The proposed regulation also requires IaaS operators to retain data on customers undertaking such activity for two years. The regulation aims to curb foreign malicious cyber actors using US IaaS products, which are hard to track, especially when foreign resellers of IaaS services are involved. The regulation does not mention any specific entities, but Commerce Secretary Gina Raimondo named China in an interview as a concern.
Key takeaways:
- The US Department of Commerce has proposed a regulation that would require US-based infrastructure-as-a-service (IaaS) operators to strengthen know-your-customer (KYC) procedures to prevent foreign actors from using their services to train AI models for malicious cyber activities.
- The proposed regulation would require IaaS providers to report any foreign person using their services for potentially malicious AI training within 15 days, and retain data on such customers for two years.
- The regulation is aimed at making it harder for foreign malicious cyber actors to use US IaaS products and for foreign resellers of IaaS services to evade US law enforcement.
- While the document does not name specific entities, Commerce Secretary Gina Raimondo mentioned China as a concern in a recent interview, suggesting the need to prevent unwanted actors from accessing US cloud services for their AI model training.