Photo of Ingrid Price

Ingrid Price

Ingrid Price advises clients on a range of national security matters including cross border investment, supply chain security, and public policy. She regularly represents clients worldwide seeking national security approval for foreign investments before the Committee on Foreign Investment in the United States (CFIUS) and in proceedings related to the mitigation of foreign ownership, control, or influence (FOCI). She also advises clients on the implications of the new Information and Communication Technologies and Services (ICTS) Rule, particularly with respect to how it may impact technology companies going forward.

Drawing on her experience as in-house counsel where she directly counseled business leaders, engineers and operations teams on security and compliance matters, Ingrid maintains a client-centered perspective as she helps guide them through the national security regulatory processes. She has successfully represented numerous clients in gaining CFIUS approval across various technology sectors, including AI, mobile applications, software, telecommunications, and robotics, in addition to clients across other industries ranging from financial services to energy and real estate. Ingrid also has significant experience negotiating agreements on behalf of clients with the U.S. government to mitigate national security concerns in connection with achieving CFIUS approval, including several agreements specifically focused on data protection.

Prior to joining Covington, Ingrid clerked for Chief Judge James E. Baker of the U.S. Court of Appeals for the Armed Forces. She also served as in-house counsel on law enforcement matters, security operations, and communications products at Amazon Web Services before returning to Covington as Special Counsel.

On January 29, 2024, the Department of Commerce (“Department”) published a proposed rule (“Proposed Rule”) to require providers and foreign resellers of U.S. Infrastructure-as-a-Service (“IaaS”) products to (i) verify the identity of their foreign customers and (ii) notify the Department when a foreign person transacts with that provider or reseller to train a large artificial intelligence (“AI”) model with potential capabilities that could be used in malicious cyber-enabled activity. The proposed rule also contemplates that the Department may impose special measures to be undertaken by U.S. IaaS providers to deter foreign malicious cyber actors’ use of U.S. IaaS products.  The accompanying request for comments has a deadline of April 29, 2024.

The Proposed Rule would effectuate many of the requirements laid out in the Executive Order on Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities (“E.O. 13984”).  E.O. 13984, issued three years prior to the Proposed Rule, set in motion requirements for IaaS providers to enact certain customer identity verification procedures and take special measures to prevent their services from being used by foreign actors for malicious cyber-enabled activities.  The AI provisions of the Proposed Rule stem from the more recent Executive Order on Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (“E.O. 14110″), issued on October 30, 2023, which directed the Department to propose regulations for U.S. IaaS providers to (i) submit reports to the Department when a customer transacts with the provider to train an AI model that could be used for malicious cyber-enabled activities and (ii) ensure foreign resellers of IaaS products also conduct identity verification of foreign account holders.

The proposed regulations are further explained and summarized below:Continue Reading Department of Commerce Issues Proposed Rule to Regulate Infrastructure-as-a-Service Providers and Resellers