From Compliance 1.0 to Compliance 2.0: When Technology Outruns the Law

For decades, export control and compliance frameworks have rested on what might be called Compliance 1.0 — a world built around hardware and materials.

Under this traditional regime, international conventions such as the Geneva Conventions, the Convention on Cluster Munitions, MTCR, and the Wassenaar Arrangement, as well as instruments like ITAR and EAR, have served as the foundation.

The questions were tangible and technical:

• What is the range, calibre, or payload?
• Which state is the end user?
• Who owns and controls the physical equipment?
   

In this model, compliance meant control over the object – a missile, a component, or a platform – and the rules were designed for traceable, physical goods.

That world no longer exists.

Today, defence capabilities are increasingly defined by software, algorithms, and autonomy.

When a single line of code can transform a civilian drone into a military platform, or when AI optimises decision-making on the battlefield, traditional compliance collapses.

In this Compliance 2.0 environment, the core questions have changed:

• Who owns the training data – and where is it stored?
• When does autonomy become a “weapon”?
• How do export control and IP rights interact in joint NATO development projects?
• What happens when a decision is made by a machine-learning model, not a human?
   

Here, compliance is no longer a checklist – it is a strategic capability.

It must be embedded in technology design, contracting, investment, and lifecycle management.

For investors, this shift means that due diligence must go beyond technology and financials to include regulatory maturity.

For producers, compliance must move from a defensive mechanism to an innovation enabler – a foundation for scaling across borders and securing trust from governments and prime contractors.

Those who understand the rules before they are rewritten will hold the trust advantage.

As defence budgets grow and alliances deepen, NATO and partner governments are seeking not only capable technologies, but technologies that can be trusted.

At Schjødt, we assist both venture funds, emerging tech firms, and established producers in navigating this transformation – building legal architectures that meet security law, export control, and AI governance standards.

This is not about compliance as bureaucracy.

It is about compliance as competitiveness – ensuring that innovation, security, and legality evolve together.

“The next generation of defence leaders will not only build technology.
They will build trust – and trust has a legal structure.”