The U.S. Department of Commerce is pushing forward with regulations requiring Infrastructure-as-a-Service (IaaS) providers to implement a “know your customer” program, aiming to deter malicious foreign use of U.S. IaaS services.
The proposal, originating from an executive order signed by then-President Donald Trump, faced objections from cloud providers expressing concerns about increased burdens.
The proposed regulation involves new data retention and record-keeping requirements, potentially costing up to $170 million annually for affected IaaS providers. Additionally, the regulation seeks to compel providers to notify the government of transactions enabling a foreign entity to train large AI models with potential malicious applications.
Despite objections, the Commerce Department is committed to moving forward, acknowledging the compliance costs for IaaS providers. IBM, a leading IaaS provider, supports the proposed rule’s intentions to prevent misuse of domestic cloud and AI infrastructure but emphasizes the need for greater industry engagement to avoid unintended consequences.
Mason Molesky, a cybersecurity and cloud policy executive at IBM, highlights the importance of addressing data privacy concerns for international clients. The public has until April 29 to submit comments on the proposed regulations, which cover 1,837 IaaS providers and resellers.
