A frequent concern expressed by third parties and investors entails Iron Horse Holdings' intellectual property. Specifically, how the Company's international model has IP exposure by building AI capability and deploying it in foreign jurisdictions. This logic leads to concerns that such an approach creates regulatory liability under US export control law, creates ownership ambiguity over resulting work product, or puts the company in a legally precarious position if a foreign government relationship sours.

Each of these concerns reflects a reasonable assumption about how technology companies typically structure international operations. From inception, Iron Horse has worked with a holistically different approach. The Company's model is architecturally different in three respects that, taken together, reduce the risk profile substantially below what conventional technology company analysis would suggest.

The three discrete risk concerns are:

• Reverse engineering or alternative sourcing specific to military weapons platform sustainment creates government IP risk.
• Serving both commercial industrial sectors and defense sectors creates risk.
• Traditional technology company IP licensing concerns apply to this model.

When a US technology company enters a foreign market, it typically does one of three things: licenses its software to a local entity, retaining ownership of the underlying IP and collecting royalties or license fees; establishes a local subsidiary that deploys a product the parent company owns and controls; or enters a government-to-government arrangement where controlled technology is transferred under a specific authorization.

Each of these structures creates the exposure investors worry about. A license can be challenged, copied, or refused enforcement under local IP law. A subsidiary deploying parent-owned technology creates deemed export exposure the moment foreign nationals interact with controlled software or data. A government-to-government transfer requires navigating ITAR, EAR, and the entire US export control licensing apparatus.

These structures are why investors ask the question. They are the right question to ask about a conventional technology company entering a foreign defense-adjacent market.

Iron Horse does not license software into foreign markets. It does not deploy a parent-owned product through a local subsidiary. It does not transfer controlled technology under an export license.

What Iron Horse does is establish a locally owned, locally incorporated entity in the host nation, staffed by citizens of that nation, that builds a bespoke solution from the ground up inside the host jurisdiction. Iron Horse contributes institutional knowledge, methodology, and human expertise. The resulting capability belongs to the local entity from its first line of code.

Iron Horse personnel enter a host nation as people carrying expertise. That expertise reflects years of accumulated institutional knowledge about how industrial AI systems should be architected, how data needs to be secured under host-nation law, how capability needs to be scoped to the specific industrial context, and how to move from concept to operational capability at speed and scale. None of this expertise exists as a document, a software package, or a transferable artifact.

This is a meaningful distinction in the export control context. ITAR and EAR regulate the transfer of controlled technical data, defense articles, and controlled commodities. They regulate oral transfers of controlled technical data to foreign persons. They do not regulate general expertise in systems architecture, project management, and industrial AI design — knowledge not reducible to a specific controlled item or data set.

The new local entity established in the host nation — incorporated under host-nation law and owned and operated by host-nation citizens — owns everything created from the point of its establishment forward. The code written by its engineers is its IP. The data architectures designed for its specific context are its IP. The analytical systems it builds to support its clients are its IP.

Iron Horse holds no license over this work product. It has no right to revoke access, no ability to remotely disable the system, and no IP claim that travels back to the United States. The host-nation entity is an independent company that Iron Horse helped create, whose capability Iron Horse helped architect, and whose engineers Iron Horse helped develop.

For investors, this means there is no IP asset sitting in a foreign jurisdiction that US law or a hostile foreign government could threaten. The risk that a foreign government relationship changes and strands a licensed technology deployment does not exist in this structure, because Iron Horse has no licensed technology deployed.

The local ownership structure satisfies host-nation regulatory and commercial requirements. It does not remove investors from the economic picture. Iron Horse holds an equity stake in each country entity alongside its local owners. An investment in Iron Horse provides proportional exposure to every sovereign deployment, country by country, as the portfolio grows.

The structure resembles a holding company with operating entities in each jurisdiction, each partially locally owned for regulatory and commercial reasons, rather than a software company licensing into foreign markets. Investors participate in the compounding value of each deployment through Iron Horse's equity position, not through a licensing model that creates the IP exposure this paper addresses.

Iron Horse's international expansion operates on two distinct tracks, each appropriate to a different market profile.

A sovereign build model only creates durable value if the capability becomes self-sustaining. A host-nation entity that reaches operational independence is a sovereign capability. One that retains ongoing Iron Horse advisory presence is a consulting engagement. The commercial and IP implications of that distinction are real and deliberate.

Iron Horse's answer to the sustainability question is SADE and SIROS — the two foundational AI systems that enable industrial intelligence. SADE and SIROS are developed at Knudsen Institute, Iron Horse's sister nonprofit entity. As each system reaches commercial viability, it transfers to Iron Horse at the corporate level. Internationally, they serve as the blueprint. Iron Horse personnel carry the knowledge of how these systems are built and guide each in-country team through a ground-up build tailored to their specific context. The technology stays in the United States. The knowledge of how to build it travels with the people.

The International Traffic in Arms Regulations (22 CFR Parts 120–130) regulate the export and import of defense articles, defense services, and related technical data appearing on the United States Munitions List. The Export Administration Regulations (15 CFR Parts 730–774) regulate dual-use items and technology with both commercial and military applications.

ITAR applies when Iron Horse personnel interact with USML-listed items, when technical data related to USML items is transferred to a foreign person, or when defense services are provided to foreign governments or nationals in connection with USML-listed articles. It does not apply to industrial AI systems built to serve a commercial supply chain, an offshore energy company, or a general sovereign industrial intelligence capability with no nexus to USML-listed items.

Palantir Technologies provides the clearest and most scrutinized precedent for this approach. Palantir operates across commercial industrial clients, US government agencies, and allied nation defense programs simultaneously, using the same foundational platform architecture across all of them. Its regulatory posture varies by deployment, not by product.

Palantir's Foundry platform serves commercial clients across manufacturing, healthcare, energy, and financial services globally. The same Foundry platform serves US government agencies including the Department of Defense, where it carries FedRAMP authorization and classified environment certifications appropriate to that context. Gotham, Palantir's investigative and intelligence platform, serves defense, intelligence, and law enforcement agencies with the security certifications those deployments require.

The regulatory controls follow the use case and the data, not the product label. A Foundry deployment serving Airbus's commercial supply chain carries commercial data governance. A Foundry deployment serving a DoD agency in a classified environment carries the appropriate classified controls. The same platform, different regulatory posture, determined by what data it touches and what mission it serves.

This is not Palantir avoiding ITAR or export controls. It is Palantir applying them precisely where they apply and not applying them where they do not. That precision is the model. Iron Horse's approach is the same.

SADE (Semi-Autonomous Data Engine) and SIROS (Semantic Industrial Reasoning OS) are developed at Knudsen Institute, Iron Horse's sister nonprofit entity. As each system reaches commercial viability, it transfers to Iron Horse at the corporate level. Within the United States, Iron Horse deploys them directly.

Internationally, the model is different by design. Iron Horse personnel carry the institutional knowledge of how these systems are architected, built, and operationalized. In each country, a new version is built from the ground up by the local entity's own engineers, under Iron Horse guidance, tailored to that country's regulatory environment, data landscape, and industrial context.

The US-developed systems stay in the United States. The knowledge of how to build them travels with the people.

The deemed export framework under 22 CFR 120.17 and 15 CFR 734.13 is concerned with the transfer of controlled technical data and technology to foreign nationals. A system that never crosses a border — physically or digitally — sits outside that framework.

Each in-country SADE and SIROS is a locally built, locally owned system. It shares architectural principles with the US originals. It shares no code, no data, and no direct connection. Iron Horse transfers no technology. The local entity receives no license. There is nothing to export.

The ITAR question that applies to this structure is narrower: whether the guidance Iron Horse personnel provide during the build constitutes a transfer of controlled technical data. When that guidance concerns commercial industrial systems with no USML nexus, the answer is no. When the work eventually touches defense sustainment applications, appropriate controls apply at that point.

Iron Horse owns institutional knowledge that cannot be fully documented. The approach to architecting industrial AI systems for sovereign deployment, the methodology for identifying what a host nation's industrial AI capability should do and how it should be structured, the judgment about data security, hosting architecture, and local legal compliance — these exist in the expertise of Iron Horse personnel. They are not patented because they cannot be reduced to a patent claim. They are not copyrighted because they do not exist as a fixed work.

This is a genuine form of IP protection. Trade secret doctrine covers exactly this kind of know-how: economically valuable information that derives its value from not being generally known and that is subject to reasonable measures to maintain its secrecy. Iron Horse's institutional knowledge satisfies these criteria. It is protected by the practical impossibility of replication rather than by legal registration.

Iron Horse also owns the US-deployed versions of SADE and SIROS, transferred from Knudsen Institute as they reach commercial viability. These foundational systems represent years of development and genuine technical innovation. They are owned by Iron Horse, they are not transferred internationally, and their ownership is unambiguous.

Everything built inside the host-nation entity belongs to that entity. Iron Horse makes no claim on work product created by locally employed engineers, on the architecture of the locally built systems, or on the data the local entity accumulates through its commercial operations. This is by design. It is the foundation of the sovereign build value proposition. The host nation gets a capability it genuinely owns.

For investors, Iron Horse's equity value sits in the foundational systems and institutional knowledge that remain in the United States, and in the equity positions Iron Horse holds across its portfolio of country entities. The value compounds with each new deployment.

This is a services, guidance, and equity model. It scales differently from pure software licensing and carries none of the IP jurisdiction risk that a licensing model creates in foreign markets. It aligns Iron Horse's financial interests directly with the success of each sovereign deployment.

The framework in this paper establishes the structural logic of the Iron Horse model and its relationship to ITAR, export controls, and corporate IP. Several specific questions require analysis by qualified counsel:

• Trade secret protection for institutional methodology. Whether and how Iron Horse formalizes trade secret protection for its institutional knowledge, including what documentation, access controls, and confidentiality agreements are appropriate to maintain protectability.
• Deemed export analysis for in-country build guidance. A detailed analysis of what technical knowledge Iron Horse personnel convey during each in-country build, whether any of that knowledge is controlled under EAR or ITAR, and what boundaries govern that guidance in commercial versus defense contexts.
• Host-nation IP law for target jurisdictions. Local IP law governs rights in work product created in-country. The structure Iron Horse intends should be confirmed to produce the intended ownership outcome under each host nation's law, particularly for software and AI system outputs.
• Equity and governance structure of each local entity. The specific ownership, board composition, and governance terms of each country entity should be reviewed to confirm they are consistent with Iron Horse's commercial model and do not create unintended controlled-entity exposure under US national security review frameworks.
• ITAR analysis for defense sustainment phase. When any engagement expands to include F-15 or other USML-platform sustainment work, a specific ITAR analysis of that scope, the applicable licensing or exemption framework, and the personnel and access controls required should be conducted in advance of that phase.

The questions above are scoping and confirmation questions. The structural logic this paper documents answers the core investor concerns: Iron Horse's model is architecturally different from the structures that create conventional technology company IP and export control exposure. That difference is deliberate, is validated by the most scrutinized AI company in the US defense market, and is reflected in every element of how Iron Horse establishes in-country presence.

Investors asking about IP exposure are asking the right question about a conventional technology company. Iron Horse is a different kind of company, and this paper establishes why.

Iron Horse Holdings has a genuinely different approach to corporate IP and international market entry than conventional technology companies. That difference is not an accident and it is not a legal technicality. It reflects a deliberate architectural choice made at the founding of the company: that the right way to build sovereign industrial intelligence capability in a foreign market is to build it natively, inside a locally owned entity, rather than to export and license a product.

That choice produces a risk profile that is substantially lower than investors typically assume when they ask about IP exposure in defense-adjacent international AI deployments. Iron Horse carries no licensed technology in foreign jurisdictions, no export control exposure until the engagement reaches the point where export controls apply, and no IP repatriation risk because the local entity owns what it builds.

Investors participate in every market through Iron Horse's equity stake in each country entity. The two-track expansion model captures both the high-value sovereign deployments and the faster direct market opportunities. The foundational assets — SADE, SIROS, and institutional methodology — remain domiciled in the United States and compound in value with every new deployment.

The Palantir structural parallel provides the legal and commercial validation that this approach is proven. Palantir has operated across commercial, government, and defense markets simultaneously for over two decades, applying regulatory controls at the deployment and use-case level rather than the product level, without legal challenge on that specific question.

The companion government IP white paper establishes that the underlying activity Iron Horse enables is federally authorized. This paper establishes that the corporate structure Iron Horse uses to enable it carries lower IP and regulatory risk than conventional technology company structures. Together they answer the investor question at both levels where it needs to be answered.