“A bill to amend the Export Control Reform Act of 2018 to provide for control of remote access to items, and for other purposes.”
No CRS summary available for this bill.
This section amends the Export Control Reform Act of 2018 to expand U.S. controls on dual-use items subject to the Commerce Control List (administered by the Department of Commerce's Bureau of Industry and Security) to include the "provision of remote access" by foreign persons of concern (newly defined to include governments, entities, or persons from covered countries such as China—including Hong Kong and Macau—and others listed in 10 U.S.C. 4872(f)(2)) through cloud infrastructure services (i.e., Infrastructure as a Service per NIST standards) from outside the United States, if the Secretary of Commerce determines such access poses serious risks to national security or foreign policy (e.g., via artificial intelligence models enabling weapons of mass destruction design, offensive cyber operations, or surveillance using spyware as defined in 50 U.S.C. 3232a). (1) It adds definitions of "remote access" and "foreign person of concern" to Section 1742 (50 U.S.C. 4801); (2) updates the statement of policy in Section 1752 (50 U.S.C. 4811) to cover remote access alongside exports and transfers; (3) expands the President's licensing authority in Section 1753 (50 U.S.C. 4812), including new regulatory powers, exceptions, and reviews for remote access; and (4) inserts remote access provisions throughout additional authorities in Section 1754 (50 U.S.C. 4813) and controls administration in Section 1755 (50 U.S.C. 4814). (Thus, these changes enable regulation of cloud-based access to sensitive U.S. technologies by adversaries, closing a physical-export loophole.)
This section requires the Secretary of Commerce to keep Congress fully and currently informed, including in a classified setting as necessary, prior to promulgating regulations under the Export Control Reform Act of 2018, as amended by section 2, that control remote access to subject items. Such consultations must address (1) the national security or foreign policy risks targeted by the regulations, (2) how the regulations address those risks, and (3) potential economic impacts on the United States, including effects on the competitiveness of U.S. industry in cloud services and related sectors.
This section directs the Secretary of Commerce, not later than one year after enactment, to submit to Congress and make publicly available a report assessing implementation of the Act and its amendments and making recommendations on (1) maximizing privacy and minimizing compliance costs for entities seeking licenses for remote access to items under the Export Control Reform Act of 2018 (ECRA), as amended by section 2; (2) improving the speed and consistency of such license reviews; (3) identifying national security and foreign policy concerns related to remote access to items to improve certainty for U.S. businesses; (4) increasing cooperation with international partners on remote access to items; (5) ensuring export controls on remote access to items are consistent, clear, and up to date; and (6) recommending amendments to ECRA to strengthen its remote access provisions. In developing the report, the Secretary must seek public input, including by holding a public roundtable with industry participants.