BIS Expanding Validated End-User Program to Include AI Data Centers

BIS said it will approve AI data center operators only after a “thorough” review process, which may require them to provide detailed information about their customers, their technology security guardrails and other compliance procedures. The center’s “host country” will also need to assure the U.S. government that any technology received under the program will be “safe and secure.”

The new “Data Center VEU Authorization,” outlined in a final rule effective Oct. 2, builds on the agency’s existing VEU framework, which allows U.S. exporters to skip the BIS license application process for certain items if a foreign company is certified as a validated end-user. It also reduces “licensing burdens” on industry by allowing U.S. exporters to ship items under a general authorization instead of under multiple individual export licenses, BIS said.

The new authorization for data centers is meant to “facilitate quick and reliable” exports of items “necessary for a data center, including advanced computing items” controlled under the agency’s set of recent export control rules for advanced chips and chip manufacturing equipment, BIS said (see 2404010020), 2211010042 and 2302020034).

A company approved under the new data center authorization could receive expedited access to items on the Commerce Control List, including certain advanced computing integrated circuits and electronic assemblies, BIS said. That includes items “necessary for a data center” in destinations that would otherwise require a license, including items classified under Export Control Classification Numbers 3A090.a and 4A090.a, and .z items in CCL Categories 3, 4 and 5, excluding nations in Country Group D:5.

The authorization also excludes “600 series” items, which are generally items on the multilateral Wassenaar Arrangement Munitions List, and items controlled under the Export Administration Regulations for missile technology and crime control reasons.

BIS said it wanted to expand its VEU program after acknowledging that even in certain countries that normally require a license for advanced computing semiconductors, those chips “can be deployed in highly trusted environments, enabling the use of AI for technological discoveries and the development of new tools that improve the world.” Undersecretary Alan Estevez said the agency “is committed to facilitating international AI development while mitigating risks to U.S. and global security.”

But BIS also noted that the new Data Center VEU Authorization has more barriers to entry than the “general” authorizations under its existing VEU program, which currently authorize certain exports to companies in China and India. Those include the China-based factories of South Korean semiconductor companies Samsung and SK Hynix (see 2310130016).

“The Data Center VEU program will rigorously vet applicants to ensure that any authorization includes appropriate safeguards and security measures that protect our most advanced technologies,” Estevez said.

BIS said the Commerce, Defense, Energy and State departments will make decisions on whether to approve a foreign data center as a validated end-user. Those agencies could require a range of information from the applicant, including:

• A list of current and potential customers, unless there is a “legal prohibition” on providing that information or “other such exceptional circumstances”
• An “overview of business activities or corporate relationships” the applicant has with any party designated on the Entity List, Military End-User List, the Specially Designated Nationals and Blocked Persons List, the Foreign Sanctions Evaders List, the U.S. Sectoral Sanctions Identifications List, or with a party that has been named under a State Department nonproliferation sanctions determination
• A description of “physical” and “logical” security requirements, including access restrictions for the locations where the controlled items will be housed
• The policies and procedures “governing employees physical and logical access” to the VEU data center
• An overview of the applicant’s information security plan, which should include a cybersecurity plan, a logging and monitoring plan, a technology control plan, and more
• An “explanation of the network infrastructure and architecture and service providers”
• The applicant’s supply chain risk management plan, which should “ensure no prohibited technology enters the environment and no prohibited vendors are in the supply chain”
• The applicant’s export control training and compliance program procedures.

BIS said the agencies also will assess whether the applicant’s host country “has provided assurances to the U.S. government regarding the safe and secure use of the technology to be provided under” the VEU authorization. “Should an entity be interested in obtaining Data Center VEU status, its national government will need to engage the Commerce and State Departments to make such assurances.”

The four agencies also will evaluate the applicant’s export compliance record, whether it agrees to on-site compliance checks by U.S. officials, its relationships with both U.S and foreign companies, and its “technology roadmap” and “technology control plan.” They could also take into account the “status of export controls” in the host country and whether that country abides by multilateral export control regimes. “This information, among other things, may also be the subject of government-to-government assurances,” BIS said.

If the U.S. approves an applicant, it will give it a letter listing the items that can be exported or reexported to the validated end-user “along with any conditions required of the VEU.” Those conditions could require the data center to put in place new physical and logical security requirements, block access to certain people working for entities and countries “of concern” or block access to any person working for a party on the Entity List. The data center may also have to allow for on-site inspections by U.S. officials, who will determine whether the center is meeting those conditions, and they could be barred from providing computing power “above prohibited thresholds to entities or countries of concern.”

And although in-country transfers are permitted under a BIS General VEU Authorization, the agency said in-country transfers won’t be allowed under the Data Center VEU Authorization unless that in-country transfer “is to a VEU authorized location by the same VEU.”

Exporters sending items to an approved data center must also follow certain certification and reporting requirements, BIS said, which includes obtaining a certification from the validated end-user “regarding the end use and compliance with VEU requirements” before sending the first export.

Reexporters using VEU Authorizations must also file reports to BIS with the name and address of each validated end-user “to whom eligible items were reexported,” a list of any intermediate consignees, the eligible destination where the items were reexported, the quantity and value of the items, and their ECCNs. Reexporters sending items under the new Data Center VEU Authorization must submit those reports to BIS semiannually, while reexporters using the agency’s General VEU Authorization need to file reports only annually.

The approved data center end-users must also submit semiannual reports to BIS with a “record of current inventory of eligible items received,” the dates those items were received and by whom, a “description of how current compute is being utilized,” and a list of current customers “with a description of their utilization.”

BIS said this “rigorous review” and reporting process will put in place the safeguards needed to protect American technology from being used in a way that threatens U.S. national security and foreign policy.

Thea Kendler, the agency’s assistant secretary for export administration, called AI “the quintessential dual-use technology,” adding that “it is in the interest of U.S. national security to work with industry and partner governments to develop a secure global technology ecosystem.

“Through the Data Center VEU program, working with our interagency partners, we will ensure that data centers that demonstrate commitment to the highest security standards obtain facilitated access to advanced U.S. technological innovation," she said.

Kendler in April said BIS was looking to expand its VEU program to allow more U.S. exporters to sell products to credible foreign customers without having to first apply for a license (see 2403290032).

The agency said it’s working on “additional, forthcoming regulation and guidance related to the data center VEU program,” but said eligible companies can now begin applying.