Just to clarify, "scoping" the config changes - i.e. limiting edit access to developers in a particular scoped app - is different from the "scoping" you're talking about, which is about the end users.

You can certainly create a separate NLU model in a separate scope - and even have different topics use different models - but can you explicitly prevent users from using this model? Not entirely sure about that... BUT, I'm not sure it matters either.

If you want topics to be visible to certain users, you don't need to do anything special with NLU - you just need to update the properties of those topics, either using Roles or Conditions. Applying roles to a topic is straightforward and may be the easiest option depending on your circumstance. Otherwise you can use condition builder for no-code or script the condition, which is what I use when limiting topics for specific groups and/or departments.

When you do this, the user may technically match the NLU intent behind the scenes, but if they don't meet the topic's condition, the topic is not going to be trigger (nor is it available in the topic list).

Here's an example of a script I use to limit a topic only to users who own a certain type of computer:

(function execute() {
    var answer=false;
    var gr = new GlideRecord('cmdb_ci_computer');
    gr.addQuery('name', 'STARTSWITH', 'computer_name');
    gr.query();
    while (gr.next()) {
        if(gr.assigned_to == gs.getUserID()){
            answer = true;
            return answer;
        }
    }
    return answer;
})()