ByteDance, the Chinese parent company of TikTok, is tapping top-tier Nvidia AI chips through a data center buildout in Malaysia, assembling roughly 36,000 B200 GPUs across approximately 500 systems in a project valued at over $2.5 billion. The arrangement works through a local cloud partner, allowing ByteDance to access Nvidia Blackwell-class hardware that U.S. export controls are designed to keep out of Chinese hands. The move raises hard questions about whether Washington’s chip restrictions can hold when third-country workarounds are this straightforward.
36,000 GPUs Outside China’s Borders
The scale of the Malaysia operation is striking. ByteDance is pulling together approximately 500 systems housing roughly 36,000 B200 GPUs, all based on Nvidia’s Blackwell architecture, the company’s most powerful commercially available AI chip line. Rather than purchasing and housing this hardware directly, ByteDance accesses it through a cloud partner based in Malaysia, a structure that places the physical infrastructure outside both China and the direct reach of U.S. enforcement.
The total value of the Nvidia Blackwell AI computing systems ByteDance is assembling outside China exceeds $2.5 billion, a figure that signals this is not a small-scale experiment. For context, a single B200 GPU is among the most sought-after chips in the AI industry, and clusters of this size would place ByteDance’s Malaysia operation among the largest commercial AI training environments anywhere in the world. The company has separately committed $2.1 billion in AI-related investment in Malaysia, a figure confirmed by the country’s investment minister and welcomed by local officials as a sign of the country’s growing role in the regional digital economy.
How U.S. Export Controls Apply
The legal framework that makes this arrangement contentious traces back to an interim final rule issued by the Bureau of Industry and Security (BIS) on October 16, 2023. That rule, published in the Federal Register, defines controlled advanced computing items under export control classification numbers (ECCNs) including 3A090 and 4A090 and sets performance thresholds that effectively capture Nvidia’s highest-end AI accelerators. It also includes end-use, end-user, and foreign direct product rule provisions that extend restrictions beyond direct sales to China, aiming to capture indirect flows of advanced computing capability.
The U.S. Commerce Department, which oversees BIS, later issued clarifications tying back to those October 2023 rules, spelling out how the restrictions apply to advanced computing access by entities connected to the People’s Republic of China. The rules were designed to prevent Chinese companies and military-linked organizations from acquiring the supercomputing power needed to train cutting-edge AI models with national security applications. But the regulations focus heavily on direct chip sales and transfers to China itself, and the ByteDance arrangement in Malaysia tests the boundaries of that framework in a way regulators may not have fully anticipated.
No public statement from the U.S. government addresses whether this specific Malaysia buildout violates BIS rules. The agency’s online licensing portal, accessible through the SNAP-R system, handles export license applications and many enforcement interactions, but no case-specific analysis of ByteDance’s cloud partner structure has surfaced in public filings or press releases. Interested parties can search certain outcomes via BIS’s STELA lookup tool, yet there is no sign of any announced action tied to this Malaysian deployment. This gap between regulatory intent and enforcement reality is the central tension of the story.
The Cloud Partner Structure as a Gray Zone
The distinction between owning AI chips and renting access to them through a third-party cloud provider creates a compliance gray zone that Chinese tech firms are increasingly willing to explore. ByteDance does not appear to be importing Nvidia hardware into China. Instead, the company accesses computing power hosted on Malaysian soil by a local partner. The chips stay in Malaysia. The training workloads, however, can be directed remotely from engineering teams located anywhere, including in mainland China.
This matters because the BIS interim final rule and its follow-on guidance target both the transfer of controlled items and, in some cases, the provision of advanced computing services to restricted end users. Whether a cloud arrangement in a third country constitutes a controlled transaction depends on factors like the identity of the end user, the performance characteristics of the system, and whether the cloud provider itself is subject to U.S. jurisdiction or uses U.S.-origin technology in ways that trigger the foreign direct product rule.
The public docket for these rules shows ongoing debate about how broadly the restrictions should apply. Some commenters urged BIS to treat high-end cloud access for Chinese entities as equivalent to a hardware export, arguing that compute delivered “as a service” can be just as strategically significant as chips delivered in boxes. Others warned that sweeping cloud-based restrictions could be difficult to administer and might unintentionally ensnare benign commercial activity. The regulations as written leave room for arrangements that keep hardware outside China while still serving Chinese AI development, especially when the infrastructure is owned and operated by non-Chinese firms in third countries.
Most coverage of ByteDance’s Malaysia play has framed it as a clever workaround. That framing deserves some pushback. The BIS rules include foreign direct product provisions specifically designed to reach beyond U.S. borders, and the end-use restrictions apply regardless of where the hardware sits if certain jurisdictional hooks are met. If ByteDance is training models that feed back into operations controlled from Beijing, the legal exposure for both ByteDance and its Malaysian cloud partner could be significant. The question is not whether the rules theoretically cover this scenario but whether BIS has the enforcement capacity, technical visibility, and political backing to act on it in a timely way.
Why Malaysia, and What Comes Next
Malaysia has emerged as a preferred destination for AI infrastructure investment by Chinese tech companies for several reasons. The country offers relatively cheap and increasingly reliable electricity, a growing data center ecosystem around hubs such as Johor and the Klang Valley, and a government eager to attract foreign investment in digital infrastructure. ByteDance’s multibillion-dollar commitment fits a broader pattern of Chinese firms building compute capacity across Southeast Asia, where regulatory environments are less adversarial than in the United States or Europe and where local authorities are keen to position their economies as neutral platforms in the global tech race.
For U.S. policymakers, the risk is that Malaysia becomes a template. If one major Chinese platform can assemble $2.5 billion worth of restricted-class Nvidia hardware through a cloud partner in a friendly third country, others will follow. Alibaba, Tencent, and Baidu all face similar chip access constraints and have the capital and regional relationships to replicate this model in Malaysia, Indonesia, Thailand, or elsewhere in the region. Each new deployment would further dilute the practical impact of U.S. export controls while deepening Southeast Asia’s dependence on Chinese platform companies for jobs, connectivity, and digital services.
Washington has tools it could deploy in response. BIS could issue additional guidance clarifying that high-end cloud services provided to Chinese-headquartered firms using U.S.-origin advanced computing items are presumptively subject to license requirements, even when the data centers are located in third countries. It could also expand its use of the Entity List or other designations to target specific cloud providers that facilitate access to restricted compute for Chinese end users. Any such moves, however, would need to balance national security concerns against the risk of alienating partners in Southeast Asia who do not want to be forced into a binary choice between Chinese and U.S. technology ecosystems.
For now, the ByteDance buildout in Malaysia underscores the limits of a control regime that was crafted around physical exports in an era when compute can be sliced, virtualized, and delivered over fiber. As AI capabilities become more central to economic and military power, the contest will hinge not only on how many chips each side can manufacture or buy, but also on how effectively they can route around each other’s regulatory walls. ByteDance’s Malaysian cluster is an early, and unusually visible, test of whether those walls can hold.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
