Monitoring China’s AI Ambitions: U.S. Considering Mandate for Cloud Platforms to Disclose Rental of Resources to Foreign Actors

35

US-based infrastructure-as-a-service (IaaS) providers may soon face enhanced know-your-customer (KYC) requirements to prevent foreign entities from leveraging their infrastructure for training AI models. The proposed regulation, released by the US Department of Commerce, mandates that certain IaaS providers report to the commerce secretary when foreign individuals use their services to train large AI models with potential applications in malicious cyber activities.

The draft defines relevant models as those with technical conditions resembling dual-use foundation models or exhibiting parameters of concern capable of aiding malicious cyber-enabled activities. Such activities encompass social engineering attacks, vulnerability exploration, denial-of-service attacks, data poisoning, target selection, prioritization, disinformation campaigns, and remote command and control.

Read More: Tech Job Cuts Set to Surpass Last Year’s Numbers Following Another Challenging Week

Operators must report any such activities within 15 calendar days, and they are required to retain data on customers engaging in such activities for two years. The regulation acknowledges the difficulty in tracking foreign malicious cyber actors and highlights the complicating role played by foreign resellers of IaaS services in thwarting US law enforcement efforts.

The proposed Customer Information Program (CIP) compels IaaS operators to identify users and ensure that foreign resellers adopt similar KYC measures or, at the very least, make “all reasonable efforts” to do so.

While the regulation does not explicitly mention specific entities, Commerce Secretary Gina Raimondo explicitly named China as a concern in an interview with Reuters. Raimondo emphasized the need to prevent non-state actors or China from accessing US cloud services to train their models.

Raimondo pointed out that the US government imposes export controls on the chips rented by IaaS operators, suggesting the need to close this avenue to potential malicious activities. October’s export restrictions already limit the sale of technologies crucial for advanced AI deployments, including data centers, to China.

At an AI and innovation event last week, former US Secretary of State Condoleezza Rice echoed concerns about China’s ambitions in the technology race. She emphasized China’s unique status as an adversary seeking to displace the United States in the realm of fundamental and transformative technologies, underscoring the importance of protecting intellectual property.

While China remains a primary focus, recent reports suggest that North Korea might already be leveraging rented AI infrastructure, potentially for military purposes. This underscores the broader challenge the United States faces in safeguarding its technological assets from a range of adversaries.