Parsing Pax Silica
Bonum, Malum, et Turpe de Novo Incepto Gubernationis Americanae
Last week, the United States hosted the inaugural Pax Silica Summit in Washington, DC, at which the U.S. and six partner countries signed the Pax Silica Declaration.
The declaration signals a shift in U.S. tech diplomacy toward full-stack economic security. It treats the AI supply chain — from chips and energy to software platforms and frontier models — as a single system to be managed. The signatories, collectively, are the suppliers; their cooperation is about coordinating access. Among them, it appears that they decide which trusted partner countries (customers, effectively) receive the stack, on what terms, and subject to what safeguards and enforcement expectations.1
With caveats, the instinct is directionally right. AI advantage largely runs through and is built into the layers of the stack. But Pax Silica, as launched, raises several design questions that matter for whether it can work in practice. In particular, it raises questions about whether the United States is trying to diffuse trusted AI stacks or keep them to a narrow circle, even as Chinese open-weight models are spreading globally with relatively little friction. It also risks operating inconsistently alongside the American AI Exports Program (AAEP) — a diffusion-oriented effort under development — without a clear sense of how the two frameworks relate or which one sets the operative rules.
The initiative’s credibility challenge is also worth noting. Pax Silica asks partners to align around discipline and restraint toward China, while the United States is signaling elsewhere a willingness to tolerate exceptions when commercial or political incentives point the other way. That tension doesn’t negate the reasoning behind Pax Silica, but it can complicate coalition-building unless it is addressed.
Finally, the membership and launch participation choices invite questions about the framework’s organizing principle. If the goal is to anchor cooperation at key chokepoints in the AI stack, the initial group of signatories appears to be a mix of allies and partners rather than a group of AI suppliers controlling critical stack components.
Pax Silica could become a useful economic security mechanism for the AI age. But it will work best if its access structure, membership rationale, and China posture are made more explicit and aligned with adjacent U.S. initiatives and U.S. signaling.
What Pax Silica is actually trying to do
The declaration starts from a familiar premise. AI is “reorganizing the world economy” and will drive demand across “energy, critical minerals, manufacturing, technological hardware, infrastructure, and new markets not yet invented.” It then defines the object of cooperation as “strategic stacks of the global technology supply chain,” listing software platforms, frontier foundation models, network infrastructure, compute and semiconductors, advanced manufacturing, logistics, minerals refining and processing, and energy.
Pax Silica thus treats the AI economy as a single, integrated economic security system that can be shaped through investment, security practices, infrastructure buildout, incentives, and enforcement coordination. In that sense, it echoes the language and theory of the AAEP.2
“It is about managing access — who gets what, on what terms, and with what expectations attached.”
The declaration also commits the signatories — again, the suppliers — to “endeavor to provide access to trusted partners to the full stack of technological advancements that are shaping the AI economy.” Thus, in effect, the unwritten dual test for countries to qualify as signatories seems to be (1) they control meaningful capacity or chokepoints in the AI stack and (2) they can sit inside a trusted ecosystem without forcing the coalition to dilute its security commitments.
One design complication the declaration doesn’t address is that “suppliers” and “customers” are not clean categories. In practice, many countries play both roles across different layers of the stack. Australia, for example, is a plausible exporter of critical minerals and upstream processing capacity while remaining a net importer of advanced chips and frontier models. That dual role matters because it blurs what “access” is being traded for what “contribution,” and it raises governance questions that the declaration should answer explicitly. For example, are signatories primarily coordinating outbound supply to trusted partners, or also coordinating inbound access among themselves for the layers they lack?
In bifurcating the world into two groups — (1) AI suppliers/chokepoint owners and (2) customers/trusted partners, the Pax Silica Declaration also signals a kind of governance. But it’s not governance in the Hiroshima AI Process sense; it’s not about principles or codes of conduct. It is about managing access — who gets what, on what terms, and with what expectations attached.
China is the unspoken target and catalyst
The declaration never names China, but Beijing is its target and reason for being. Per Jacob Helberg, the State Department’s Undersecretary for Economic Affairs: “By aligning our economic security approaches, we can start to have cohesion to basically block China’s Belt and Road Initiative — which is really designed to magnify its export-led model — by denying China the ability to buy ports, major highways, transportation and logistics corridors.”3
So, the strategic intent is coherent. Pax Silica is meant to be part of a broader effort to counter China’s export-led, state-backed industrial model by coordinating how allied and partner economies deploy their own tools.
The problem is that Pax Silica is asking declaration signatories to align around discipline and restraint, while the United States itself is sending mixed signals about how far it is willing to go in conditioning access. Two decisions illustrate the tension.
The first is the Trump administration’s approval of NVIDIA’s sale of H200 chips to China, with the U.S. collecting a 25 percent fee on those exports. The administration’s defense is that limited sales can slow Chinese substitution, preserve U.S. leverage, and extract revenue. That argument may have merit on its own terms. But to partners being asked to coordinate export controls and investment screening, it reads as selective accommodation. Discipline for the coalition, carve-outs for Washington.
The second is TikTok, and here the issue is mostly about leniency. The administration has framed its TikTok approach as resolving a national security risk through a “qualified divestiture.” In practice, the White House says ByteDance will retain under 20 percent ownership and be able to appoint one director to the seven-seat board, while being excluded from the security committee (an approach that still permits ongoing commercial and technical entanglement).
Taken together, the H200 and TikTok decisions send a message that complicates Pax Silica’s credibility. China is treated as an economic security problem in the abstract, but exceptions are made when commercial or political incentives point the other way. That tension doesn’t doom Pax Silica, but it raises questions about clarity and consistency, and makes a technological Victoria Sinica more likely.
Who signed, who attended, and why that matters
Here’s a table that shows:
The six countries plus the United States that signed the declaration (Australia, Japan, South Korea, the United Kingdom, Singapore, and Israel).
The “convened stakeholders in the inaugural Pax Silica Summit: The signatories plus the Netherlands and the United Arab Emirates.
“Guest contributors:” Taiwan, the European Union, Canada, and the OECD.
Potential future members of the group (I’ve added these for the discussion below; they are not in any Pax Silica materials).
Some general takeaways from this list:
Signatories. At a surface and abstract level one would imagine that the signatories would be countries that host major AI stack chokepoints/lynchpins/nodes. Korea, Japan, and the U.S. all qualify, and Australia makes sense because of its critical minerals. But the list also includes countries like Singapore, which is AI-forward but not likely a critical part of the AI stack. On the other end of the spectrum, the Netherlands didn’t sign the declaration, even though it is a chokepoint because of ASML. Keeping Taiwan off the declaration and on the list of invitees to the summit is an appropriate expression of strategic ambiguity about Taiwan.4 That said, the grouping — even informal — of Australia, Japan, Korea, Singapore, and Taiwan sends a signal to China that many of its neighbors are part of the Pax Silica effort.
Contributors. The guest contributors list is curious. All other things being equal, Canada should be on the signatories list (close ally, Five Eyes member, neighbor), but it’s not. Whether this is because of Canadian concerns about signals of AI integration with the United States while being rebuffed by the Trump administration in the bigger picture or because of U.S. concerns (or something else) isn’t clear. The EU or at least certain member states would also typically be in the group of signatories, though again there are bigger-picture trade, security, and diplomatic issues that might be a high hurdle to that.
Trusted partners. If the test for signatories is chokepoint control plus security alignment, then countries like Singapore and Israel — important partners but not stack bottlenecks — might fit more naturally as trusted partners receiving access rather than signatories coordinating and providing it. That said, the line isn’t clean. Most countries are both suppliers and customers depending on the layer of the stack, which is part of why the declaration’s categories need more definition.
Future candidates?
The future candidate set is meant to help think about which countries would plausibly meet the implied test of the declaration for signatories (i.e., control of meaningful capacity or chokepoints in the AI stack and able to sit inside the group’s trusted ecosystem).
India was not included, despite its scale and relevance in the Indo-Pacific. This may reflect either sequencing choices or unresolved terms — or perhaps the perception is that India doesn’t fill a gap and is better placed as a trusted partner rather than a signatory.
And there are no Western Hemisphere signatories (two are suggested above, and Canada would be the third), which leaves a gap if the initiative is going to strengthen supply chains, manufacturing, and energy alongside advanced compute — and if it’s meant to align with the administration’s National Security Strategy, which centers in large part around the hemisphere.
Vis-à-vis Europe, Germany is perhaps the most plausible way to add European industrial weight. (The AI Diffusion Rule — discussed below — took a similar approach, listing individual EU member states in Tier 1 rather than treating the EU as a bloc.)
Diffusion and security
The Pax Silica effort seems to acknowledge and reflect the logic of the AI Diffusion Rule that was promulgated in the final days of the Biden administration. That rule was an attempt to formalize a global access regime for advanced AI chips and related technology by sorting destinations into tiers — effectively distinguishing “trusted” partners that would face minimal friction from countries that would face caps, licensing hurdles, or near-total denial.
The Commerce Department rescinded the rule in May, so the tier system is no longer in effect, but the Tier 1 list remains a useful benchmark for how Washington recently tried to codify “trusted partner” status.5
Several Pax Silica signatories were on the Tier 1 list under the Diffusion Rule: Australia, Japan, South Korea, and the UK. Tier 1 also included the Netherlands, Canada, and Taiwan, all of which show up in Pax Silica, but aren’t signatories.
There’s also some divergence. Pax Silica’s signing countries include Singapore and Israel, which were not Diffusion Rule Tier 1 countries. More subtly, Tier 1 countries like the Netherlands, Canada, and Taiwan were part of the Pax Silica launch but didn’t sign the declaration. All of this may suggest that Pax Silica’s group of signatories and trusted partner is being assembled using criteria that are somewhat different from those of the Diffusion Rule.
More broadly, the Diffusion Rule tiers were an attempt to codify access. Pax Silica’s categories are an attempt to codify coalition membership around a broader “full-stack” security agenda. Both constitute efforts by the U.S. government to create AI categories for countries and limit or expand access to the AI stack, depending on how a country is categorized.
“’Trusted partner’ risks becoming a label applied after decisions are made, rather than a standard that disciplines those decisions.”
“Trusted partner” definition
The declaration doesn’t define what it means to be a “trusted partner,” even though that label determines access to the full stack. In a high-value, high-stakes context, that vagueness is a problem.
If trust is discretionary rather than rule-based, it becomes political currency. Partners will not know what standards they are being judged against. Firms will not know what compliance regime they are building toward. And countries outside the initial group of Pax Silica countries might hedge rather than wait — perhaps by turning to alternative ecosystems that are easier to procure and govern locally.
A credible access framework does not require an ideological litmus test. As a practical matter, though, democratic allies and partners should generally be eligible to participate — not necessarily because of ideology (though adherence to democratic practices should be a plus), but because they tend to have stronger institutional capacity and a track record of close security cooperation with the United States.
But the framework still requires basic operational clarity for trusted partners. This would include expectations around anti-diversion controls, investment screening alignment, procurement and deployment security, enforcement cooperation, and consequences for breach. Absent that, “trusted partner” risks becoming a label applied after decisions are made, rather than a standard that disciplines those decisions.
Though neither the AI Diffusion Rule nor the Pax Silica Declaration articulates how countries are classified and how they can move from one category to another, such decisions would have been unilateral to the U.S. under the Diffusion Rule. By contrast — and at least in theory — these decisions would be the result of negotiation among the signatories in the case of Pax Silica (unlike the Pax Romana, this peace seems to be geared toward multilateralism).6
Frontier models — why are they part of the stack?
Pax Silica’s inclusion of “frontier foundation models” is potentially counterproductive because it implies conditional access at the model layer without explaining what problem that conditionality solves.
That clashes with the AAEP’s diffusion logic, which is to get U.S. AI stacks (including models) into partner countries fast enough to shape ecosystems. Pax Silica, by contrast, reads like an exclusive club that could withhold or meter frontier models to all but an inner circle of trusted partner countries.
The timing makes it worse. Chinese open-weight models are already flooding international markets with minimal friction. If Pax Silica makes U.S. frontier models harder to access (or even gives that appearance), partners will route around rather than wait.
What would make Pax Silica effective
Pax Silica points at a real issue: AI advantage runs through bottlenecks, and bottlenecks can be governed. To translate that insight into results, the framework needs more definition and action.
At minimum, it needs:
an operational definition of “trusted partner,” with transparency about decisions and consequences for breach;
clarity on what is being conditioned at the model layer so the coalition is not inadvertently slowing diffusion of U.S. and allied models in the face of rapidly proliferating Chinese open-weight alternatives;
a clear division of labor with the AAEP, including which framework sets the operative “trust” rules and how Pax Silica membership affects AAEP outcomes;
a stated membership rationale that matches the coalition’s theory of the case (chokepoint capacity versus diplomacy), plus a rules-based pathway from participant to signatory;
at least one flagship project in a hard bottleneck area that demonstrates the initiative can move beyond alignment to execution; and
coherence in U.S. China policy that at least explains logically how Pax Silica is meant to live alongside other U.S. government technology efforts vis-a-vis China.
Without those elements, Pax Silica will confuse partners and dilute leverage. With them, it could become a disciplined way to apply economic security tools to the AI economy as it actually exists.
Conflict of Interest Disclosure: The views I express in this essay are my own. While I maintain professional affiliations and advisory roles with various organizations, I don’t receive compensation or direction from them (or from any other entities) for the views expressed in my essays, unless explicitly stated otherwise in a particular piece. In some cases, I may receive an honorarium from the publisher as compensation for contributing the essay itself (I am receiving zero compensation for this piece, though a kind subscriber has pledged $80 per year in case I ever start charging 😁).
Reading through the AAEP raises another way to look at Pax Silica: as a strategic coordinating framework rather than a new mechanism. For example, its “chokepoints/trusted networks/investment security” framing closely overlaps with State’s CHIPS-era ITSI Fund mandate and its critical minerals rationale goes over terrain already covered by the Minerals Security Partnership.
The point isn’t that the BRI is “about AI” (though the Digital Silk Road and other compoents might be). Rather, it’s that Pax Silica is defining AI competitiveness to include the physical corridors — ports, logistics, energy, connectivity — that shape where compute and industrial capacity can scale.
The now-rescinded Biden era AI diffusion rule, which established 18 “low-risk” destinations for the export of AI chips listed Taiwan as a country.
Tier 1 was Australia, Belgium, Canada, Denmark, Finland, France, Germany, Ireland, Italy, Japan, the Netherlands, New Zealand, Norway, South Korea, Spain, Sweden, Taiwan, and the United Kingdom.
Building on the parenthetical with a footnote: given its design, perhaps calling this program the “Pax SIlica” is a kind of category error. Maybe it’s more like the Delian League, the alliance of Greek city-states circa 500 BC under the leadership of Athens. The point of the alliance — which eventually resulted in a kind of Athenian empire — was to fight the Persian empire. Maybe to Pyritiakòn Koinón should have been the the name and — to my mind — would have been the more ideologically and historically appropriate (though still flawed and definitely harder to pronounce) model.
Thanks for the analysis!
I think the ambiguity about the definition of a “trusted partner” may be intentional, as it allows one-on-one negotiations and more leverage to the seller. Although not a perfect analogy, but with this strategy the US can use AI as Russia uses energy, to pull countries into its sphere of influence.