Expansion of Validated End User Authorization: Data Center Validated End User Authorization

<RULE> DEPARTMENT OF COMMERCE <SUBAGY>Bureau of Industry and Security</SUBAGY> <CFR>15 CFR Parts 748</CFR> <DEPDOC>[Docket No. 240926-0254]</DEPDOC> <RIN>RIN 0694-AJ82</RIN> <SUBJECT>Expansion of Validated End User Authorization: Data Center Validated End User Authorization</SUBJECT> <HD SOURCE="HED">AGENCY:</HD> Bureau of Industry and Security, Department of Commerce. <HD SOURCE="HED">ACTION:</HD> Final rule. <SUM> <HD SOURCE="HED">SUMMARY:</HD> In this rule, the Department of Commerce, Bureau of Industry and Security (BIS), amends the Export Administration Regulations (EAR) to expand the Validated End User Authorization (VEU) program to include VEU Authorization for data centers located in specified destinations (“Data Center VEU” or “Data Center VEU Authorization”). This expansion of the VEU program to include Data Center VEU is intended to facilitate quick and reliable export or reexport of items on the Commerce Control List necessary for a data center, including advanced computing items, to preapproved trusted end users. Data Center VEU adopts much of the framework of the existing VEU program, with additional requirements. This expansion of eligibility is intended to update the VEU program to recognize the advancement and benefits of artificial intelligence. As under the original VEU Authorization Program, the U.S. government will rigorously review Data Center VEU candidates' applications subject to detailed and verifiable criteria. </SUM> <EFFDATE> <HD SOURCE="HED">DATES:</HD> This rule is effective on October 2, 2024. </EFFDATE> <FURINF> <HD SOURCE="HED">FOR FURTHER INFORMATION CONTACT:</HD> Chair, End-User Review Committee, Office of the Assistant Secretary for Export Administration, Bureau of Industry and Security, Department of Commerce, Phone: (202) 482-5991, Email: <E T="03">ERC@bis.doc.gov.</E> </FURINF> <SUPLINF> <HD SOURCE="HED">SUPPLEMENTARY INFORMATION:</HD> <HD SOURCE="HD1">Background</HD> In this rule, the Department of Commerce, Bureau of Industry and Security (BIS), amends the Export Administration Regulations (EAR) (15 CFR 730-774) to expand the Validated End-User (VEU) program in 15 CFR 748.15 to enable VEU Authorization for data centers (“Data Center VEU” or “Data Center VEU Authorization”). Data Center VEU is intended to cultivate trusted ecosystems for the responsible use of advanced computing integrated circuits. Foreign adversaries seek to use advanced computing integrated circuits and supercomputing capacity in the development and deployment of AI models to further their military capabilities, contrary to U.S. national security and foreign policy interests. For this reason, BIS imposed controls on these items in October, 2022 (87 FR 62186, October 13, 2022) and October, 2023 (88 FR 73424, October 25, 2023 and 88 FR 73458, October 25, 2023). Although BIS strictly controls the export of advanced integrated circuits, BIS also recognizes that in certain destinations where a license is currently required, advanced computing integrated circuits can be deployed in highly trusted environments, enabling the use of AI for technological discoveries and the development of new tools that improve the world. Specifically, BIS has determined that there could be significant benefits from authorizing the export and reexport of advanced computing integrated circuits to end users who operate data centers that implement certain security measures and satisfy other criteria. Accordingly, BIS is amending the EAR to establish a new authorization `Data Center VEU' that is intended to facilitate export or reexport of all items on the Commerce Control List that require a license to the destination excluding “600 series” items and are necessary for a data center, including advanced computing integrated circuits and electronic assemblies, to trusted end users that meet certain prerequisites. As a quintessential dual-use technology, AI comes with many benefits and risks. This cutting-edge technology holds the potential to increase access to healthcare, education, and food and assist with combatting complex problems such as climate change. For example, AI-enabled virtual learning systems can be tailored to a student's needs to bridge the education gap in regions that lack resources or qualified teachers. AI can also improve access to healthcare by facilitating remote-patient monitoring. At the same time, AI is revolutionizing the military and intelligence capabilities of adversaries. Advanced AI models, trained on advanced computing integrated circuits, have the potential to diffuse dangerous capabilities by lowering the barrier to develop cyberweapons or chemical, biological, radiological, or nuclear weapons. Advanced AI capabilities can lead to improved speed and accuracy of military decision-making, planning, and logistics. They can also be used for cognitive electronic warfare, radar, signals intelligence, mass surveillance, and jamming. For example, the February, 2024, Annual Threat Assessment of the U.S. Intelligence Community states that the People's Republic of China (PRC) is pursuing AI for mass surveillance and intelligent weapons platforms. In response to the national security and foreign policy risks of AI, as noted above, in October, 2022, BIS published an interim final rule (87 FR 62186) which made critical changes to the EAR in two areas. First, the rule imposed additional export controls on certain advanced computing semiconductor chips (chips, advanced computing chips, integrated circuits (ICs)), transactions for supercomputer end uses, and transactions involving certain entities on the Entity List (supplement no. 4 to part 744). Second, the rule adopted additional controls on certain semiconductor manufacturing items and transactions for certain IC production end uses. In October, 2023, BIS broadened the scope of destinations for these controls to cover other destinations of concern (such as Country Groups D:1 and D:5 for newly added semiconductor manufacturing equipment controls, and D:1, D:4, and D:5 for the advanced computing controls). Similarly, BIS imposed worldwide license requirements for certain specified end-uses when conducted on behalf of entities headquartered in, or with an ultimate parent company headquartered in, Macau or a destination in Country Group D:5. Due to the rapid nature of technological change in AI, BIS has been closely studying these developments and updating its rules accordingly to ensure that they remain as targeted and effective as possible. Data Centers play a vital role in global AI development, and the United States is committed to facilitating international AI development in a way that minimizes risk to national security. Accordingly, this rule expands the VEU program to facilitate the export or reexport of items necessary for a data center to preapproved trusted validated end users in destinations that require a license for items classified under Export Control Classification Numbers (ECCNs) 3A090.a and 4A090.a, and .z items in Categories 3, 4, and 5, excluding D:5 countries. Data Center VEU adopts much of the framework of the existing VEU program, with additional requirements appropriate for a data center environment. In addition, this action includes appropriate safeguards to address the implications of risks AI might impose on U.S. and allies' national security and foreign policy objectives. As under the original VEU Authorization Program, the U.S. government will rigorously review Data Center VEU candidates' applications subject to detailed and verifiable criteria consistent with facilitating U.S. exports. <HD SOURCE="HD1">Addition of Authorization Data Center VEU to the EAR</HD> To implement Data Center VEU, BIS amends the EAR to refer to the existing VEU program that currently applies to India and China as `General VEU Authorization' and to refer to the new program as `Data Center VEU Authorization.' The framework for both programs is similar, although the requirements are different. All VEU authorizations allow exports and reexports to the VEUs. However, a separate authorization is needed if a VEU reexports to a third party. Although in country transfers are permitted under General VEU Authorization, in country transfers are not permitted under Data Center VEU Authorization unless the transfer (in-country) is to a VEU authorized location by the same VEU. Section 748.15 maintains the following subsections: (a) Eligible end-users; (b) Eligible destinations; (c) Item restrictions; (d) End-use restrictions; (e) Certification and recordkeeping; (f) Reporting and review requirements; (g) Notification requirement; (h) Termination of Conditions on VEU Authorizations; and (i) Records. Supplement no. 7 to part 748 includes a list of end users who have been approved through the VEU program and are eligible for exports or reexports under Data Center VEU Authorization or exports, reexports, or transfers (in-country) under General VEU Authorization. Supplement no. 8 to part 748 describes information required in requests for both types of VEU authorization. <HD SOURCE="HD2">Eligibility and Application Requirements</HD> The introduction to section 748.15 (Authorization Validated End-User (VEU)) is amended to include references to both `General VEU Authorization' and `Data Center VEU Authorization.' Revised section 748.15(a)(1), includes the eligibility criteria for the current VEU program, now called `General VEU Authorization,' and the eligibility criteria for `Data Center VEU Authorization.' Some requirements are the same for both types of VEU authorizations, as described in sections 748.15(a)(2) through (5). Paragraphs (b) and (d) are each now bifurcated to distinguish between the two VEU Authorizations, each with a new paragraph (1) discussing General VEU Authorizations and a new paragraph (2) discussing Data Center VEU Authorizations. Paragraph (c) of section 748.15 now includes a new par ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Preview showing 10k of 63k characters. Full document text is stored and available for version comparison. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━