On January 29, 2024, the Department of Commerce’s Bureau of Industry and Security (BIS) issued a proposed rule to prevent foreign actors from using U.S. cloud computing services for malicious cyber activities. The proposal would require U.S. providers of Infrastructure as a Service (IaaS) products to verify the identity of their customers and ensure their foreign resellers do the same. The proposed rule would provide procedures for the Secretary of Commerce to impose “special measures” such as prohibitions or conditions on foreign jurisdictions and customers of U.S. IaaS products. The proposed rule would also impose compliance and reporting requirements on U.S. providers and provide for civil and criminal penalties for violations. As a proposed rule, the requirements are not yet effective. Parties can submit comments on this rule until April 29, 2024.

Key Takeaways

1. The proposed definition of IaaS is intentionally expansive. It would impact an array of U.S. cloud service providers and entities that provide processing, storage, network, or other fundamental computing resources with which a customer is able to run software that is not predefined, including virtualized and managed products and services.
2. The proposed rule includes a broad definition of a “large AI model with potential capabilities that could be used in malicious cyber-enabled activity.” The definition could capture transactions involving all sufficiently large AI models, but the technical parameters of such models are to be determined by the Secretary of Commerce and published in the Federal Register.
3. The proposed rule imposes significant compliance requirements on U.S. IaaS providers and their foreign resellers to verify and document the identity of customers, outlined under the “Customer Identification Program” (CIP). These obligations impose on the industry expansive “know-your-customer” (KYC) monitoring and reporting obligations.
4. The rule applies to U.S. IaaS providers—U.S. persons who provide IaaS products—and the foreign resellers of such U.S. services.
5. Industry comments on the proposed rule and other engagement with Commerce will be integral in shaping the final rule.

The Proposed Rule

Core Requirements

The proposed rule[1] requires all U.S. IaaS providers, and U.S. and foreign resellers, to verify the identity of their customers by establishing and maintaining CIPs. The regulations require a CIP to include a list of all foreign users of the IaaS provider’s platform, including users’ names, addresses, and financial information. U.S. IaaS providers will have to submit annual certifications to BIS regarding compliance with this process. The proposed rule would also require mandatory disclosures whenever an IaaS provider engages in a transaction with a foreign user that could help train a large AI model with potentially malicious capabilities. BIS is authorized to inspect CIPs when investigating foreign misuse of IaaS products.

When finalized, the rule will be implemented and enforced by BIS’s Office of Information and Communications Technology and Services (OICTS). Formed in 2021, the office is responsible for implementing executive orders and related regulations in the information and communications technology and services (ICTS) field. Since its formation, this office has been growing rapidly, and BIS appears eager to expand its use of its ICTS authorities to implement its foreign objectives for critical and emerging technologies. The Bureau selected the office’s first Executive Director, Elizabeth Cannon, in January 2024.

Broad Definition of IaaS Products

The proposed rule defines an IaaS product as a:

Product or service offered to a consumer, including complimentary or “trial” offerings, that provides processing, storage, networks, or other fundamental computing resources, and with which the consumer is able to deploy and run software that is not predefined, including operating systems and applications.

Both U.S. IaaS providers and U.S. and foreign resellers of U.S. IaaS products are within the scope of the rule. The rule defines “U.S. IaaS providers” to be any U.S. person who offers any IaaS product and defines “U.S. person” to include entities organized under any jurisdiction in the United States (including foreign branches), any person located in the United States, any U.S. citizen, or any lawful permanent resident. BIS may later clarify that foreign subsidiaries of U.S. IaaS providers are not included in the definition.

The definition covers both products and services that are maintained for the consumer by a provider, along with “unmanaged” offerings where the provider has only ensured the availability of the product. It also covers virtual private servers and servers where the full computing resources of a physical machine are provided to an individual person.

Although BIS estimates that approximately 25 core providers of IaaS products will be directly impacted by the rule, its upper-bound estimate of the impact includes almost 2,000 firms that resell potentially covered telecommunications services. The proposed definition of “covered IaaS products” could encompass many cloud or virtual offerings, including storage, platform, and computing services, if the consumer is able to deploy and run software on these offerings that is not predefined. Offerings like “network management,” “data storage,” or products where the consumer does not manage or control the underlying hardware but instead maintains control over “the operating systems, storage, and any deployed applications,” are all part of the definition. The comments also clarify that the definition would capture services like content delivery networks, proxy services, and domain name resolution services.

Notifications of Potential Misuse of Large AI Models

Beyond maintaining updated records on foreign users, the proposed rule mandates notifications to BIS whenever a transaction takes place with a foreign user that could result in the training of a large AI model for malicious ends. This imposes significant monitoring obligations on the service provider.

Reporting would be required whenever a domestic IaaS provider or reseller has knowledge of a transaction with a foreign user involving access to dual-use foundation models, or AI models with parameters of concern that could be used to automate aspects of malicious cyber activity, like vulnerability discovery, denial-of-service attacks, and misinformation generation. The rule’s aim of targeting misuse of AI technology covers cyber-attacks broadly, and the definition of misuse includes using IaaS products for hacking, stealing intellectual property and sensitive data, or targeting critical U.S. infrastructure. Facilitating or taking advantage of data breaches in U.S. networks is also considered malicious use, as is using vulnerabilities in the U.S. ICTS supply chain to the detriment of national security interests and domestic business. For example, using IaaS products to steal “critical intellectual property, health data, government information, or financial user information” would be clear examples of misuse.

Covered transactions include a foreign person using the computing structure of a domestic IaaS provider to train an AI model when that model could be used for a harmful purpose, or when a U.S. person agrees to train a dual-use foundation model for a foreign person. Under the proposed regulations, providers and resellers would have 15 days to report covered transactions.

Lastly, the proposed definition of a large AI model is broad: “A model shall be considered to be a large AI model with potential capabilities that could be used in malicious cyber-enabled activity under this definition if it meets the technical conditions” that the Secretary of Commerce will determine and publish in the Federal Register. If not bound narrowly via technical parameters, the definition has the potential to include any sufficiently large model. Cognizant of this issue, BIS is requesting comments from industry on the definition and the process for determining the set of specific technical thresholds necessary for a large AI model to meet this definition.

Special Measures Against AI Misuse

The proposed rule would allow the Secretary of Commerce to bar or limit access to U.S. IaaS services by foreign users, based on either a finding that a foreign jurisdiction has a pattern of IaaS product abuse or that a specific foreign individual has misused U.S. IaaS products for malicious cyber activities.

Special measures include prohibiting or imposing conditions on the opening or maintenance of IaaS accounts located within sensitive foreign jurisdictions or barring individuals from accessing domestic IaaS services.

Exemptions for Companies with Qualifying Compliance Processes

Given the expanded reporting requirements, the Commerce Department has also proposed exemptions for companies with sufficient internal processes. Specifically, companies that establish an “Abuse of IaaS Products Deterrence Program” may rely on their own internal policies rather than BIS oversight if the Secretary of Commerce finds that the company’s program complies with industry best practices to deter abuse of IaaS products and if the Secretary grants the company an exemption from CIP requirements. Such programs must include a number of policies and procedures outlined in the rule, such as actively monitoring malicious use of IaaS products, creating a system to flag potential misuse that is then internally investigated, and taking internal enforcement steps to reduce misuse. Once an internal program is implemented, a company can seek an exemption from BIS.

Enforcement

Noncompliance with this proposed rule will have civil and criminal penalties. Infractions can encompass a wide range of offenses, including neglecting to establish and uphold a CIP, failing to provide essential reports or certifications, providing false or deceptive information, and neglecting to inform the Commerce Department of an “IaaS transaction” for training an AI model that could be used in malicious cyber-enabled activity.

Conclusion

The proposed rule is a step forward in implementing regulations to address the national security concerns identified in several executive orders. With a new telecommunications enforcement office and executive director, BIS is well positioned to embark on significant regulatory intervention in the cloud- and web-based service market. The proposed rule includes large-scale recordkeeping requirements and increased disclosures on foreign customers, which presents new compliance risks. As the rulemaking process continues, IaaS providers will want BIS to refine its proposed definitions to focus on national security concerns, while avoiding unintentional impacts on the broader cloud service sector.

[1] The rule follows the Trump administration’s direction in Executive Order 13984 (“Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities”) and the Biden administration’s Executive Order 14110 (“Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence”).

[View source.]