For years, there have been reports of China utilizing cloud computing infrastructure, particularly in Singapore and other Southeast Asian nations, to bypass U.S. export bans on advanced AI chips. Since early 2024, the United States has proposed requiring U.S. cloud companies to determine whether their data centers and cloud services were being accessed by companies from adversarial nations to train AI models.
By January 2025, in one of the final export control acts of the Biden administration, the Framework for Artificial Intelligence Diffusion established a framework for validated end-user authorizations under its “trusted datacenter programs,” similar to a “know your customer” (KYC) requirement for cloud operators.
Now, the Remote Access Security Act (RASA), proposed in both the U.S. House of Representatives and the Senate, attempts to further plug the “cloud compute loophole” by authorizing the U.S. government to regulate not only the export of AI capabilities, but also the usage of such capabilities. On the surface, this seems to be a logical extension of the hardware and software export controls already in place, to further prevent U.S. adversaries from accessing U.S. technologies to train their AI models.








