The Department of Commerce has proposed regulations in response to Executive Orders 13984 and 14110, aiming to address malicious cyber-enabled activities by foreign actors using U.S. Infrastructure as a Service (IaaS) products. These regulations require U.S. IaaS providers to verify the identity of their foreign customers and submit reports on AI training runs with potential malicious cyber capabilities. The proposed rules also include exemptions for IaaS providers who comply with security best practices. Comments on the Advanced Notice of Proposed Rulemaking highlighted the need for flexibility and consideration of compliance costs. The Department seeks to balance national security concerns with the burden on providers in combating cyber threats.
https://www.federalregister.gov/documents/2024/01/29/2024-01580/taking-additional-steps-to-address-the-national-emergency-with-respect-to-significant-malicious