BIS Studying Export Control 'Options' for Open Source Software, Cloud, Estevez Says
The Bureau of Industry and Security is studying ways it can place potential export controls on access to advanced open-source software, including artificial intelligence-powered models similar to ChatGPT-4, as well as certain cloud computing services, BIS Undersecretary Alan Estevez said. Although Estevez said no controls are imminent, the agency is working to form a set of export control policy options to address both.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
On open-source software, "we're talking about large language training models," Estevez said during an event last week hosted by Georgetown University’s Center for Security and Emerging Technology. “We're having those discussions.”
He said experts have told him that advanced open-source software is “not something I need to worry about yet, but it can get there maybe, and it depends on how the [large language models] LLM world evolves.” He pointed to the AI “explosion” this past year that featured the release of GPT-4, the AI-powered language processing tool.
BIS is studying how to place potential controls on that software “in such a way so we don't stifle the innovation that we derive from that,” while also protecting national security. “I don't know what the answer is yet,” he said, “but it's certainly on our radar.”
In July, researchers at CSET said BIS could use existing “catch-all controls” to tighten restrictions around exports of sensitive AI models, which could eliminate the need to develop new regulations to address emerging AI export risks (see 2307060037).
Estevez said BIS is having similar discussions on potential export controls around issues related to the cloud, including potentially cloud computing services. BIS officials have said the agency was looking at ways to stop Chinese companies from using cloud providers to skirt its Oct. 7, 2022, chip controls (see 2303210037), but the agency opted not to introduce new controls to address those issues when it updated its chip restrictions on Oct. 17 (see 2310170055).
BIS has formed a “team” to study the issue, Estevez said, joking that they’re “locked in a room” and “some of them are allowed out to see the light of day.”
Researchers with CSET and the Center for a New American Security earlier this year suggested BIS should avoid placing export controls on cloud computing services, raising a range of issues that could arise from those restrictions, including the fact that the U.S. likely would face challenges convincing allies to also implement them (see 2305160092).
Estevez said he tasked his team with thinking through potential “options,” and “once we [figure out] our options, we'll start talking to industry.”
“So it is definitely something that is an area of concern.”