The Remote Access Security Act extends export restrictions on advanced American AI chips to cloud computing services, targeting a method Chinese companies have used to rent access to restricted hardware through offshore data centers.
The U.S. House of Representatives passed the Remote Access Security Act, a bipartisan bill designed to close a significant loophole in American export controls that allowed Chinese companies to access restricted AI chips through cloud computing services. The legislation represents a major expansion of the Export Control Reform Act, bringing cloud-based access to advanced semiconductors under federal oversight.
The Loophole in Practice
Chinese companies have reportedly been renting server access to high-performance AI chips hosted in third-party countries, effectively bypassing direct export restrictions. According to investigations by the Wall Street Journal, Shanghai-based INF Tech allegedly obtained access to 2,300 banned Nvidia AI GPUs by renting servers from an Indonesian telecommunications company. The deal, valued at approximately $100 million, involved 32 Nvidia GB200 servers. What made this particularly concerning for U.S. lawmakers was that the GPUs were reportedly purchased after INF Tech had already secured the Chinese company as a customer, suggesting a deliberate circumvention strategy.
Major technology companies including Alibaba and ByteDance have also been accused of training their large language models—Qwen and Doubao respectively—using Nvidia chips accessed through data centers in Southeast Asia. These cases demonstrate how cloud computing has become a vector for obtaining cutting-edge hardware without triggering export control mechanisms designed for physical shipments.
Legislative Response
The Select Committee on the Chinese Communist Party announced the bill's passage, stating it "modernizes the Export Control Reform Act by expanding federal authority to restrict foreign adversaries' ability to access technologies, including AI chips, remotely through cloud computing services." Committee Chairman and bill cosponsor John Moolenaar emphasized the strategic imperative: "The CCP's AI ambitions are being fueled by its access to American chips housed in data centers located outside of China. This bill brings our laws into the digital age and makes it clear that cloud compute is subject to U.S. export control law, just like physical chips."
The legislation effectively treats remote computational access as equivalent to physical export, extending the same restrictions and enforcement mechanisms to cloud-based services. This closes what had been a gray area in export control law, where the physical location of the hardware became the determining factor rather than the nationality of the end user.
The Broader Export Control Landscape
The chip export environment has been characterized as a "cat-and-mouse affair" between Washington and Chinese companies. The U.S. has taken a dual approach: maintaining strict controls on the most advanced hardware while selectively relaxing restrictions on certain chips. For example, Nvidia's H200 chips have received export approval for approved customers, though China has been slow to approve these imports for major companies.
Meanwhile, Blackwell-based chips and Nvidia's upcoming Vera Rubin architecture remain firmly off-limits. The Remote Access Security Act specifically targets remote access to this restricted hardware, which represents the highest tier of AI processing capability.
Supply Chain and Market Implications
The bill's passage reflects growing recognition that traditional export control frameworks, designed for physical goods, are inadequate for the digital economy. Cloud computing services operate across borders with minimal friction, making them ideal for circumventing territorial restrictions. By extending authority to cloud compute, the legislation acknowledges that computational power has become a strategic resource as critical as the chips themselves.
For semiconductor companies like Nvidia and AMD, this creates additional compliance burdens. They must now ensure that their cloud service provider partners implement robust verification systems to prevent foreign adversaries from renting access to restricted chips. This may require more sophisticated customer screening and ongoing monitoring of how computational resources are being used.
The bill also signals to the semiconductor industry that the U.S. government is committed to maintaining a comprehensive approach to technology competition with China. While individual chip sales may receive approval, the overall strategy remains focused on preventing Chinese companies from accessing the computational infrastructure needed to develop advanced AI systems.
Enforcement Challenges
Implementing these controls in the cloud environment presents significant technical challenges. Unlike physical shipments that pass through customs, cloud computing resources can be provisioned and accessed entirely digitally. Service providers will need to implement sophisticated identity verification, usage monitoring, and access controls to ensure compliance.
The legislation's effectiveness will depend on how well it can be enforced against both American cloud providers and international companies that may use U.S.-origin technology in their data centers. This could lead to increased friction in global cloud markets and potentially drive Chinese companies toward completely domestic cloud infrastructure.
As Beijing continues to encourage the development of homegrown chips and cloud services, this legislation may accelerate China's push for technological self-sufficiency. However, it also represents a clear statement that the U.S. intends to use all available legal tools to maintain its technological advantage in AI development.
Comments
Please log in or register to join the discussion