United States of America: Opened consultation on rule to implement the AI Executive Order requiring user identification for IaaS providers

On 29 January 2024, the Secretary of Commerce of the United States opened a consultation on the Executive Order requiring Infrastructure as a Service (IaaS) providers to verify the identity of their foreign customers until 29 April 2024. It mandates risk-based identity verification procedures, flexible methods, and steps for failed verifications. Recordkeeping requirements involve maintaining, protecting, and accessing records for two years. Foreign resellers must adhere to CIP requirements, with U.S. providers reporting and terminating relationships for malicious cyber activity. Annual updates and certifications on CIPs are proposed, attesting to compliance and addressing changes. Exemptions are possible based on compliance with security best practices. The order includes procedures for granting exemptions and authorising special measures to deter foreign malicious cyber actors' use of U.S. IaaS products.