What happened
Carnegie Endowment examines the emerging debate over U.S. cloud compute controls as a tool to restrict China's access to frontier AI capabilities. The brief documents that at least eleven Chinese state-linked entities have accessed restricted U.S. chips through third-country cloud services, including a $1.2 billion deal for 15,000 B200 chips through a Japanese provider. The analysis evaluates the revised Remote Access Security Act, which cleared the House with bipartisan support, against technical enforcement challenges and foreign government resistance. The brief frames cloud controls as an inevitable next step if policymakers continue restricting China's AI access, while noting the scope and enforceability questions that arise when cloud services are treated as exports.
Why it matters
Cloud compute represents a largely unregulated channel through which strategic competitors can access advanced AI capabilities without physical chip possession. Policymakers and corporate leaders need to understand how cloud controls would reshape data center economics, foreign investment decisions, and the architecture of global AI infrastructure.
Action needed
CISOs and corporate counsel at companies operating cross-border cloud infrastructure should assess exposure to proposed Remote Access Security Act provisions. Board-level review of cloud customer verification procedures and geographic footprint is recommended before regulatory frameworks solidify.