Cloud Compute Controls Are the New Test of AI Statecraft

Cloud compute controls are becoming central to AI power
The article argues for narrow, risk-based rules instead of broad bans
Compute access must be governed early

When a country no longer needs to buy the top-tier AI chip in order to use it, the logic of technology control changes. In other words, the traditional map used for regulating technology was a complicated arrangement of boxes, borders, ships, customs forms and users. Cloud computing breaks that map: an enterprise can effectively rent a restricted chip on a remote server farm and train its models from hundreds or thousands of miles away, never coming into contact with the hardware itself. This is the reason why cloud compute controls now sit at the center of AI policy debates. The core question is no longer about the ability of China or another nation to acquire the chips themselves, but rather about whether a person can access the same capacity through a screen. If policy continues to treat chips as goods while treating AI compute as a service, the system of controls will inherently lag behind. This next battle is not just over ownership; it is over access. The main debate revolves around whether or not to consider access to the cloud part of the AI supply chain, or whether it's a service far too open and diffuse to manage effectively.

The Significance of Cloud Compute Controls

The debate surrounding cloud compute controls needs to be shifted away from whether or not it will block China toward the more difficult question of managing access to critical capacity. The primary problem isn't that cloud services are illegal, hidden, or hostile; many of them operate under legitimate commercial agreements. This fact is what makes them such a critical problem. When a particular kind of computing power can be purchased and rented like any other service, export controls have greatly diminished efficacy. A law can prohibit the sale of an advanced chip, but it can't necessarily prevent a company from utilizing that chip remotely. This gap creates ample space for sophisticated model development, intelligence activities and other dual-use endeavors. The policy challenge here isn't necessarily whether all cloud workloads are malicious; the vast majority are not. The policy challenge is instead whether governments can actually differentiate between ordinary business use and activities that could advance frontier AI capabilities.

The reason this problem matters today is that, despite ongoing algorithmic advances, AI scale remains intimately tied to compute power. The Stanford AI Index estimates that a substantial amount of compute power required for noteworthy models is now increasing at a rate of approximately double every five months and industry provided nearly 90% of all noteworthy models released in 2024. This suggests that the leading edge of AI will likely be dominated by companies with massive amounts of available capital, concentrated infrastructure and sophisticated chips. While private investment in AI is indeed very unequal ($109.1 billion for the US compared to $9.3 billion for China), the cloud weakens the concept of a national advantage if foreign entities can gain access to a comparable amount of computing power through third countries. Thus, the regulation of cloud computing has gone from being a secondary issue to a central component of AI policy and its effective implementation will be an important test of the policy's ability to keep pace with the technology itself.

A Stronger Case for Control Than a Ban

The strongest rationale for controlling cloud compute access is rooted in logic: if a specific chip is restricted because it has the potential to be used for military, intelligence, or surveillance purposes, then providing remote access to that chip can hardly be considered benign. Compute power is not simply a business input; it is a strategic input, capable of expediting model training, powering scientific simulations, improving targeting systems and allowing governments to process and analyze massive quantities of data much of which can be considered sensitive or proprietary. Ignoring cloud access invites circumvention. It also sends a mixed message to allies and rivals; it suggests that the United States is firm on the transfer of physical goods but ambivalent about the use of remotely accessed computing power. This isn't simply a technical distinction, it's political.

However, the argument for regulation is not the same as the argument for an outright ban. A broad cloud access ban would likely be costly to implement, difficult to enforce, harm US cloud businesses, alienate allies and force politically neutral nations towards Chinese cloud service providers. Additionally, it might eliminate an element of US visibility; when foreign clients use US-based services, US companies and agencies gain some visibility into demand, usage patterns and potential misuse. An outright cutoff could eliminate this visibility while potentially channeling users towards more obscure, opaque networks. Therefore, a more pragmatic approach seems to involve regulation like a narrow gate, not a wall, focused on controlled chips and systems used for frontier-level AI, high-risk end-users and large-scale model training rather than all foreign use of the cloud, which would be easily identifiable as a security threat.

Critics also rightly note that implementation will be challenging: cloud workloads can be fragmented across several computing clusters, shell corporations can obscure ownership, VPNs can mask location and resellers can obfuscate the identity of the actual end-user. Even rigorous know-your-customer requirements may not capture sophisticated actors. However, these weaknesses should not be seen as a reason to abandon controls altogether but rather as an indicator that the system should be designed around risk indicators rather than solely on formal identification. Factors like the amount of compute used, the type of chip, user affiliations, payment history and training activity will be relevant indicators of high-risk access. The goal should be to create enough friction for risky users and enough information for policymakers to make informed decisions, not necessarily perfect certainty.

Narrow Design of Cloud Compute Controls

A narrow design of cloud compute controls should first determine precisely what constitutes the object of control. Regulations should not apply to all cloud services (like storage, streaming, or regular business applications) but should focus on accessing controlled, high-end chips that can perform frontier-level AI computation. Broad regulations could lead to weakening of policy, as both providers and partners resist them and regulators become bogged down in cases with low security implications. The proper unit of control should be access to high-end computing services above a certain threshold and whenever the user, the nature of the intended use, or ownership of the service raises security concerns.

Secondly, determining which entities should be controlled is a key design consideration. A nationwide ban is easy to implement but extremely difficult to justify, as it includes significant numbers of benign users and prompts reciprocal actions. While user-specific controls are more targeted, they are also more susceptible to evasion. A combined approach, which imposes stringent controls on known restricted entities and their majority-owned subsidiaries and also requires licensing for identified high-risk users involved in military, intelligence, surveillance, cyber, or advanced weapons work, would seem to be the most pragmatic approach. However, unidentified users should only be subject to review if their access to computing power or controlled chips crosses a high threshold. This approach will allow policymakers to dedicate their scarce enforcement resources to where they are most needed, avoiding a dragnet approach to the problem.

Finally, decisions regarding responsibility for carrying out controls need careful consideration. While cloud providers will indeed bear some responsibility for identifying and vetting customers and monitoring high-risk usage, the state cannot abdicate its national security role entirely to corporations, blaming them for any and all breaches. This means the Bureau of Industry and Security would need additional staff, data tools and clear, well-defined rules for administering the program. CBO's estimate suggests that the staffing cost would be modest compared with the size of the AI market and the difficulty of enforcing cloud-based controls. As GAO has already warned, BIS would need long-term workforce planning in order to administer such controls effectively; otherwise, the policy would be one of mere words, with little practical impact.

The Diplomatic Repercussions of Cloud Compute Controls

Managing the diplomatic consequences of cloud computing controls may prove to be more challenging than implementing the policy itself from a legal standpoint. A substantial number of relevant data centers are located outside of the United States and China in third countries, many of which depend on these data centers for investment, development and digital growth. Southeast Asia is particularly important here, given the rapid growth of its data center market and a general interest from regional governments in becoming AI hubs. While unilateral regulations on the part of the United States will inevitably be viewed as extraterritorial overreach by some partners, this should not dissuade the United States from developing and implementing these policies. Rather, such policies need to be accompanied by strong positive incentives, not just restrictions.

The positive offer should be clear: countries that are hosting frontier AI data centers should be provided with assistance with respect to energy infrastructure, cybersecurity standards, audit procedures and trusted cloud certifications. These countries should also be given access to US technology under rules that are both clear and strict, effectively turning the controls into a joint governance agreement rather than a unilateral demand for compliance. The United States should push these countries to reject high-risk usage, but it must also provide them with the means by which to do so; otherwise, such policies risk driving them towards suppliers that demand fewer questions, less scrutiny and faster deployment of their services. This outcome would ultimately undermine the very US influence over the critical infrastructure it seeks to shape.

Moreover, energy policy must be part of the policy discussion. Estimates show that data centers will consume significant amounts of energy (415 terawatt-hours in 2024 and projected to increase to 945 TWh by 2030), with AI posing a major driver of that demand increase. Cloud compute controls are therefore not simply about chips; they are also about electricity grids, land, cooling systems, power agreements and local political consent. A country that hosts frontier AI infrastructure is also hosting substantial new demand on its power grid. Wise policy should consider the nexus of cloud compute access and the sustainability and reliability of the energy supply. Strategic infrastructure must be matched with strategic energy provisioning.

The True Choice Is Managed Access

Ultimately, the policy choice before governments should not be characterized as either open or closed access to cloud computing, as these are false dichotomies. Instead, the real choice is between unmanaged access and managed access. Unmanaged access allows strategic actors to exploit loopholes while policymakers are locked in arguments about definition, while excessive closure undermines the market and alienates allies. Managed access acknowledges the reality of cloud computing as a crucial part of the AI supply chain and structures rules around risk, scale, chip class, user identity and end-use. This view recognizes that computing power is a controllable resource but one that cannot necessarily be fully isolated from the rest of the world.

Such an approach would also alleviate the strongest criticism of cloud compute controls: the fear that they would accelerate China's drive towards self-sufficiency in chip manufacturing and AI. While this is a valid concern, failing to address the cloud gap risks an even faster pace of capability development. The answer, therefore, is not paralysis but targeted action. Controls should be strongest at the highest points of risk: for controlled entities, frontier chips, large training clusters and military-linked work and be weaker for ordinary commercial usage. This would focus efforts on the most sensitive activities while continuing to maintain US influence within the global AI market.

The starting point of the policy debate remains the key fact that advanced AI compute power is no longer dependent on direct ownership of the underlying machine. This has effectively shifted the control landscape from a problem of borders to one of access. While there may be no perfect solution for cloud compute controls, an unaddressed cloud gap will only erode the legitimacy of existing export control regimes over time. The task at hand is to build a narrow, enforceable and allied framework before circumvention becomes the norm. Policymakers need to stop treating remote access as a loophole to be addressed at a later date; it is already a reality within the current AI landscape and the nations that learn to manage it precisely will be well-positioned to shape the future trajectory of AI power, while others will be left policing hardware as capability moves through the cloud.

The views expressed in this article are those of the author(s) and do not necessarily reflect the official position of The Economy or its affiliates.

References

Congressional Budget Office (2025) H.R. 2683, Remote Access Security Act: Cost Estimate. Washington, DC: Congressional Budget Office.
Dohmen, H., Feldgoise, J., Weinstein, E.S. and Fist, T. (2023) Controlling Access to Advanced Compute via the Cloud: Options for U.S. Policymakers, Part I. Washington, DC: Center for Security and Emerging Technology.
International Energy Agency (2025) Energy and AI. Paris: International Energy Agency.
Maslej, N., Fattorini, L., Perrault, R., Gil, Y., Parli, V., Kariuki, N., Capstick, E., Reuel, A., Brynjolfsson, E., Etchemendy, J., Ligett, K., Lyons, T., Manyika, J., Niebles, J.C., Shoham, Y., Wald, R., Walsh, T., Hamrah, A., Santarlasci, L., Lotufo, J.B., Rome, A., Shi, A. and Oak, S. (2025) Artificial Intelligence Index Report 2025. Stanford, CA: Stanford Institute for Human-Centered Artificial Intelligence.
Sastry, G., Heim, L., Belfield, H., Anderljung, M., Brundage, M., Hazell, J., O’Keefe, C., Hadfield, G.K., Ngo, R., Pilz, K., Gor, G., Bluemke, E., Shoker, S., Egan, J., Trager, R.F., Avin, S., Weller, A., Bengio, Y. and Coyle, D. (2024) ‘Computing power and the governance of artificial intelligence’, arXiv.
Tan, N. (2026) The Geopolitical Debates Over Controlling Cloud Compute. Washington, DC: Carnegie Endowment for International Peace.
U.S. Bureau of Industry and Security (2025) Department of Commerce Announces Rescission of Biden-Era Artificial Intelligence Diffusion Rule, Strengthens Chip-Related Export Controls. Washington, DC: U.S. Department of Commerce.
U.S. Government Accountability Office (2025) Export Controls: Commerce Should Improve Workforce Planning and Information Sharing. Washington, DC: U.S. Government Accountability Office.
U.S. House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party (2026) House Passes Bipartisan Legislation to Limit Adversaries’ Remote Access to Critical Technology. Washington, DC: U.S. House of Representatives.