Trending Now
We have updated our Privacy Policy and Terms of Use for Eurasia Group and its affiliates, including GZERO Media, to clarify the types of data we collect, how we collect it, how we use data and with whom we share data. By using our website you consent to our Terms and Conditions and Privacy Policy, including the transfer of your personal data to the United States from your country of residence, and our use of cookies described in our Cookie Policy.
{{ subpage.title }}
Banking rules are coming to AI
The Biden administration will soon ask artificial intelligence companies to comply with federal rules most commonly applied to banks and other financial services companies: know-your-customer, or KYC, rules.
What are they? KYCs help financial regulators ensure US banks aren’t being used for money laundering, terrorist financing, or enabling sanctioned people or organizations.
The US government has heavily regulated its financial system since the Great Depression, but it wasn’t until the Bank Secrecy Act of 1970 that the government began monitoring who was using banks for illicit purposes. The Patriot Act, passed in the aftermath of 9/11, expanded the BSA to require banks to develop more thorough customer identification programs. The president now wants to force AI companies to know their customers, too.
What is Biden proposing? On Jan. 29, the Commerce Department’s Bureau of Industry and Security proposed requiring US cloud services companies to start collecting information like a bank would. The goal, the department wrote in a press release, is to prevent foreign entities aiming “to harm US critical infrastructure or national security, including to train large artificial intelligence (AI) models.”
Why is this so unusual? The financial sector is heavily regulated; the tech sector less so. While the government has taken exceptional steps to regulate the export of computer chips needed to power and run AI software, it's more challenging to regulate software and cloud services because they are globally accessible via the internet. The proposed rule would shift the burden of regulation to the software and cloud providers themselves.
“It turns out that Russian cybercriminals and Chinese spies, you name it, use American cloud services for their cyber activities,” says James Andrew Lewis, senior vice president and director of the strategic technologies program at the Center for Strategic and International Studies.
The measures are also aimed at preventing foreign adversaries, namely China, from using AI to strengthen their military capabilities, but it’s a half-measure.
“The long-term [view] is that the Chinese will figure out a way around this,” Lewis says. “This buys us a few years, but it’s not a permanent solution.”
Enter the cloud wars
The Biden administration proposed new rules on Monday placing know-your-customer requirements on cloud service providers. This is the government’s latest step aimed chiefly at keeping China at bay.
“We can't have non-state actors or China or folks who we don’t want accessing our cloud to train their models,” Commerce Secretary Gina Raimondo told Reuters. “We use export controls on chips … Those chips are in American cloud data centers, so we also have to think about closing down that avenue for potential malicious activity.”
The White House has issued export controls on the computer chips made with US parts, a stringent set of requirements that have cut off China and its technology firms from buying high-powered chips — or at least buying them through above-board means.
The chip wars now have a parallel: the cloud wars.
Know-your-customer requirements are typically imposed upon financial institutions like banks to thwart money laundering and terrorist financing. They’re not common in the much-less-regulated tech industry — something that will likely lead to moans, groans, and lawsuits from Big Tech.