SUPPLEMENTARY INFORMATION:

Background

Section 4.2(a)(i) of Executive Order 14110 of October 30, 2023, “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence” (E.O. 14110), directs the Secretary of Commerce to require companies developing, or demonstrating an intent to develop, potential dual-use foundation AI models to provide certain information to the Federal Government on an ongoing basis. Additionally, section 4.2(a)(ii) of E.O. 14110 directs the Secretary of Commerce to require companies, individuals, or other organizations or entities that acquire, develop, or possess a potential large-scale computing cluster to report any such acquisition, development, or possession, including the existence and location of these clusters and the amount of total computing power available in each cluster.

As defined under E.O. 14110, a “dual-use foundation model” is “trained on broad data; generally uses self-supervision; contains at least tens of billions of parameters; is applicable across a wide range of contexts; and that exhibits, or could be easily modified to exhibit, high levels of performance at tasks that pose a serious risk to security, national economic security, national public health or safety, or any combination of those matters.” The reporting requirements proposed in this regulation are intended to apply to dual-use foundation models that meet technical conditions issued by the Department. The Department expects to update the technical conditions, based on technological advancements, as ( print page 73613) necessary and appropriate, as directed by section 4.2(b) of E.O. 14110.

E.O. 14110 directs the Department of Commerce (Department) to collect information about dual-use foundation models in accordance with the Defense Production Act (DPA) (50 U.S.C. 4501 et seq.). Under the DPA, the President is authorized to take actions that ensure the U.S. industrial base is prepared to supply products and services to support the national defense. In this context, the term “national defense” means “programs for military and energy production or construction, military or critical infrastructure assistance to any foreign nation, homeland security, stockpiling, space, and any directly related activity” (50 U.S.C. 4552(14)). Additionally, the DPA makes clear that the international competitiveness of the U.S. industrial base directly affects its ability to support the national defense (see 50 U.S.C. 4502(a)(7)).

Among other authorities, the DPA authorizes the President “by regulation, subpoena, or otherwise, to obtain such information from, require such reports and the keeping of such records by, make such inspection of the books, records, and other writings, premises or property of, and take the sworn testimony of, and administer oaths and affirmations to, any person as may be necessary or appropriate, in his discretion, to the enforcement or the administration of” the DPA (50 U.S.C. 4555(a)). The DPA further specifies that this grant of authority “includes the authority to obtain information in order to perform industry studies assessing the capabilities of the United States industrial base to support the national defense” (50 U.S.C. 4555(a)).

To carry out its obligations under section 4.2(a) of E.O. 14110, BIS is exercising its DPA authority, which was delegated to the Department by the President in Executive Order 13603, and subsequently re-delegated within the Department to BIS, to collect information from U.S. companies that are developing, have plans to develop, or have the computing hardware necessary to develop dual-use foundation models. AI models are quickly becoming integral to numerous U.S. industries that are essential to the national defense. For example, manufacturers of military equipment ( e.g., aircrafts, tanks, and missile launchers) use AI models to enhance the maneuverability, accuracy, and efficiency of equipment.^[1] Similarly, manufacturers of signal intelligence devices ( e.g., satellites, cameras, and radar) use AI models to improve how those devices capture signals and eliminate noise.^[2] As a final example, developers of cybersecurity software, which can be applied to protect a wide range of systems and infrastructure that are critical to the national defense, use AI models to increase the speed at which that software detects and responds to cyberattacks.^[3]

Dual-use foundation models could increase the capabilities of these products and services to an even greater extent. Specifically, integrating dual-use foundation models into products like military equipment, signal intelligence devices, and cybersecurity software could enable those products to operate more effectively across a wider range of environments, to respond more effectively to unexpected signals, and to combat additional types of cyberattacks.

Given those potential capabilities, it is essential to the national defense that the defense industrial base is able to integrate dual-use foundation models. Indeed, because industries and governments across the world are actively working to integrate dual-use foundation models into their defense capabilities, the U.S. defense industrial base will need to integrate dual-use foundation models to remain internationally competitive.

Accordingly, the U.S. Government must be ready to take actions that ensure dual-use foundation models produced by U.S. companies are available to the defense industrial base. To do so, the U.S. Government needs information about how many U.S. companies are developing, have plans to develop, or have the computing hardware necessary to develop dual-use foundation models, as well as information about the characteristics of dual-use foundation models under development. Such information will allow the U.S. Government to determine whether action is necessary to stimulate development of dual-use foundation models or to support the development of specific types of models.

The integration of AI models into the defense industrial base also requires the U.S. Government to take actions as needed to ensure that dual-use foundation models operate in a safe and reliable manner. Products integrating these models may operate in unpredictable or unreliable ways, potentially resulting in dangerous accidents, and a lack of reliability will make it difficult for the U.S. Government to use those products in contexts where the margin for error is small, including defense-related activities where accidents could result in injury or even loss of life. Thus, the U.S. Government needs information about how companies developing dual-use foundation models are training those models to respond to different kinds of inputs and information about how those companies have tested the safety and reliability of their models. Such information will allow the U.S. Government to determine the extent to which certain dual-use foundation models can be used by the defense industrial base and whether action is needed to ensure that the defense industrial base produces the safest and most reliable products and services in the world.

For similar reasons, the U.S. Government must minimize the vulnerability of dual-use foundation models to cyberattacks. Dual-use foundation models can potentially be disabled or manipulated by hostile actors, and it will be difficult for the U.S. Government to rely on a particular model unless it can determine that the model is robust against such attacks. Accordingly, the U.S. Government needs information about the cybersecurity measures that companies developing dual-use foundation models use to protect those models, as well as information about those companies' cybersecurity resources and practices. Under 15 CFR 702.3 all information submitted to the Department under this rule will be treated as confidential and afforded all the protections of section 705(d) of the DPA. Such information will allow the U.S. Government to determine which models are secure enough to be integrated into products or services that are essential to the national defense and to assess whether action is needed to ensure that the defense ( print page 73614) industrial base is producing the most secure products and services in the world.

Finally, the U.S. Government must prepare the defense industrial base for the possibility that foreign adversaries or non-state actors will use dual-use foundation models for activities that threaten the national defense, including to develop weapons and other dangerous technologies. Accordingly, the U.S. Government requires information about the safety and reliability of AI models, including any potentially dangerous capabilities that developers of dual-use foundation models have identified with respect to those models. This includes the results of tests related to reliability as well as the results of any red-team testing that the company has conducted relating to lowering the barrier to entry for the development, acquisition, and use of biological, weapons by non-state actors; the discovery of software vulnerabilities and development of associated exploits; the use of software or tools to influence real or virtual events; and the possibility for self-replication or propagation. Such information will enable the U.S. Government to determine whether investments in the defense industrial base are needed to ensure the United States has access to safe and reliable AI systems, as well as to counteract the dangerous capabilities identified or to ensure that adequate safeguards are in place to prevent the theft or misuse of dual-use foundation models by foreign adversaries or non-state actors.

In short, dual-use foundation models will likely drive significant advances in numerous industries on which the national defense depends. These advances require BIS to conduct an ongoing assessment of the AI industry to ensure that the U.S. Government has the most accurate, up-to-date information when making policy decisions about the international competitiveness of the industrial base and its ability to support the national defense.

Section 4.2(a)(i) of E.O. 14110 mandates that the Secretary shall require companies developing dual-use foundation AI models to provide information, reports, or records regarding the following:

1. any ongoing or planned activities related to training, developing, or producing dual-use foundation models, including the physical and cybersecurity protections taken to assure the integrity of that training process against sophisticated threats;

2. the ownership and possession of the model weights of any dual-use foundation models, and the physical and cybersecurity measures taken to protect those model weights; and

3. the results of any developed dual-use foundation model's performance in relevant AI red-team testing, including a description of any associated measures the company has taken to meet safety objectives, such as mitigations to improve performance on these red-team tests and strengthen overall model security.

4. Other information pertaining to the safety and reliability of dual-use foundation models, or activities or risks that present concerns to U.S. national security.

Section 4.2(a)(ii) of E.O. 14110 also mandates that companies, individuals, or other organizations or entities that acquire, develop, or possess a potential large-scale computing cluster must report any such acquisition, development, or possession, including the existence and location of these clusters and the amount of total computing power available in each cluster. To the extent that these entities are companies developing dual-use foundation models, they are also subject to obligations 1-3, above.

Discussion of the Proposed Rule

This proposed rule outlines a potential notification and reporting process for companies developing or intending to develop dual-use foundation AI models and for companies, individuals or other organizations or entities that acquire, develop, or possess computing clusters that meet technical conditions issued by the Department. Such entities would be required to report the required information to the BIS on a quarterly basis for activities that occurred during that quarter or that are planned to occur in the six months following the quarter.

BIS collected information responsive to the requirements of section 4.2(a) of E.O. 14110 via a mandatory survey of companies identified as developing or planning to develop potential dual-use foundation models. That survey was issued on January 26, 2024. Under this proposed rule, companies that completed the survey and any other companies that have developed or are in the process of developing dual-use foundation models or large-scale computing clusters would be required to submit information about these activities on a quarterly basis.

For companies that have already submitted complete information via the survey, the reporting requirements will not require that the company report activity already reported to BIS in the survey but would require the reporting of any additions, updates, or changes to the information since the survey. Any company that has filed at least one report would be required to continue to file reports on a quarterly basis for as long as it continues to meet the reporting requirements or, if it no longer meet the requirements, until it has filed seven quarterly reports affirming that it has no additions, updates, or changes to the information in the last report. The reporting system will allow for companies that have no additions, updates, or changes since the last report to make a simple notification to that effect.

Request for Comments

BIS welcomes public comment on all aspects of this proposed regulation. While much of the information that entities must report is dictated by section 4.2(a) of E.O. 14110, BIS is particularly interested in public comments on the following:

1. Quarterly Notification Schedule: BIS has proposed that all covered U.S. persons with models or clusters exceeding the technical thresholds for reporting should notify BIS on a quarterly basis. Covered U.S. persons would be required to make quarterly notifications of `applicable activities' that meet the criteria under § 702.7(a)(1)(i) or (ii) planned to occur in the next six months related to dual-use foundation models and/or computing clusters, as well as quarterly notifications required for any `applicable activities' ( i.e., an “applicable activity” that meets the criteria under § 702.7(a)(1)(i) or (ii)) and § 702.7(a)(2)(v) ( Affirmation of no applicable activities), as applicable. `Applicable activities' are defined to include developing, or having the intent to develop within the next six months, an AI model or computing cluster above certain technical thresholds specific in this proposed rule. If a covered U.S. person has any `applicable activities' to report, then they will notify BIS, and BIS will follow up with more detailed questions, to which the Covered U.S. person must respond within 30 calendar days. If Covered U.S. persons have no `applicable activities' to report, they would only be required to affirm that fact to BIS each quarter. BIS has proposed a quarterly notification schedule to provide the U.S. Government with timely information on the safety and security of large AI models and computing clusters, while offering a regular notification schedule to facilitate respondent planning and ease respondent burden. BIS welcomes comments on the frequency of the proposed notification schedule, as well ( print page 73615) as alternatives for achieving timely reporting of the required information.

2. Collection and Storage: BIS recognizes that the information collected through these reporting requirements is extremely sensitive. In the interest of gathering information on prioritizing the safety of respondents' data, BIS welcomes comments related to how this data should be collected and stored.

3. Collection Thresholds: BIS has included the technical conditions specified in E.O. 14110 for models and computing clusters that would trigger the proposed reporting requirements. As directed by section 4.2(b) of E.O. 14110, BIS will update these technical conditions as appropriate. In addition to the technical parameters in E.O. 14110, BIS is also seeking comments on the following proposed updated collection parameters. BIS welcomes comments on the following sets of technical parameters.

• A dual-use foundation model training run triggers reporting requirements if it utilizes more than 10^26 computational operations (e.g., integer or floating-point operations). Models trained on primarily biological sequence data, but at the lower threshold of 10^23 computational operations, as specified by section 4.2(b) of E.O. 14110, will be addressed in a separate survey.
• Large-scale computing clusters are defined as clusters having a set of machines transitively connected by networking of over 300 Gbit/s and having a theoretical maximum performance greater than 10^20 computational operations (e.g., integer or floating-point operations) per second (OP/s) for AI training, without sparsity.

Rulemaking Requirements

1. This proposed rule has been determined to be a significant regulatory action for purposes of E.O. 12866.

2. Notwithstanding any other provision of law, no person is required to respond to, nor shall any person be subject to a penalty for failure to comply with, a collection of information subject to the requirements of the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.) (PRA), unless that collection of information displays a currently valid Office of Management and Budget (OMB) Control Number. This proposed rule involves a currently approved information collection National Security and Critical Technology Assessments of the US Industrial Base (OMB Control Number 0694-0119). The authority for this collection is section 705 of the Defense Production Act of 1950, as amended and related Executive Orders 12656 and 13603. Under this information collection, BIS conducts surveys and assessments of critical U.S. industrial sectors and technologies. Undertaken at the request of various policy, research and development, and program and planning organizations within the Department of Defense and the Armed Services, Department of Homeland Security (DHS), National Aeronautics and Space Administration (NASA), and other agencies, BIS research, data collection and analysis provide needed information to benchmark industry performance and raise awareness of diminishing manufacturing capabilities.

Most surveys include questions necessary to obtain data on employment, supply chain, financial performance, production, technology and service capabilities, research and development (R&D), investment, competitive outlook, export controls and other relevant information. Some surveys include a few non-standard questions, depending on the industry and the needs of the partner agency. The number of surveys required per assessment varies with the size of the sector and the scope of the project.

Information gathered from these surveys is deemed business confidential and will be treated in accordance with section 705 of the Defense Production Act of 1950 which prohibits the publication or disclosure of such information unless the President determines that its withholding is contrary to the national defense. To review previous surveys cleared under this generic collection—including all background materials—please visit at https://www.reginfo.gov/​public/​do/​PRAMain and use the search function to enter either the title of the collection or the OMB Control Number.

When this proposed rule is finalized, BIS intends to use this existing information collection for the collection/reporting requirement required by E.O. 14110. BIS estimates the specific survey required by this proposed rule will have an estimated burden of 5,000 hours per year aggregated across all new respondents. BIS believes this increase in respondent burden does not require a change to the burden or cost estimates for the overall umbrella clearance. Please see the request for comment section of the proposed rule for more information the potential information collection elements BIS is considering for the final rule and subsequent surveys.

3. These proposed changes do not contain policies with federalism implications as that term is defined in E.O. 13132.

4. The Regulatory Flexibility Act (RFA), as amended by the Small Business Regulatory Enforcement Fairness Act of 1996 (SBREFA) (5 U.S.C. 601 et seq.) generally requires an agency to prepare a regulatory flexibility analysis of any rule subject to the notice and comment rulemaking requirements under the Administrative Procedure Act (5 U.S.C. 553) or any other statute. Under section 605(b) of the RFA, however, if the head of an agency certifies that a rule will not have a significant impact on a substantial number of small entities, the statute does not require the agency to prepare a regulatory flexibility analysis. Pursuant to section 605(b), the Chief Counsel for Regulation, Department of Commerce, certified to the Chief Counsel for Regulation, Small Business Administration that this proposed rule will not have a significant impact on a substantial number of small entities for the reasons explained below. No other law requires such an analysis. Consequently, no regulatory flexibility analysis is required, and none has been prepared.

Number of Small Entities

Small entities include small businesses, small organizations, and small governmental jurisdictions. For purposes of assessing the impacts of this proposed rule on small entities, a small business, as described in the Small Business Administration's Table of Small Business Size Standards Matched to North American Industry Classification System (NAICS) Codes (effective March 17, 2023), has a maximum annual revenue of $47 million and a maximum of 1,500 employees (for some business categories, these numbers are lower). A small governmental jurisdiction is a government of a city, town, school district or special district with a population of less than 50,000. A small organization is any not-for-profit enterprise which is independently owned and operated and is not dominant in its field. The most apt code to apply here is NAICS 518—Computing Infrastructure Providers, Data Processing, Web Hosting, and Related Services.

The reporting requirements in this proposed rule are expected to apply to only a small number of entities—only those companies developing or intending to develop a dual-use foundation model and those companies, individuals, or other organizations or entities that acquire, develop, or possess potential large-scale computing clusters. For the purposes of this rulemaking, the term “covered U.S. persons” includes ( print page 73616) all U.S. persons subject to the reporting requirements of E.O. 14110, section 4.2(a), and is defined as any individual U.S. citizen, any lawful permanent resident of the United States as defined by the Immigration and Nationality Act, any entity—including organizations, companies, and corporations—organized under the laws of the United States or any jurisdiction within the United States (including foreign branches), or any person (individual) located in the United States. At present, BIS assesses that there are between zero and 15 companies exceed the reporting thresholds for models and computing clusters at the time of publication. All of these entities are well-resourced technology companies. Exceeding the technical thresholds for models and computing clusters requires access to vast computing power, which is not typically available to small entities. The minimum computational threshold that would trigger a reporting requirement established in E.O. 14110 currently exceeds all or virtually all models in use.^[4]

As AI technology development and implementation are expected to advance over the next few years, the number of covered U.S. persons involved in it will also increase. However, as directed by E.O. 14110, the Secretary will update the technical conditions that trigger the reporting requirements over time, which may limit the number of additional impacted entities over time.

Impact

For the reasons discussed above, BIS believes that this proposed rule, which would impose reporting requirements on large technology companies, would have no significant impact on small entities.

Conclusion

BIS believes that the overall impact of this proposed rule on small entities would not be significant, as it would only apply to entities with large monetary and computational resources, which BIS believes are not small entities. For the reasons set forth above, the Chief Counsel for Regulations at the Department of Commerce has certified that this action would not have a significant impact on a substantial number of small entities.

In accordance with 5 U.S.C. 553(b)(4), a summary of this proposed rule may be found at www.regulations.gov. The regulations.gov ID for this proposed rule is: BIS-2024-0047.

Accordingly, 15 CFR part 702 is proposed to be amended as follows:

1. The authority citation for 15 CFR part 702 is revised to read as follows:

Authority: 50 U.S.C. 4501 et seq.;E.O. 13603, 77 FR 16651, 3 CFR, 2012 Comp., p. 225; E.O. 14110, 88 FR 75191, 3 CFR, 2023 Comp., p. 657.

2. Section 702.7 is added to read as follows: