The Department of Commerce Bureau of Industry and Security is requesting comments on a proposed rule requiring infrastructure as a service, or IaaS, providers to verify the identity of their foreign clients to prevent the use of U.S.-made IaaS products in malicious cyber-enabled activity.
A Federal Register notice published Monday states that BIS aims to implement its responsibilities under an executive order published in October 2023 to address the use of IaaS products by foreign malicious cyber actors.
The EO authorizes BIS to require U.S. IaaS providers to report whenever a foreign person transacts with them to train a large artificial intelligence model that could be used in illicit activities, such as intellectual property theft and espionage.
BIS also solicited industry feedback on special measures to deter foreign cyber actors using U.S. IaaS products, including prohibiting or imposing conditions on opening or maintaining an account with any IaaS provider by a foreign person or on behalf of such a foreign person.
The comment period is open until April 29.
