IaaS providers would need to verify foreign users' identities (aka "know your customer") and report certain AI model training activities under the proposed rules
The U.S. Department of Commerce's ("Commerce") Bureau of Industry and Security ("BIS") has issued a proposed rule (the "Proposed Rule") that would impose significant diligence, reporting, and recordkeeping requirements on U.S. providers of Infrastructure as a Service (IaaS) and their foreign resellers. IaaS is generally considered to be a cloud computing model that provides users with remote access to servers, storage, networking, and virtualization.
The Proposed Rule would require U.S. IaaS providers to:
- Implement and maintain a "Customer Identification Program" (CIP), which must include detailed know-your-customer (KYC) procedures for identifying and reporting foreign customers to Commerce; and
- Report transactions involving foreign persons that "could result in the training of a large AI model with potential capabilities that could be used in malicious cyber-enabled activity."
BIS has requested public comment on "all aspects of the proposed rule" and specifically has requested comments on various topics. Comments are due by April 29, 2024, and may be submitted via the Federal eRulemaking Portal.
The Proposed Rule implements mandates from two Executive Orders: E.O. 13984, "Taking Additional Steps To Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities," ("E.O. 13984"), and E.O. 14110, "Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence" ("E.O. 14110" or the "AI E.O."). The Proposed Rule also echoes a broader initiative by the Biden-Harris Administration to bring about "fundamental changes to the underlying dynamics of the digital ecosystem" as outlined in the Administration's National Cybersecurity Strategy ("NCS") released in Spring 2023 (for additional information on the NCS, see DWT's coverage here.). Among other things, the NCS directs the federal government to implement E.O. 13984 by developing KYC-style requirements for IaaS providers.
U.S. Providers of IaaS Products
The Proposed Rule defines covered "U.S. IaaS providers" as "any United States person that offers an IaaS product." "IaaS product" is defined broadly as:
[A] product or service offered to a consumer . . . that provides processing, storage, networks, or other fundamental computing resources, and with which the consumer is able to deploy and run software that is not predefined, including operating systems and applications. The consumer typically does not manage or control most of the underlying hardware but has control over the operating systems, storage, and any deployed applications.
"IaaS product" is defined to include both "virtualized" offerings that are typical of products described as "IaaS," where multiple customers use virtualized servers hosted on a single machine, as well as "dedicated" offerings typical of managed data centers, where the provider hosts computers dedicated to serving a single client. As described in further detail below, U.S. IaaS providers are responsible under the Proposed Rule both for their own compliance and the compliance of their "foreign resellers." Foreign resellers are defined to mean a foreign person who has established a formal business relationship with a U.S. IaaS provider to resell that provider's IaaS product to third parties.
Customer Identification Program and KYC Requirements
E.O. 13984, issued by President Trump in January 2021, directs Commerce to propose requirements for U.S. IaaS providers to verify the identity of foreign persons who sign up for or maintain accounts to use the providers' IaaS products. Among other things, the E.O. also provides Commerce with authority to exempt U.S. IaaS providers from customer verification requirements based on requirements to be enumerated and to restrict U.S. IaaS providers and their resellers from offering IaaS products to foreign persons or in foreign jurisdictions associated with "malicious cyber-enabled activities."
Customer Identification Program
The Proposed Rule would implement E.O. 13984, including by requiring U.S. IaaS providers and their foreign resellers to develop and maintain a written CIP. The CIP must define how providers and their foreign resellers will determine whether IaaS customers' beneficial owners are U.S. persons, collect and store identifying information about foreign customers, verify foreign customers' identities, and notify customers about the disclosure of identifying information to the federal government.
The Proposed Rule contains a list of minimum requirements regarding information that should be collected—customer's name, address, the means and source of payment for each customer's account, email addresses and telephone numbers, and internet protocol (IP) addresses used for access or administration of the account Commerce is specifically seeking comment on what forms of identification, such as digital or technology-based identification, should be included as an acceptable means by which IaaS providers may verify customers' identities. Commerce also notes that the CIP must be appropriately tailored to the IaaS provider's size, general risks, and type of products offered.
Commerce believes that many of these steps are already being taken by IaaS providers but seeks comments on the costs associated with establishing such a program.
Foreign reseller requirements
The CIP requirements extend to foreign resellers of U.S. IaaS, which also must maintain a written CIP. Under the Proposed Rule, enforcement of the CIP requirements on foreign resellers rests squarely with the U.S. IaaS provider—there are no direct mechanisms for enforcement by the federal government for foreign resellers. Because of this, failure to comply may result in termination of the reseller relationship.
Reporting requirements
The Proposed Rule would require initial and annual submissions to Commerce. The submissions would detail aspects of providers' CIPs and that they have reviewed their CIP and adjusted it to account for changes to the threat landscape. The submission would also include an attestation from the U.S. IaaS provider and each of its foreign resellers that their current CIP is compliant and list the frequency with which it was unable to verify the identity of a foreign customer in the prior calendar year and the number of times the provider refused to open an account. Commerce has requested comments on the specifics of the annual attestations. All U.S. IaaS providers would also be required to provide a copy of their CIP—and any of its foreign resellers' CIPs—to Commerce upon request. If any shortcomings are identified, Commerce may require remediation and resubmission of the CIP.
Additionally, IaaS providers must notify Commerce when (1) a significant change in business operations or corporate structure has occurred or a material change to a CIP has been implemented, or (2) there is a change in its or any of its foreign resellers' primary contact responsible for the CIP.
Special Measures
If Commerce determines that a foreign jurisdiction or foreign person is conducting malicious cyber-enabled activities using U.S. IaaS products, they may require "special measures" which could include prohibitions or conditions on certain foreign persons or jurisdictions. Commerce is seeking comments regarding the considerations taken before taking special measures.
Exemptions
Commerce may exempt any provider, any specific type of IaaS account, or any specific foreign reseller from the Proposed Rule. Exemptions could be granted where a provider, its foreign reseller, or IaaS account demonstrates that it implements security best practices to otherwise deter abuse of IaaS products.
AI Reporting Requirements
The AI E.O. directs Commerce to require U.S. IaaS providers to ensure that their foreign resellers verify the identity of foreign users and authorizes the agency to adopt reporting requirements when U.S. IaaS providers provide foreign persons the ability to train a "large AI model with potential capabilities that could be used in malicious cyber-enabled activity." The Proposed Rule currently defines the scope of the AI model with potential capabilities that could be used in malicious cyber-enabled activity as any "with the technical conditions of a dual-use foundation model or that otherwise has technical parameters of concern, that has capabilities that could be used to aid or automate aspects of malicious cyber-enabled activity, including but not limited to social engineering attacks, vulnerability discovery, denial-of-service attacks, data poisoning, target selection and prioritization, disinformation or misinformation generation and/or propagation, and remote command-and-control of cyber operations." As discussed below, Commerce is seeking comment on this definition and its applicability.
Reporting of large AI model training
The Proposed Rule outlines a process for U.S. IaaS providers to report to Commerce when they have "knowledge" that they will engage or have engaged in certain "covered" transactions with a foreign person that could allow that foreign person to train a "large AI model with potential capabilities that could be used in malicious cyber-enabled activity." Commerce is seeking comment on the definition of a "large AI model . . . that could be used in malicious cyber-enabled activity" and on what red flags, if any, Commerce should adopt that would create a presumption that a foreign person is training a model. The Proposed Rule would also require U.S. IaaS providers to require that their foreign resellers submit the same report when such entities have "knowledge" of a covered transaction occurring or the provider or reseller having "knowledge" that a covered transaction has occurred.
"Covered transactions" are defined as any transaction "by, for, or on behalf of a foreign person": (1) "which results or could result in the training of a large AI model with potential malicious cyber-enabled activities"; or, (2)"in which the original arrangements provided for in the terms of the transaction would not result in a training of a large AI model with potential capabilities that could be used in malicious cyber-enabled activity, but a development or update in the arrangements means the transaction now does or could result in the training of a large AI model with potential capabilities that could be used in malicious cyber-enabled activity." (emphasis added). These reports concerning "covered" transactions must disclose the existence of a training run meeting the above requirements, as well as specific identifying information about the training run (i.e., the customer's name, address, the means and source of payment for the customer's account, email addresses, telephone numbers, and IP addresses).
In conjunction with the Proposed Rule, Commerce would define a set of technical conditions that a large AI model must possess in order to have the potential capabilities that could be used in malicious cyber-enabled activity. These technical conditions would be a binding interpretation of what constitutes a "large AI model with potential capabilities that could be used in malicious cyber-enabled activity" for purpose of the Proposed Rule.
Penalties
Violations of the proposed regulations would result in a civil penalty not to exceed the greater of $250,000 per violation, or an amount that is twice the amount of the transaction that is the basis of the violation with respect to which the penalty is imposed. Criminal penalties may be imposed on a person who willfully attempts or conspires to violate the Proposed Rule, which may not exceed $1,000,000, and subject the individual to imprisonment for up to 20 years.
[View source.]