedient way is self-hosting, that’s what we did for a specific client.

Good luck though! Do post your experience if you manage it though the openai/azure route and end up being able to talk about it

Actually, I appreciate you chiming in to clarify. You can self-host the GPT-4o LLM somehow? I may be misunderstanding something because I thought that was only possible to self-host with open source LLMs like Llama. Maybe you meant you’re using an open-source LLM for your specific client?

Yes, that’s sort of what I meant.

I can’t go into details without talking about proprietary competitor products but that’s probably violates this forum’s decorum.

I’m saying that there are competitive products out there that can meet different requirements with different times and costs to implementation, and (according to me) GPT through OpenAI sits in a certain corner of that matrix.

That said, Microsoft for government does indeed now offer normal and PTU instances for certain models for azure government. Whether that’s sufficient for your client, I dunno. Azure OpenAI in Azure Government - Azure OpenAI | Microsoft Learn

Then there’s the obvious consideration regarding who can use what systems in what context for which purposes - the low cost option being to simply prohibit the use of LLMs altogether. It’s possible that your client might be able to achieve compliance through training alone - but that’s not what you asked