The Commerce Department is proposing new rules that could require U.S. cloud service providers and their foreign resellers to follow know-your-customer (KYC) requirements, a step the agency said would prevent those services from being used to aid cyberattacks and to train artificial intelligence models that threaten U.S. national security. The proposed regulations are specifically aimed at preventing “foreign malicious cyber actors” from using U.S. infrastructure-as-a-service products to steal American intellectual property and sensitive data, commit espionage, and train large AI models for cyberattacks on U.S. critical infrastructure.
toarticlessource documents
Search Primer
Term list: Separate terms with spaces, not commas or semicolons.
Multi-word term: Place inside quotes to ensure an exact match (e.g. "foreign direct product rule").
Acronyms: Use all capital letters to ensure the search is not looking for that letter sequence instead. (e.g., BIS).
Required term: If a term must be included in any resulting articles, prefix it with a plus sign (e.g., BIS +Huawei).
Excluded term: If a term should be excluded from any articles being found, prefix it with a minus sign (e.g., China -tariff).
Simplest form: Use the simplest form of a term (e.g. "russian export control" instead of "russian export controls" or "entity list" instead of "entity listing").
The Bureau of Industry and Security is undergoing a restructuring to separate its licensing work from its efforts to evaluate and protect emerging and foundational technologies, said Eileen Albanese, director of the Office of National Security and Technology Transfer Controls. She said the agency plans to hire at least three new senior officials to usher in the reorganization, which will help BIS meet its “broader mandate.”
The U.S. and the EU are making progress on more closely aligning their encryption-related export controls, a senior Bureau of Industry and Security official said last week, along with differences in export licensing and classification.
The Bureau of Industry and Security will likely issue more penalty announcements this year for export control violations, a former senior BIS enforcement official said, suggesting the current state of enforcement is unprecedented.
The Bureau of Industry and Security is preparing to announce more “significant” export penalties and corporate resolutions this year, said Matthew Axelrod, the agency’s top export enforcement official. He also said exporters should see more export-related indictments as part of a joint effort with DOJ, and he continued to pitch a BIS funding boost, which would help it hire more export enforcement agents.
The Bureau of Industry and Security has been experiencing delays in semiconductor-related export license applications due to a higher number of disagreements with the other agencies that also review those licenses, a senior BIS official said this week.
Four Democratic lawmakers, including Sen. Elizabeth Warren of Massachusetts, sent Commerce Secretary Gina Raimondo a series of recommendations for strengthening firearms export controls, Warren’s office said Jan. 24.
Companies should avoid internal policies that require them to disclose all potential sanctions and export control violations to the government, lawyers with Foley Hoag said this week. Although it may seem like a sound compliance policy, the lawyers said that language can backfire, including in cases where a voluntary disclosure may not be the best option.
Companies should expect the Bureau of Industry and Security to announce new export controls this year restricting certain U.S. person activities involving military and military intelligence end uses and end users, a former BIS official said.
The leaders of the Senate Homeland Security and Governmental Affairs Subcommittee on Emerging Threats and Spending Oversight have asked the Government Accountability Office to assess the effectiveness of new export controls aimed at preventing China from obtaining advanced computing chips and the equipment to manufacture them.