2024-2025 Global AI Trends Guide
The U.S. Department of Commerce (Commerce) issued a notice of proposed rulemaking (NPRM) aimed at reducing the risk of malicious foreign interference in U.S. cloud services and threat actors’ use of cloud services to develop sophisticated AI models. The NPRM would (1) require Infrastructure as a Service (IaaS) providers and their foreign resellers to implement and maintain a Customer Identification Program (CIP), unless they have an exemption; (2) authorize special measures Commerce may use to restrict foreign access to U.S. IaaS products; and (3) require U.S. IaaS providers and their foreign resellers to report to Commerce whenever a foreign person transacts with them to train a large AI model that could potentially be used for malicious cyber activities. Commerce is accepting comments until April 29, 2024.
The NPRM proposes regulations to implement directives issued to the Secretary of Commerce by two executive orders. Executive Order 13984 directed Commerce to propose regulations for U.S. IaaS providers to verify the identity of their foreign customers and empowered Commerce to grant exemptions, establish recordkeeping requirements, and restrict foreign malicious actors’ access to U.S. IaaS products. Executive Order 14110 extended the identity verification requirements to U.S. IaaS providers’ foreign resellers and directed Commerce to require U.S. IaaS providers to report to Commerce whenever a foreign person contracts with them to train a large AI model with potential capabilities that could be used for malicious cyber activities.
The proposed rules would require all U.S. IaaS providers to implement and maintain a written CIP tailored to the providers’ size, portfolio of IaaS products, and product and customer risk profiles. The requirements also apply to resellers of U.S. IaaS products. Resellers of U.S. IaaS products may enter into an agreement to reference, use, or adopt the initial U.S. IaaS provider’s CIP. Moreover, U.S. IaaS providers would need to ensure that their foreign resellers implement and maintain a written CIP.
Akin to financial institutions' “Know Your Customer” (KYC) obligations, which requires obtaining information about a customer and its business, the proposed CIP requirement would have providers verify the information such that they can develop a reasonable belief that they know the true identity of each customer.
The primary goals of the proposed CIP are to (1) determine which customers are U.S. persons and (2) verify the true identity of foreign customers. To that end, the proposed CIP must include risk-based procedures for identity verification sufficient to allow a U.S. IaaS provider to form a reasonable belief that it knows each foreign customer’s true identity. It must outline a process to ascertain whether a potential customer and all its beneficial owners are U.S. persons, as well as procedures that describe which identifying information will be collected from potential customers and their beneficial owners to determine whether they are U.S. persons. The procedures and collected information must be sufficient for U.S. IaaS providers to form a sound basis for their determination and reflect reasonable due diligence. The minimum information collection requirements include name, address, means and source of payment for the accounts, email address, telephone contact information, and internet protocol addresses used for access and administration of an account.
The proposed CIP must perform these functions:
Contain procedures for verifying all collected data, including descriptions of all documentary and/or non-documentary methods used for verification.
Include additional verification measures, such as signatories, to be used when a U.S. IaaS provider determines that the usual verification measures are inadequate or doubts the true identity of the potential customer based on the available information. If a U.S. IaaS provider verifies that a potential customer and all beneficial owners are U.S. persons, no further requirements apply.
Address situations in which verification is not possible, describing circumstances when the IaaS provider will decline to open, restrict, or require additional monitoring for an account, or implement other measures to ensure its products are not used for malicious cyber activity.
Provide for periodic reviews to ensure continued verification of customer information, including procedures for customers to notify the IaaS provider when a new beneficial owner is added to their account.
Use procedures to ensure appropriate recordkeeping for all materials and documents collected pursuant to the process. U.S. IaaS providers must retain these records for at least two years from an account’s closure or last access.
Include procedures to limit third-party access to the records.
Under the NPRM, U.S. IaaS providers would be required to ensure that each of their foreign resellers maintains and implements a written CIP that satisfies all components of the rule. They must furnish a foreign reseller’s written CIP to Commerce within 10 days of a request, using the same certification process that they use to notify Commerce about their own CIP.
U.S. IaaS providers would also need to investigate any evidence that a foreign reseller failed to implement or maintain a CIP or make good faith efforts to prevent malicious cyber-enabled activities. Upon finding that a foreign reseller lacks an appropriate CIP or engages in or allows suspected or actual malicious cyber activities, the provider would have to take steps to close the foreign reseller’s account and report any malicious activities to the authorities. If the foreign reseller fails to remediate identified issues or increases the risk of malicious cyber-enabled activities, the U.S. IaaS provider would have 30 calendar days to terminate the relationship.
U.S. IaaS providers would also need to submit to Commerce annual certifications about their CIP and the CIPs of their foreign resellers. The certification form would include:
A description of the mechanisms, technologies and procedures used in the CIP, including verification of foreign resellers’ identity, detection of malicious cyber activity, oversight of foreign resellers CIPs, and identification of large language model transactions;
Information about product offerings, including the customer base in foreign jurisdictions, personnel, methods for detecting malicious cyber activities and training runs for large AI models, and foreign customer information.
The certification would also include an attestation that (1) the CIP has been reviewed and updated to address changes in product offerings and the threat landscape, (2) the CIP remained in compliance with the rules, and (3) the IaaS provider was tracking and resolving any identity verification lapses.
In addition, U.S. IaaS providers would need to update Commerce when a significant change in business operations or corporate structure, a material change to a CIP, or a change to the primary contact responsible for its CIP or the CIP of one of its foreign resellers.
The proposed rules would give Commerce authority to request from a U.S. IaaS provider a copy of its CIP or any of its foreign resellers’ CIPs. If Commerce determined that a CIP was inadequate, it could assign special security measures and require the U.S. IaaS provider to resolve any shortcomings.
Commerce would also have authority to:
Review information submitted in annual CIP certification forms and conduct compliance assessments at its discretion.
Conduct follow-up assessments to ensure remediation or request audits of U.S. IaaS providers’ CIP processes and procedures.
Recommend remediation measures or special measures provided in the proposed rules.
Review transactions involving large AI model training.
The proposed rules would allow Commerce to exempt any U.S. IaaS provider, account or lessee, or foreign reseller from the CIP requirements upon a determination that the entity implements security best practices to deter abuse of IaaS products as demonstrated by the establishment and effective administration of an Abuse of IaaS Products Deterrence Program (ADP).
A U.S. IaaS provider would initiate a request for exemption for itself or on behalf of its foreign resellers with a written, electronic submission to Commerce describing the ADP. After evaluating a request, Commerce could issue an exemption in consultation with other defense and national security agencies. U.S. IaaS providers and their foreign resellers would be responsible for updating their ADPs in response to the changing threat landscape and providing annual notifications to Commerce, which could revoke exemptions at any time.
The proposed rules would authorize Commerce, in consultation with other agencies, to impose special measures on a U.S. IaaS provider based on a determination that (1) a foreign jurisdiction has a significant number of foreign persons offering or directly obtaining U.S. IaaS products for malicious cyber activities or (2) a foreign person has established a pattern of offering or directly obtaining U.S. IaaS products for use in malicious cyber activities. Special measures would prohibit or impose conditions on the opening or maintaining of an account, including a reseller account, by (1) any foreign person located in a foreign jurisdiction known for malicious cyber activities or (2) a foreign person found to have used U.S. IaaS products for malicious cyber activities.
The proposed rules would require U.S. IaaS providers to notify Commerce of any transaction by, for, or on behalf of a foreign person involving the training of a large AI model that could potentially be used for malicious cyber activities. A U.S. IaaS provider would have to submit an initial report to Commerce within 15 calendar days of a covered transaction, or when it gained knowledge of the transaction, that would include name and contact information for the foreign person or entity, payment information, and information about the AI model and training run.
Foreign resellers would be required to submit a report to their U.S. IaaS provider within 15 days of a covered transaction or when they gained knowledge of the transaction, following the same form as the IaaS providers initial report. U.S. IaaS providers would then have to submit the foreign reseller’s report to Commerce within 30 days of the covered transaction.
Commerce would have the authority to require follow-up reports and corrected reports from U.S. IaaS providers and their foreign resellers, as well as the authority to request additional information about activities or risks that present national security concerns.
The proposed rules include significant new obligations for U.S. IaaS providers, as well as their foreign resellers. U.S. IaaS providers should assess their current practices in relation to the proposed rules to identify potential opportunities. Companies should also consider whether there are logistical or structural impediments to compliance with the rules if adopted and the potential costs associated with compliance. The NPRM provides an opportunity for industry to help Commerce develop a robust record that reflects a variety of stakeholder views before adopting final rules. Commerce is accepting comments until April 29, 2024.
Authored by Katy Milner, Mark Brennan, Ryan Thompson, Ambia Harper, Liz Boison, Ajay Kuntamukkala, and Annika Lichtenbaum.