U.S. Department of Commerce Issues Proposed Rule Impacting AI and U.S. IaaS Providers to Counter Foreign Malicious Actors

Overview                                                                                                                              

On January 29, 2024, the Bureau of Industry and Security (BIS) at the U.S. Department of Commerce issued a new proposed regulatory rule (the “Proposed Rule”), which will impose significant diligence, monitoring, and reporting requirements on U.S. Infrastructure-as-a-Service (IaaS) providers and foreign resellers of U.S. IaaS products. 

The Proposed Rule: 

• Aims to address the risk of malicious foreign actors exploiting U.S. cloud infrastructure to create large Artificial Intelligence (AI) models with potential capabilities that may be used to attack U.S. critical infrastructure or other national security interests (Large AI Models).
• Implements authority under recent executive orders targeting cybersecurity and AI. 
• Extends to the cloud computing context of the U.S. government’s broader strategy of seeking to deny malicious foreign actors access to critical technologies, specifically including advanced computing technologies that enable AI. 
• Requires U.S. IaaS providers and their foreign resellers to implement a Customer Identification Program (CIP) and report to the U.S. government instances where a foreign customer could use U.S. IaaS products to train a Large AI Model.
• The Proposed Rule authorizes civil and criminal enforcement actions. 
• On its face, does not apply to non-U.S. IaaS providers, but likely will have a significant impact on any provider, reseller, or customer of U.S. technology-enabled cloud solutions because it communicates BIS expectations with regard to customer diligence, will be a platform to define Large AI Models, and will establish a baseline regulatory playing field across the IaaS and broader advanced computing/AI cloud services industry. 

Industry comments on the Proposed Rule are due for submission to BIS by April 29, 2024. 

The balance of this client alert describes key elements of the Proposed Rule and how Ankura can assist clients and counsel considering how to navigate the consequent regulatory requirements and risks.

Proposed Rule Key Elements

Four elements of the Proposed Rule are likely to particularly impact IaaS providers, resellers, and customers: 

• Customer Identification Program (CIP)
  • U.S. IaaS providers and their foreign resellers will be required to implement a risk-based CIP, including the requirement to collect sufficient Know Your Customer (KYC) information to verify customer identity. Minimum customer information includes: customer name, address, the means and source of payment for each customer account, email addresses and telephone numbers, and internet protocol (IP) addresses used for access or administration of the account. 
  • Under certain conditions (described further below) information about relevant non-U.S. customers will be reported to the U.S. government.
  • U.S. IaaS providers will be required to submit annual CIP certifications for themselves and their foreign resellers. The U.S. government also is authorized to inspect and require measures to address any shortcomings in the written CIPs. 
  • U.S. IaaS providers will be accountable for ensuring their foreign resellers’ compliance with the CIP, including the responsibility to investigate failures, remediate such failures, and terminate commercial relationships in appropriate circumstances.
  • BIS is authorized to exempt a U.S. IaaS provider, foreign reseller, or customer from the CIP requirement where the agency finds that the relevant party has implemented security best practices to prevent exploitation of U.S. IaaS products.    
  • Reporting Foreign Customer Large AI Model Training.
  • U.S. IaaS providers and their foreign resellers will be required to report to the U.S. government when “a transaction by, for, or on behalf of a foreign person… results or could result in the training of a [Large AI Model]’ or in which “a development or update in the arrangements” could result in the training of a Large AI Model. 
• Large AI Model Definition
  • The Proposed Rule defines “Large AI Model” as “any AI model with the technical conditions of a dual-use foundation model, or that otherwise has technical parameters of concern, that has capabilities that could be used to aid or automate aspects of malicious cyber-enabled activity, including but not limited to social engineering attacks, vulnerability discovery, denial-of-service attacks, data poisoning, target selection and prioritization, disinformation or misinformation generation and/or propagation, and remote command-and-control, as necessary and appropriate of cyber operations.”
  • The Proposed Rule further states that BIS will define and publish the “set of technical conditions” for a Large AI Model to have potential capabilities that could be used in malicious cyber-enabled activity. “Such technical conditions may include the compute used to pre-train the model exceeding a specified quantity.”
• IaaS Product Definition
  • The Proposed Rule defines “IaaS Product” as any product or service “that provides processing, storage, networks, or other fundamental computing resources, and with which the consumer is able to deploy and run software that is not predefined, including operating systems and applications.”
  • “The term is inclusive of “managed” products or services, in which the provider is responsible for some aspects of system configuration or maintenance, and “unmanaged” products or services, in which the provider is only responsible for ensuring that the product is available to the consumer. The term is also inclusive of “virtualized” products and services, in which the computing resources of a physical machine are split between virtualized computers accessible over the internet (e.g., “virtual private servers”), and “dedicated” products or services in which the total computing resources of a physical machine are provided to a single person (e.g., “bare-metal servers”).”
• BIS Prohibition and Special Conditions
  • When the U.S. government determines that a foreign jurisdiction or person is using U.S. IaaS to enable malicious cyber activities, the Proposed Rule authorizes it to require U.S. IaaS providers to prohibit or impose conditions on relevant customers or potential customers. 

Implications

As implementation of the Proposed Rule approaches, U.S. IaaS providers and their foreign resellers will need to take several actions to comply, including (among others):

• Develop, document, and implement a CIP;
• For U.S. IaaS providers, ensure that resellers implement and make their CIPs available;
• Implement CIP certification program;
• Evaluate and implement IaaS security requirements enabling a CIP exemption;
• Implement an approach for identifying and reporting foreign customer Large AI Model training;
• Develop an approach for complying with BIS IaaS prohibitions and special conditions; and
• Engage with customers and foreign resellers to appropriately adjust expectations, relationships, and relevant contractual terms.    

More broadly, Ankura anticipates that the Proposed Rule will have significant effects across the U.S. technology-enabled cloud solutions market because it communicates BIS expectations with regard to customer diligence, will be a platform to technically define Large AI Models (which almost certainly will be subject to heightened regulatory controls and scrutiny), and will establish a baseline regulatory playing field across the IaaS and broader advanced computing/AI-enabling cloud services industry. 

How Ankura Can Help

Ankura’s National Security, Technology, and Trade Controls team has on-point experience helping IaaS and other cloud service providers navigate requirements and risks at the intersection of international trade controls, information security, and business needs. Our multi-disciplinary experts work with clients, counsel, and partners to deliver market-leading, technology-integrated solutions, including:

• CIP and KYC Program Development and Implementation: Ankura has extensive experience developing written policies and procedures, implementing diligence and red flag detection programs, integrating diligence automation solutions, and helping navigate third-party risk.
• IaaS and Cloud Solutions Compliance and Security: Ankura has developed industry-leading compliance and security programs addressing the complete cloud solutions ecosystem, from data center security and access control to regulated technology compliance, to security architecture, and secure software development (DevSecOps), to product controls and security features. Ankura benchmarks industry and regulatory standards and best practices, including (among others) relevant NIST SP 800-53, NIST SP 800-223, NIST AI RMF, NIST CSF, FedRAMP, ISO/IEC 27001, and relevant trade compliance guidance, to deliver trusted, practical compliance and security programs. 
• FedRAMP Advisory Services: Ankura’s cybersecurity experts have experience working with cloud service providers since the inception of the FedRAMP program. The Ankura FedRAMP team has successfully supported organizations to achieve FedRAMP authorization. Ankura’s FedRAMP services include (i) identification of security gaps; (ii) remediation support including providing technical advisory in order to design and maintain a secure government cloud; (iii) preparation of the organization's system security plans, policies, procedures, plans of action and milestones (POA&Ms); and (iv) and providing technical advisory support necessary to achieve FedRAMP ATO.
• HPC Security Architecture Advisory: Ankura has worked with clients who develop and provide AI services to implement High-Performance Computing (HPC) systems in bare-metal and cloud environments and to ensure system environments meet U.S. export control requirements as well as customer AI performance requirements. Ankura’s technical experts have advised on export-controlled AI technology transfers worth over $30 billion.
• Incident Response Preparation: Ankura has worked with clients across industries to develop robust incident response plans necessary to meet U.S. government incident response and reporting requirements. Ankura works with clients and counsel to test incident response plans through tabletop exercises and network penetration testing.
• Digital Forensics and Incident Response (DFIR): Ankura has an industry-leading DFIR team that has been engaged by companies subject to national security incident reporting requirements. Ankura’s DFIR services include providing rapid digital forensics to determine the scope and scale of cyber intrusions and whether this triggered U.S. government reporting requirements.

Relevant Previous Publications on the Federal Register

• “Taking Additional Steps to Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities” | Executive Order 13984 of January 19, 2021 | Secretary of Commerce directed to propose regulations requiring U.S. Infrastructure as a Service providers of IaaS products to verify the identity of their foreign customers.
• “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence” | Executive Order 14110 of October 30, 2023 | Secretary directed to propose regulations that require providers of certain IaaS products to submit a report to the Secretary when a foreign person transacts with that provider or reseller to train a large Artificial Intelligence (AI) model with potential capabilities that could be used in malicious cyber-enabled activity.

Proposed Rule KEY Terms and Definitions

^{© Copyright 2024. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.}