Cloud Technology in the New Executive Order on Artificial Intelligence

This week’s post takes a brief look at the clauses related to cloud computing in the recently published “Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence,” and discusses some possible implications for the contracting community.

Several clauses in the AI E.O. focus on the convergence of AI and cloud capabilities.

Section 2(b) deals with promoting responsible innovation, competition, and collaboration. To that end, the E.O. charges the government with promoting “a fair, open, and competitive ecosystem and marketplace for AI and related technologies so that small developers and entrepreneurs can continue to drive innovation.” “Doing so,” continues the E.O, “requires stopping unlawful collusion and addressing risks from dominant firms’ use of key assets such as semiconductors, computing power, cloud storage, and data to disadvantage competitors.”

Contractor Implications: This clause appears to zero in on the dominance of large commodity cloud service providers who offer most of the cloud storage capacity used by federal agencies. Those providers, it appears, might want to anticipate some additional scrutiny, as federal authorities seek to combat “unlawful collusion” that works against small businesses.

Section 4.2(c) on ensuring safe and reliable AI addresses Infrastructure-as-a-Service (IaaS) providers. Specifically, the section

Proposes regulations that require United States IaaS providers to submit a report to the Secretary of Commerce when a foreign person transacts with that provider to train a large AI model with potentially malicious cyber-enabled capabilities.
Includes a requirement that U.S. IaaS providers prohibit any foreign reseller of their product/service from providing the product/service unless the foreign reseller submits to the provider a report, which the provider must forward to the Secretary of Commerce, detailing each instance in which a foreign person transacts with the foreign reseller to use the IaaS provider’s capability to conduct an AI training run.
Calls for the development of technical conditions for a large AI model to have potential capabilities that could be used in malicious cyber-enabled activity.

Contractor Implications: Due diligence is the watchword here. Large IaaS providers will need to be diligent in ensuring that they adhere to the regulations as they develop or face the potential that their business relationship with the U.S. government could be adversely affected.

Section 10.1f(ii), under providing guidance for AI management, requires that by January 30, 2024, the GSA, OMB and Federal Secure Cloud Advisory Committee “develop and issue a framework for prioritizing critical and emerging technologies offerings in the Federal Risk and Authorization Management Program(FedRAMP) authorization process, starting with generative AI offerings that have the primary purpose of providing large language model-based chat interfaces, code-generation and debugging tools, and associated application programming interfaces, as well as prompt-based image generators.”

Contractor Implications: The use of cloud-based analytics has already been on the rise over the last few years. Providing cloud-based AI capabilities is less evident looking at the current data. The White House, however, appears to anticipate that the offering of cloud-based AI will become much more common in the years to come. They are therefore trying to get ahead of the trend. Ordering the FedRAMP PMO to “prioritize” certifying those capabilities, suggests that companies offering them will jump to the head of the line when it comes to achieving FedRAMP certification.