The U.S. Department of Commerce is set to introduce mandatory reporting requirements for leading AI developers and cloud providers, according to a notice of proposed rulemaking set for release on Wednesday. The move aims to assess defense-relevant capabilities at the forefront of AI research and development.
Under the proposed rule, frontier AI model providers and hyperscalers would be required to provide detailed reports to the federal government. These reports would cover developmental activities, cybersecurity measures, and results from red-teaming exercises designed to test for potentially dangerous capabilities.
"As AI is progressing rapidly, it holds both tremendous promise and risk," said Commerce Secretary Gina M. Raimondo. "This proposed rule would help us keep pace with new developments in AI technology to bolster our national defense and safeguard our national security."
The collected information will allow the federal government to evaluate whether the domestic defense industry is keeping up with AI advancements and if additional support is necessary for developing dual-use foundation models—AI systems that can be used for both civilian and military purposes. It will also help them defend against known dangerous capabilities and ensure adequate safeguards against theft or misuse by foreign adversaries or non-state actors.
The Bureau of Industry and Security (BIS) proposes quarterly reporting, with the option for simple affirmations if no changes occur between periods. The agency is seeking public comment on reporting frequency and alternative methods for timely information gathering. Given the sensitive nature of the data, the Commerce Department is also soliciting input on secure collection and storage methods.
The rule’s technical definitions are also up for review. For instance, a “dual-use foundation model” would be defined as a model requiring more than 10^26 computational operations per second, with models trained primarily on biological sequence data having a lower threshold of 10^23 operations. The definition of a “large-scale computing cluster” includes systems with a performance greater than 10^20 operations per second, connected at rates above 300 gigabits per second.
The deadline for public comments will offer industry leaders the chance to weigh in on how best to implement these new measures without stifling innovation.