CSET’s complete response to DOC IFR BIS-2022-0025-0052 is available for download below.
Summary and Recommendations
The Advanced Computing/Supercomputing (AC/S) IFR articulates two key objectives with respect to regulating IaaS for the use of developing AI models. We address how BIS can respond to these two objectives in two parts below.
Preventing Chinese Entities from Accessing Controlled Chips Outside of China via IaaS Providers
We do not recommend implementing controls on U.S. companies providing IaaS to Chinese entities for a few reasons.
- The most concerning threat vector—Chinese IaaS provider’s data centers outside of China—has already been addressed through the headquartered-based export controls in the October 17, 2023 AC/S IFR.
- The size of the problem (i.e., the number of Chinese entities seeking access to controlled chips via U.S. IaaS providers) is likely minimal while the compute performance gap between China and the rest of the world remains relatively small.
- The costs of implementing a control (i.e., incentivizing foreign substitution, accelerating China’s self-sufficiency, and loss of visibility into China’s AI developments) outweigh the limited benefits.
Nonetheless, if BIS does decide to implement restrictions on Chinese entities accessing controlled chips outside of China via IaaS providers using its current authorities, BIS would need to rely on existing and new “U.S. persons” controls. BIS could implement either or both of the following:
- Control country-wide access to advanced chips via IaaS providers
- Control concerning end users’ access to all chips via IaaS providers
The efficacy of these two policy options relies heavily on the sophistication of IaaS providers’ “know your customer” (KYC) practices as Chinese entities may attempt to obfuscate their location or identity. Efforts to standardize or improve IaaS providers’ KYC practices would likely improve the effectiveness of controls.
Monitoring the Development of Large Dual-Use AI Foundational Models via IaaS
To monitor the development of large dual-use AI foundation models with potential capabilities of concern on IaaS platforms, BIS will need to decide how to identify the development of a large AI model, how to determine whether the model has potential capabilities of concern, and whether further action should be taken depending on the characteristics of the model and end user. Implementing each of these steps requires overcoming numerous technical and policy challenges as we discuss below.