Taking Additional Steps To Address the National Emergency With Respect to Significant Malicious Cyber- Enabled Activities
United States Cloud Providers Must Verify Foreign Customers' Identities
What it does
Agencies must adopt rules requiring cloud providers to verify foreign customers, retain transaction records, and limit or block certain foreign accounts.
Real-world impact
- Requires cloud providers to collect and keep foreign customer identity records.
- Allows the government to block or limit cloud accounts tied to malicious foreign actors.
- Encourages voluntary information sharing between providers and security agencies.
Topics
Summary
This order directs the agency that oversees commerce to write rules requiring U.S. cloud computing providers to verify the identity of foreign customers who open accounts and to keep records of those transactions. It also lets the government restrict or close accounts tied to foreign actors involved in malicious cyber activity.
U.S. cloud providers, foreign customers and resellers, and federal security and law enforcement agencies will be affected.
The goal is to deter foreign cyber attacks, help investigations, and encourage more information sharing.
Questions, answered
Ask questions about this executive order and its implications. Try:
- “What agencies are affected by this order?”
- “How does this order change existing policy?”
- “What are the practical implications of this order?”