Compare with different regulatory event:
On 29 April 2024, the Secretary of Commerce of the United States closed its consultation on the proposed rule to implement the Executive Order requiring Infrastructure as a Service (IaaS) providers to verify the identity of their foreign customers. It mandates risk-based identity verification procedures, flexible methods, and steps for failed verifications. Recordkeeping requirements involve maintaining, protecting, and accessing records for two years. Foreign resellers must adhere to CIP requirements, with US providers reporting and terminating relationships for malicious cyber activity. Annual updates and certifications on CIPs are proposed, attesting to compliance and addressing changes. Exemptions are possible based on compliance with security best practices. The order also includes procedures for granting exemptions and authorising special measures to deter foreign malicious cyber actors' use of US IaaS products.
Original source