New Know-Your-Customer and Reporting Rules Proposed for Cloud Providers: Five Key Takeaways

Last week, the U.S. Department of Commerce published a notice of proposed rulemaking (NPRM) implementing Executive Orders (EO) 13984 and 14110 to prevent “foreign malicious cyber actors” from accessing U.S. infrastructure as a service products1 (IaaS Rule). The IaaS Rule seeks to strengthen the U.S. government’s ability to track “foreign malicious cyber actors” who have relied on U.S. IaaS products to steal intellectual property and sensitive data, engage in espionage activities, and threaten national security by attacking critical infrastructure.

Specifically, the proposed IaaS Rule does two things:

1) It directs U.S. IaaS providers of U.S.-based or U.S.-owned IaaS products to implement customer identification programs (CIPs) to verify the identities of their foreign customers, including initial and annual reporting on their (and their foreign resellers’) CIPs and any failures to verify foreign accounts. The IaaS Rule also allows for the Department of Commerce to conduct compliance assessments and audit CIPs, grant exemptions to CIP-related requirements, and institute “special measures” against foreign jurisdictions or persons determined to be conducting malicious cyber-enabled activities.

2) It requires U.S. IaaS providers to report transactions with foreign persons for IaaS services worldwide that could result in training large AI models with potential capabilities that could be used in “malicious cyber-enabled activity.”

Here are our five key takeaways:

1. The United States continues to expand restrictions on foreign access to advanced computing technologies, with a focus on China.

The IaaS Rule is part of the U.S. government’s overall strategy to prevent China from obtaining advanced computing capabilities due to concerns over China’s ability to use such technologies and products for military, intelligence, surveillance, and cyber-enabled activities.2 To limit China’s ability to build indigenous capabilities using U.S. technologies, in 2022 the Department of Commerce issued sweeping export controls on China for advanced computing items as well as equipment to produce such items. The Department of Commerce refined these export controls in October 2023 (see our Sidley Update), and additional clarifications and adjustments are expected in the coming weeks. The Department of the Treasury aims to restrict U.S. funding of China’s advanced computing and AI industry through proposed outbound investment restrictions published in August 2023 (see our Sidley Update). Nevertheless, these efforts do not address China’s unrestricted access to advanced computing capabilities via U.S. IaaS providers, through which China can “lease” access to technologies otherwise restricted by the above regulations. The IaaS Rule appears to target this gap.

Although China is not specifically mentioned in the IaaS Rule, the Secretary of Commerce may implement “special measures,” such as prohibitions or restrictions, not only on malicious persons but also on jurisdictions the Secretary determines have a significant number of foreign persons who either offer or directly use U.S. IaaS products for malicious cyber-enabled activities. These evaluations may be self-initiated or based on referrals from other government agencies or U.S. IaaS providers. Notably, the U.S.’s cyberdefense agency currently identifies China, Russia, North Korea, and Iran as nation-state cyberadversaries.3

2. There is new activity from the Office of Information and Communications Technology and Services — and we should expect more.

The IaaS Rule was issued by the Office of Information and Communications Technology and Services (OICTS). OICTS sits within the Department of Commerce Bureau of Industry and Security and is charged with administering programs focused on protecting domestic information and communications systems, pursuant to several executive orders. Although the initial executive order was issued in May 2019, the Department of Commerce did not publish implementing regulations until 2021 (see Sidley Update). These regulations focus on review of domestic ICTS supply chains involving China, Hong Kong, or Macau to protect U.S. national security. To date, there has been limited regulatory and enforcement activity by OICTS. However, the hire last month of an Executive Director to lead OICTS and the expansion of responsibility under the IaaS Rule indicate a more active OICTS going forward.

3. U.S. IaaS providers will be required to report the training of large AI models. 

The proposed IaaS Rule includes a provision requiring U.S. IaaS providers and their foreign resellers to report when they have knowledge4 that a transaction with a foreign person results in or could result in training a large AI model with capabilities that could be used in malicious cyber-enabled activity.U.S. IaaS providers are prohibited from providing products to foreign resellers unless they have made all reasonable efforts to ensure the reseller’s compliance with these reporting requirements. The regulations seek to define “large AI model with potential capabilities that could be used in malicious cyber-enabled activity.”6 After the rule is finalized, the Department will continue to update the definition as the technology continues to evolve.

4. There will be increased compliance costs and risks for U.S. IaaS providers. 

U.S. IaaS providers and their resellers should begin planning their CIPs. The programs must include the collection of Know Your Customer (KYC)  information and identity verification procedures for foreign account owners and foreign beneficial owners. U.S. IaaS providers should note that the Office of Foreign Asset Control will expect providers to use this information for U.S. sanctions compliance, meaning that providers should screen user information and compare it against relevant sanctions lists to ensure that they are not providing services to sanctioned countries or persons. IaaS providers are permitted to develop their own risk-based CIPs, based on factors such as the services offered and customer bases, provided the programs still satisfy the minimum requirements.

Given the expected burden, the Department of Commerce is anticipating a one-year period after the publication of the final rule to permit IaaS providers to implement CIPs. Notably, the Department may provide exemptions from the CIP requirements upon satisfaction of certain standards and procedures, which can include implementing security best practices to otherwise deter abuse of IaaS products. This exemption does not extend to the requirement to report large AI model training.

These new requirements also present new risks. First, the affirmative reporting requirements could result in violations for administrative errors. Second, the Department of Commerce can conduct compliance assessments and audits of U.S. IaaS providers depending on risks the Department perceives based on the CIP, U.S. provider, or a foreign reseller and impose remediation measures or penalties. Finally, U.S. IaaS providers will be responsible for ensuring that foreign resellers are complying with these requirements.

Violations of these requirements are subject to civil and criminal penalties under the International Emergency Economic Powers Act. Maximum civil penalties are $250,000 per violation or twice the amount of the transaction that is the basis of the violation, whichever is higher. Criminal penalties for willful actions are up to $1 million, up to 20 years in prison, or both.

5. The IaaS Rule is not yet final, so industry has an opportunity to shape these requirements.

Importantly, the IaaS Rule is not yet in effect, and the final regulations may differ. Industry can comment on all aspects of the rule; however, the Department of Commerce is specifically seeking industry feedback on certain provisions, including the efficacy of the proposed data collection requirements, identity verification methods, and definition of key terms, including “large AI model with potential capabilities that could be used in malicious cyber-enabled activity” and “substantial control” for determining beneficial ownership. Industry members should take advantage of the notice and comment period to weigh in on the effectiveness and potential burdens of this proposed regulation. Comments are due by April 29, 2024.

1The regulation defines “[i]nfrastructure as a Service [IaaS] product” as “any product or service offered to a consumer, including complimentary or ‘trial’ offerings, that provides processing, storage, networks, or other fundamental computing resources, and with which the consumer is able to deploy and run software that is not predefined, including operating systems and applications.” According to the proposed definition, when dealing with an IaaS product, “[t]he consumer typically does not manage or control most of the underlying hardware but has control over the operating systems, storage, and any deployed applications.” “IaaS products” include “both ‘managed’ products or services, in which the provider is responsible for some aspects of system configuration or maintenance, and ‘unmanaged’ products or services, in which the provider is only responsible for ensuring that the product is available to the consumer.” See 89 FR 5698, 5726.

2 15 CFR § 7.4.

3 See Nation-State Cyber Actors, U.S. Department of Homeland Security, Cybersecurity & Infrastructure Security Agency,

4 Defined as actual knowledge, “reason to believe,” or “reason to know,” in accordance with 15 C.F.R. § 772.1.

5 See EO 14110, Section 4.2(c).

Defined as “any AI model with the technical conditions of a dual-use foundation model, or that otherwise has technical parameters of concern, that has capabilities that could be used to aid or automate aspects of malicious cyber-enabled activity, including but not limited to social engineering attacks, vulnerability discovery, denial-of-service attacks, data poisoning, target selection and prioritization, disinformation or misinformation generation and/or propagation, and remote command-and-control, as necessary and appropriate of cyber operations.” See 89 FR 5698, 5702.

This post is as of the posting date stated above. Sidley Austin LLP assumes no duty to update this post or post about any subsequent developments having a bearing on this post.