First, the rule applies to WordPress and all that kind of thing, and then providers would have to KYC WordPress users. Which is a reason not to pass it.
Second, the rule is completely pointless, because it doesn't, and then anyone could create an AI training WordPress plugin that uses whatever arbitrarily fast hardware the server has and thereby easily bypass the rule. Which is a reason not to pass it.
That's silly, no Wordpress hosting has H100 GPUs hooked up to it.
If you skim the full context of this proposal and the topics it focuses on (dedicated servers, virtual servers, AI acceleration), and you've been paying attention to current geopolitics in these areas (top chips being sanctioned), it is completely obvious that goal here is to prevent things like evading sanctions by renting hardware instead of buying it.
What stops them? You could have a WordPress plugin that uses Stable Diffusion to generate images, or encodes uploaded video, or provides an AI chatbot, and needs fast GPUs because there are a lot of users. Providers will supply anything the customer is willing to pay for. The expected AI plugins would be doing inference rather than training, but the user could use the same hardware for plugins that do something else.
> Providers will supply anything the customer is willing to pay for.
I suppose every company and every service should be in scope for KYC then. /s
But the reality is that Wordpress hosts are not in the business of renting people dedicated servers the price of a nice house. And if they were asked to do so, it wouldn't be a simple automated request without scrutiny.
In 2010 it wouldn't have been an automated request. Now there is plenty of demand for it to do inference and some providers are likely to start offering it if they don't already. You're also assuming the providers are interested in preventing foreigners from using their systems for AI training, rather than being interested in making as much money as possible without violating the letter of the law.
The latter is one of the reasons rules like this are simultaneously so expensive and ineffective. Provider A decides to KYC everybody because they're big and risk averse, so the rules inconvenience millions of innocent people. Provider B wants to make money selling GPUs to foreigners, so they implicitly choose a structure that allows that to happen if the rules contain any loopholes whatsoever. (This ignoring that foreign customers could just switch to foreign hosts and cost US companies business for no reason.)
And if the premise is the level of resources being consumed rather than the type of service then why don't the rules exempt anyone spending less than e.g. $50,000/month? That would be almost everyone while still not being anyone buying enough compute to do major AI training. It still wouldn't work but at least it would have much less overhead.
> It might be almost every individual developer. But that isn't really a huge cloud spend at all for an organization.
That's kind of the point. It excludes all of the individuals and small businesses and makes it unambiguous that it doesn't apply to someone paying $10/month for a VPS to use as a VPN endpoint for privacy.
> But speaking of loopholes, what do you think bad actors would do if you told them that they weren't subject to KYC under a certain dollar amount?
In some hypothetical world where the rules were actually effective? Spend $49,000 and then create a new account, which would be highly suspicious and still cause them to get caught.
In practice? Use a cooperative provider (Wells Fargo as a hosting company), or one in another country, the same as they would do regardless.
The whole SUV category of vehicles was spawned as a workaround for the 1975 Energy Policy and Conservation Act of 1975. Demand blocked by laws leads to weird mutations.
I'm thinking that this will simply promote cloud providers that operate outside America, sort of like Binance and FTX were "forced to exit" the US market. Not a bad result.
