Overview  

On January 29, 2024, the Bureau of Industry and Security (BIS) at the U.S. Department of Commerce issued a new proposed regulatory rule (the “Proposed Rule”), which will impose significant diligence, monitoring, and reporting requirements on U.S. Infrastructure-as-a-Service (IaaS) providers and foreign resellers of U.S. IaaS products. 

The Proposed Rule: 

• Aims to address the risk of malicious foreign actors exploiting U.S. cloud infrastructure to create large Artificial Intelligence (AI) models with potential capabilities that may be used to attack U.S. critical infrastructure or other national security interests (Large AI Models).
• Implements authority under recent executive orders targeting cybersecurity and AI. 
• Extends to the cloud computing context of the U.S. government’s broader strategy of seeking to deny malicious foreign actors access to critical technologies, specifically including advanced computing technologies that enable AI. 
• Requires U.S. IaaS providers and their foreign resellers to implement a Customer Identification Program (CIP) and report to the U.S. government instances where a foreign customer could use U.S. IaaS products to train a Large AI Model.
• The Proposed Rule authorizes civil and criminal enforcement actions. 
• On its face, does not apply to non-U.S. IaaS providers, but likely will have a significant impact on any provider, reseller, or customer of U.S. technology-enabled cloud solutions because it communicates BIS expectations with regard to customer diligence, will be a platform to define Large AI Models, and will establish a baseline regulatory playing field across the IaaS and broader advanced computing/AI cloud services industry. 

Industry comments on the Proposed Rule are due for submission to BIS by April 29, 2024. 

The balance of this client alert describes key elements of the Proposed Rule and how Ankura can assist clients and counsel considering how to navigate the consequent regulatory requirements and risks.

Proposed Rule Key Elements

Four elements of the Proposed Rule are likely to particularly impact IaaS providers, resellers, and customers: 

• Customer Identification Program (CIP)
  • U.S. IaaS providers and their foreign resellers will be required to implement a risk-based CIP, including the requirement to collect sufficient Know Your Customer (KYC) information to verify customer identity. Minimum customer information includes: customer name, address, the means and source of payment for each customer account, email addresses and telephone numbers, and internet protocol (IP) addresses used for access or administration of the account. 
  • Under certain conditions (described further below) information about relevant non-U.S. customers will be reported to the U.S. government.
  • U.S. IaaS providers will be required to submit annual CIP certifications for themselves and their foreign resellers. The U.S. government also is authorized to inspect and require measures to address any shortcomings in the written CIPs. 
  • U.S. IaaS providers will be accountable for ensuring their foreign resellers’ compliance with the CIP, including the responsibility to investigate failures, remediate such failures, and terminate commercial relationships in appropriate circumstances.
  • BIS is authorized to exempt a U.S. IaaS provider, foreign reseller, or customer from the CIP requirement where the agency finds that the relevant party has implemented security best practices to prevent exploitation of U.S. IaaS products.    
  • Reporting Foreign Customer Large AI Model Training.
  • U.S. IaaS providers and their foreign resellers will be required to report to the U.S. government when “a transaction by, for, or on behalf of a foreign person… results or could result in the training of a [Large AI Model]’ or in which “a development or update in the arrangements” could result in the training of a Large AI Model. 
• Large AI Model Definition
  • The Proposed Rule defines “Large AI Model” as “any AI model with the technical conditions of a dual-use foundation model, or that otherwise has technical parameters of concern, that has capabilities that could be used to aid or automate aspects of malicious cyber-enabled activity, including but not limited to social engineering attacks, vulnerability discovery, denial-of-service attacks, data poisoning, target selection and prioritization, disinformation or misinformation generation and/or propagation, and remote command-and-control, as necessary and appropriate of cyber operations.”
  • The Proposed Rule further states that BIS will define and publish the “set of technical conditions” for a Large AI Model to have potential capabilities that could be used in malicious cyber-enabled activity. “Such technical conditions may include the compute used to pre-train the model exceeding a specified quantity.”
• IaaS Product Definition
  • The Proposed Rule defines “IaaS Product” as any product or service “that provides processing, storage, networks, or other fundamental computing resources, and with which the consumer is able to deploy and run software that is not predefined, including operating systems and applications.”
  • “The term is inclusive of “managed” products or services, in which the provider is responsible for some aspects of system configuration or maintenance, and “unmanaged” products or services, in which the provider is only responsible for ensuring that the product is available to the consumer. The term is also inclusive of “virtualized” products and services, in which the computing resources of a physical machine are split between virtualized computers accessible over the internet (e.g., “virtual private servers”), and “dedicated” products or services in which the total computing resources of a physical machine are provided to a single person (e.g., “bare-metal servers”).”
• BIS Prohibition and Special Conditions
  • When the U.S. government determines that a foreign jurisdiction or person is using U.S. IaaS to enable malicious cyber activities, the Proposed Rule authorizes it to require U.S. IaaS providers to prohibit or impose conditions on relevant customers or potential customers. 

Implications

As implementation of the Proposed Rule approaches, U.S. IaaS providers and their foreign resellers will need to take several actions to comply, including (among others):

• Develop, document, and implement a CIP;
• For U.S. IaaS providers, ensure that resellers implement and make their CIPs available;
• Implement CIP certification program;
• Evaluate and implement IaaS security requirements enabling a CIP exemption;
• Implement an approach for identifying and reporting foreign customer Large AI Model training;
• Develop an approach for complying with BIS IaaS prohibitions and special conditions; and
• Engage with customers and foreign resellers to appropriately adjust expectations, relationships, and relevant contractual terms.    

More broadly, Ankura anticipates that the Proposed Rule will have significant effects across the U.S. technology-enabled cloud solutions market because it communicates BIS expectations with regard to customer diligence, will be a platform to technically define Large AI Models (which almost certainly will be subject to heightened regulatory controls and scrutiny), and will establish a baseline regulatory playing field across the IaaS and broader advanced computing/AI-enabling cloud services industry.