New Mandatory Reporting Requirement Proposed for AI and Cloud Providers
Written By: Juliana Cipolla

On Monday, September 9, 2024, the U.S. Department of Commerce’s Bureau of Industry and Security released a Notice of Proposed Rulemaking outlining a new mandatory reporting requirement for the world’s leading AI and computing cluster developers and cloud providers. This rule is proposed to help ensure the technologies are safe and can withstand cyber-attacks. The proposed rule would only impact companies with large monetary and computational resources.

The proposed rule outlines a potential notification and reporting process for companies developing or intending to develop dual-use foundational AI models. Dual-use foundational AI models are trained on broad data, generally using self-supervision, contain at least tens of billions of parameters, is applicable across a wide range of contexts, and exhibits, or can be modified to exhibit, high levels of performance at tasks.

Companies that have developed or are in the process of developing dual-use foundational models or large-scale computing clusters would be required to submit information about these activities on a quarterly basis. If a company has already submitted complete information, the Bureau of Industry and Security would require the reporting of any additions, updates, or changes to the information since. Companies would be required to file reports on a quarterly basis for as long as it continues to meet the reporting requirements, or, if it no longer meets the requirements, until it has filed seven quarterly reports affirming that it has no additions, updates, or changes to the information in the last report.

The rule would also require reporting on cybersecurity measures as well as outcomes from so-called “red-teaming” efforts, like testing for dangerous capabilities, including the ability to assist in cyberattacks or lowering barriers to entry for non-experts to develop chemical, biological, radiological, or nuclear weapons.

As AI technology development and implementation are expected to advance over the next few years, the number of covered U.S. entities involved in it will also increase. It is vital that these technologies can withstand cyberattacks and implement preventative measures to help limit risk of misuse.

The last day for comment was October 11, 2024.

At The Beckage Firm, we have a team of seasoned technologists and attorneys that diligently monitor emerging AI laws and effectively guide our clients through complex and legal developments, helping clients understand and comply with relevant authorities.