29
January
2024
BIS (Commerce Dep’t) proposes rule for enhanced KYC & DD requirements on large cloud service providers
On January 29, 2024, the Department of Commerce’s Bureau of Industry and Security (BIS) published a proposed rule seeking to implement additional measures to address the ‘ongoing national emergency’ related to significant malicious cyber-enabled activities. The proposed rule would expand on existing U.S. export control frameworks and is intended to deter malicious actors from exploiting U.S. technologies and services by imposing new restrictions and due diligence requirements, particularly for cloud infrastructure providers and other potentially vulnerable platforms.
Organizations involved in providing or hosting software, data processing, or cloud services would be subject to heightened compliance obligations under the proposed regulations. Additionally, the proposed rule could potentially have a profound impact on the digital assets industry. BIS invites industry stakeholders to submit comments on the proposed rule through April 29, 2024.