US chip export control rules circumvented by AI cloud services, says report

Reports that Chinese companies are exploiting a loophole in export controls that limit the sale of high-performance computer chips to China could prompt the administration to crack down on the sale of AI-related cloud computing services to Chinese companies.

The US maintains a significant lead in AI hardware development, which is crucial for training AI models.

Semiconductor export controls already limit sales of high-end GPUs that can be used in the development of artificial intelligence technologies. These US export controls for AI technology, first introduced in October 2022 and updated in October 2023, are designed to balance national security interests with enabling wider research and development work.

General-purpose AI software, untrained algorithms, and datasets without military applications are out of scope of the controls.

The rules — administered by the US Department of Commerce’s Bureau of Industry and Security (BIS) — also block the export of semiconductor manufacturing equipment to prohibited countries including Russia, North Korea and China.

Cloud computing loophole

However, the existing rules omit the provision of chips-as-a-service, or cloud computing, creating a potential loophole for Chinese companies to benefit from the chips as long as they remain on US soil.

ByteDance, the Chinese firm behind TikTok, is reportedly renting US-based servers containing Nvidia’s H100 chips from Oracle’s cloud service. The cloud-based platform is being used to train AI models.

Once developed, it would be difficult to block the export of AI models from the US to China, US-based cloud providers and a former Nvidia employee told The Information.

Two smaller American cloud providers reportedly declined offers to rent servers with Nvidia’s H100 chips to ByteDance and China Telecom because the proposed deals went against the spirit of export control rules.

The Biden administration is reportedly preparing to close this loophole by restricting Chinese companies’ access to US cloud computing services.

As July 2023 that the US Department of Commerce was considering requiring cloud service providers such as AWS, Microsoft Azure, and Google Cloud to seek permission before they provide cloud computing services to companies linked to China or other restricted countries.

Stalled legislation

Around that time, US Representative Jeff Jackson introduced a bill — Closing Loopholes for the Overseas Use and Development of Artificial Intelligence (CLOUD AI) Act — with sponsors from both sides of the House, seeking to close off cloud-based access to artificial intelligence technologies for Chinese entities because of national security concerns.

It was referred to the House Foreign Affairs committee, where it remains, although the revelations of The Information’s investigation may prompt renewed action.

However, some caution against a blanket ban.

Michael Robert, a cybersecurity specialist and AI expert and a senior technical contributor at GTA Boom, told Computerworld that while national security concerns are valid, the wider impact should be considered: Complete bans could backfire by damaging goodwill, so more tailored approaches to regulation should be considered.

 “Mandating disclosure of customers and workloads involving controlled technologies ensures oversight, for example, while leaving room for cooperation,” Robert said.

Even if the US tightens up export regulations to restrict Chinese companies’ access to AI development platforms in the cloud, it will also need to grapple with companies such as Alibaba and Tencent that run US-based data centres, both of which are reportedly in the market for high-end GPU rigs.