On January 29, 2024, the Department of Commerce (“Department”) published a proposed rule (“Proposed Rule”) to require providers and foreign resellers of U.S. Infrastructure-as-a-Service (“IaaS”) products to (i) verify the identity of their foreign customers and (ii) notify the Department when a foreign person transacts with that provider or reseller to train a large artificial intelligence (“AI”) model with potential capabilities that could be used in malicious cyber-enabled activity. The proposed rule also contemplates that the Department may impose special measures to be undertaken by U.S. IaaS providers to deter foreign malicious cyber actors’ use of U.S. IaaS products. The accompanying request for comments has a deadline of April 29, 2024.
The Proposed Rule would effectuate many of the requirements laid out in the Executive Order on Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities (“E.O. 13984”). E.O. 13984, issued three years prior to the Proposed Rule, set in motion requirements for IaaS providers to enact certain customer identity verification procedures and take special measures to prevent their services from being used by foreign actors for malicious cyber-enabled activities. The AI provisions of the Proposed Rule stem from the more recent Executive Order on Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (“E.O. 14110″), issued on October 30, 2023, which directed the Department to propose regulations for U.S. IaaS providers to (i) submit reports to the Department when a customer transacts with the provider to train an AI model that could be used for malicious cyber-enabled activities and (ii) ensure foreign resellers of IaaS products also conduct identity verification of foreign account holders.
The proposed regulations are further explained and summarized below:
Key Definitions:
Certain terms are broadly defined and capture large segments of the U.S. cloud computing sector. Below are definitions for four key terms that illustrate the scope of the Proposed Rule.
- IaaS Product means a product or service offered to a consumer, including complimentary or ‘‘trial’’ offerings, that provides processing, storage, networks, or other fundamental computing resources, and with which the consumer is able to deploy and run software that is not predefined, including operating systems and applications. The term is inclusive of “managed” products or services, in which the provider is responsible for some aspects of system configuration or maintenance, and “unmanaged” products or services, in which the provider is only responsible for ensuring that the product is available to the consumer. The term is also inclusive of “virtualized” products and services, in which the computing resources of a physical machine are split between virtualized computers accessible over the internet (e.g., “virtual private servers”), and “dedicated” products or services in which the total computing resources of a physical machine are provided to a single person (e.g., “bare-metal servers”).
- U.S. IaaS Providermeans any United States person that offers any IaaS product. The Department noted that this definition includes any United States person that is a direct provider of U.S. IaaS products and any of their U.S. resellers.
- Foreign Reseller is defined as a foreign person who has established an IaaS account to provide the IaaS product subsequently, in whole or in part, to a third party.
- Malicious cyber-enabled activities are activities, other than those authorized by or in accordance with U.S. law, that seek to compromise or impair the confidentiality, integrity, or availability of computer, information, or communications systems, networks, physical or virtual infrastructure controlled by computers or information systems, or information resident thereon.
Regulated Activities:
- Customer Identification Program (“CIP”): Each U.S. IaaS provider must maintain and implement a written CIP and must ensure that foreign resellers of their IaaS products also maintain and implement the same. The mechanics of the CIP can vary based on the provider’s size, type of IaaS products offered, and other risks, and can be comprised of documentary or non-documentary verification methods. However, in all cases, the CIP must involve collecting, at a minimum, certain specified information about each potential foreign customer and must include procedures that enable the U.S. IaaS provider or foreign reseller of U.S. IaaS products to form a reasonable belief that it can identify the true identity of each customer, including to determine whether the potential customer and all beneficial owners are U.S. persons. Each U.S. IaaS provider must certify and describe to the Department the implementation of its CIP and that of its foreign resellers of U.S. IaaS products on an annual basis or upon any significant business changes or material changes to a CIP. If the U.S. provider receives evidence showing that a foreign reseller failed to implement a CIP or to make good-faith efforts to prevent its use for U.S. IaaS products for malicious cyber-enabled activities, it must take steps to close the foreign account, report the suspected or actual malicious activity, and terminate the reseller relationship if the issues are not resolved. The Commerce Secretary may exempt any U.S. IaaS provider or foreign reseller from the CIP requirements, subject to a finding that the party has implemented security best practices to otherwise deter abuse of IaaS products.
- Special Measures to Deter Malicious Cyber Activity: Under the Proposed Rule, the Commerce Secretary (the “Secretary”) may require the U.S. IaaS provider to take one of two “special measures,” if the Secretary determines (in accordance with specified determination factors) that reasonable grounds exist to conclude that a foreign jurisdiction or foreign person is conducting malicious cyber-enabled activities using U.S. IaaS products. In deciding to impose a special measure, the Secretary shall consider whether the special measure will create a significant competitive disadvantage for U.S. IaaS providers, whether the special measure would have a significant adverse effect on legitimate business activities regarding the foreign jurisdiction or person in question, and the effect of the special measure on U.S. national security, law enforcement, supply chains, foreign policy, or public health and safety. The special measures are:
- Jurisdiction-based Prohibitions: The Secretary may prohibit or impose conditions on the opening or maintaining of an account with any U.S. IaaS provider or their reseller by any foreign person located in a foreign jurisdiction found to have any significant number of foreign persons offering U.S. IaaS products used for malicious cyber-enabled activities, or by any U.S. IaaS provider of U.S. IaaS products for or on behalf of a foreign person.
- Individual-based Prohibitions: The Secretary may prohibit or impose conditions on the opening or maintaining of an account with any U.S. IaaS provider or their reseller for or on behalf of a foreign person, if such an account involves any foreign person found to be directly obtaining or engaged in a pattern of conduct of obtaining U.S. IaaS products for use in malicious cyber-enabled activities or offering U.S. IaaS products used in malicious cyber-enabled activities.
- Reporting of Large AI Model Training The Proposed Rule would also require U.S. IaaS providers and foreign resellers to submit reports to the Department when they have knowledge of “covered transactions” with foreign persons that result in the use of U.S. IaaS products to train “large AI models with potential capabilities that could be used in malicious cyber-enabled activity.”[1] Specifically, a reportable “covered transaction” is defined as any transaction by, for, or on behalf of a foreign person that results or could result in the training of a large AI model with potential capabilities that could be used in malicious cyber-enabled activity, or any transaction that did not originally result in such training but could now result in such training due to developments or updates in training procedures and model capabilities. The Department also plans to specify the technical specifications for the AI models that are subject to the reporting requirements through future rulemaking. Separate from reporting covered transactions, the Proposed Rule would require IaaS providers to disclose as part of the CIPs the procedures in place for identifying when foreign persons may use AI for malicious cyber-enabled activity. Relatedly, the Department is authorized to evaluate risks associated with the likelihood that an IaaS product or provider may be used for malicious cyber-enabled activity, and recommend remediation measures to address such risks.
Given the wide-ranging implications of the Proposed Rule, including sweeping new information gathering obligations that impact customers, we expect the Proposed Rule will spur significant interest (and potential concerns) among U.S. cloud providers.
[1] The Proposed Rule defines “large AI models” as any AI model that meets the definition of a “dual-use foundation model” or that “otherwise has technical parameters of concern” that enable the AI model to “aid or automate aspects of malicious cyber-enabled activity.” As defined by E.O. 14110, dual-use foundation models refer to models that are trained on broad data, applicable in a wide range of contexts, contain tens of billions of parameters, and able to perform tasks that pose serious risks to security.