Remote Access Security Act
Analysis under review: This bill has generated analysis that may be too generic or incomplete. Clause-level evidence remains available below.
Summary
What This Bill Does
This bill closes a gap in U.S. export controls by extending them to cover remote access to controlled technology through cloud computing services. Currently, export controls apply when physical items or software are exported, but not when foreign adversaries access the same capabilities remotely through the cloud. The bill amends the Export Control Reform Act of 2018 to treat remote cloud access by foreign persons of concern the same as a physical export, requiring licenses and other controls.
Who Benefits and How
U.S. national security benefits by closing the cloud access loophole that allows adversary nations to remotely use controlled technologies, particularly for training dangerous AI models, conducting offensive cyber operations, or enabling surveillance. Domestic cloud service providers may gain a competitive advantage as compliant platforms. The bill includes a 10-year sunset and requires Congressional consultation before new regulations, along with a public report on economic impact within one year.
Who Bears the Burden and How
Cloud infrastructure providers face significant new compliance obligations, as they must now monitor and control remote access by foreign persons of concern to items on the Commerce Control List. U.S. technology companies with international customers in affected countries (China, Russia, and others specified in 10 USC 4872(f)(2)) face potential loss of business. The Secretary of Commerce bears additional regulatory, reporting, and consultation obligations.
Key Provisions
- Defines remote access as cloud-based access to controlled items by foreign persons of concern
- Covers AI training for WMD/offensive cyber/evasion of human control, offensive cyberspace capabilities, and human rights-undermining surveillance
- Foreign persons of concern include governments and entities from countries listed in 10 USC 4872(f)(2), including China and Hong Kong/Macau SARs
- Requires Congressional consultation before promulgating remote access regulations
- Mandates public report with recommendations within 1 year, including public roundtable
- 10-year sunset on remote access control authority
Evidence Chain:
This summary is generated from the full bill text using AI analysis. Expand "Detailed Analysis" below for identified beneficiaries/burden bearers.
At a Glance
What This Bill Does
Extends U.S. export controls to cover remote access to controlled items by foreign persons of concern through cloud infrastructure services, targeting AI training, offensive cyber operations, and surveillance technologies
Key Policy Areas
National Security, Technology, Trade and Export Controls, Cybersecurity
Primary Purpose
Extends U.S. export controls to cover remote access to controlled items by foreign persons of concern through cloud infrastructure services, targeting AI training, offensive cyber operations, and surveillance technologies
Policy Domains
Control of Remote Access Under Export Control Reform Act
Identified Gains
Contextual inference, no direct clause citation- U.S. national security interests
- Domestic cloud service providers (competitive advantage)
- Critical infrastructure operators
Contextual inference, no direct clause citation
Identified Costs
Contextual inference, no direct clause citation- Cloud infrastructure service providers (compliance obligations)
- Foreign persons of concern (access restrictions)
- U.S. technology companies with international customers
Contextual inference, no direct clause citation
Congressional Consultations
Identified Gains
Contextual inference, no direct clause citation- Congress (oversight capacity)
Contextual inference, no direct clause citation
Identified Costs
Contextual inference, no direct clause citation- Secretary of Commerce (reporting obligations)
Contextual inference, no direct clause citation
Report and Recommendations
Identified Gains
Contextual inference, no direct clause citation- U.S. businesses seeking regulatory clarity
- International partners
Contextual inference, no direct clause citation
Identified Costs
Contextual inference, no direct clause citation- Secretary of Commerce (report and public roundtable obligations)
Contextual inference, no direct clause citation
Sponsors
Legislative Progress
In CommitteeMr. McCormick (for himself, Mr. Wyden, Mr. Cotton, and Mr. …
Read twice and referred to the Committee on Banking, Housing, …
Introduced in Senate
Impact analysis is available but no clear stakeholder effects identified. View clause-level analysis →
Bill Structure & Actor Mappings
Who is "The Secretary" in each section?
- "the_secretary"
- → Secretary of Commerce
- "the_secretary"
- → Secretary of Commerce
- "the_secretary"
- → Secretary of Commerce
Note: {'note': 'Refers to Secretary of Commerce throughout this bill, consistent with Export Control Reform Act authority', 'term': 'the_secretary'}
Key Definitions
Terms defined in this bill
Has the meaning given Infrastructure as a Service by NIST Special Publication 800-145
Access to a controlled item by a foreign person of concern through cloud infrastructure service from outside the U.S. and other than where the item is physically located, where the Secretary determines serious national security or foreign policy risk, including: training AI dual-use models for WMD/offensive cyber/evasion of human control, accessing offensive cyberspace capabilities, or conducting surveillance undermining human rights
Government of a country specified in 10 USC 4872(f)(2) or any region thereof (including Macau and Hong Kong SARs), entities located/headquartered there or whose ultimate parent is there, or persons subject to such government jurisdiction
We use a combination of our own taxonomy and classification in addition to large language models to assess meaning and potential beneficiaries. High confidence means strong textual evidence. Always verify with the original bill text.
Learn more about our methodology