Interview: Eleanordustinbliss — 2026-05-02
Key Themes
Hardware Liability Follows the Product — Permanently Eleanor’s Sophos account remains the sharpest primary-source validation of TBD’s compliance wedge thesis. Hardware physically moves; liability tracks it regardless of diversion route or corporate domicile. UK-headquartered Sophos was fully subject to US export rules because US sales exceeded the threshold. Product classification with BIS determines the full regulatory envelope. This is structural, not episodic — unlike software, you cannot block an IP address after the device has crossed a border.
Sanctions Workflow Is Manual, Under-Tooled, and Sitting in the Wrong Seat Eleanor described the current state-of-the-art as: an analyst (not a lawyer) in finance or sales ops, outside counsel bulletins, and occasional AI scanning. No purpose-built tooling. The compliance owner inherits the function only after something breaks and legal gets tired of cleaning it up. This confirms the buyer persona gap flagged in the prior synthesis — TBD should be targeting finance/sales ops leaders and export compliance analysts, not GCs.
Modern Slavery as the Low-Friction Wedge Into Supply Chain Mapping UK and Australian modern slavery statutes require public, multi-tier supplier diligence filings. Eleanor’s framing — ‘check the box, works until it doesn’t’ — is almost verbatim TBD’s thesis. This mandate is documented, recurring, and auditable, and it forces companies to map supplier relationships multiple tiers deep. For semiconductors, this may be the lowest-resistance entry point to building the data flywheel.
Competitive Secrecy Is the Central Structural Barrier Eleanor named supply chain secrecy as the biggest obstacle to TBD’s network-effects model. Large semiconductor companies (Nvidia, Intel, TSMC, Applied Materials) are the only logos that matter — but also the most guarded. Small companies ignore compliance until IPO. The build-vs-buy question at incumbents remains the critical unknown.
GC Compensation Surge Signals Board-Level Compliance Urgency Apple ($77M) and Meta ($50M) GC packages confirm compliance has escalated to existential board risk. Eleanor knows Intel’s GC directly — the warmest intro in the current corpus to a flagship semiconductor buyer.
Notable Quotes
- ‘Hardware physically moves. And once it moves to a sanctioned country, you’re still responsible — even if it’s been illegally smuggled in.’
- ‘Most procurement management is check the box — works until it doesn’t.’
- ‘The time it typically comes up for a software company is when you want to go public. Then all of that has to be fixed.’
- ‘Companies keep supply chains very secret — it’s competitive advantage.’
- ‘Didn’t know how to price SaaS; don’t know how to price AI properly.‘
Surprises
- Compliance ownership almost never sits in legal from the start — it migrates there only after failures. TBD’s outreach strategy targeting GCs may be hitting the wrong door initially.
- The Crimea example (300 cities, not a country-level block) illustrates that granularity, not volatility, is the real operational burden — a more tractable software problem than anticipated.
- Eleanor’s modern slavery framing as a ‘check the box that works until it doesn’t’ maps almost exactly onto the enforcement-driven urgency thesis without any prompting.
Open Questions
- How do Nvidia, Intel, TSMC, and Applied Materials currently staff and tool their export compliance functions? Build vs. buy?
- What is the actual workflow pain point that would drive a top-10 semiconductor company to evaluate a new vendor vs. expand an existing tool?
- Does Intel’s GC have visibility into the export compliance stack, or does that sit in a separate function Eleanor would need to route around?
- At what company size / revenue threshold do hardware companies first invest in purpose-built compliance tooling?