U.S. flag

An official website of the United States government

Dot gov

Official websites use
A .gov website belongs to an official government organization in the United States.


Secure websites use HTTPS
A lock () or https:// means you’ve safely connected to the website. Share sensitive information only on official, secure websites.


  1. Home
  2. News
  3. Press Releases

Was this page helpful?

Commerce Department Seeks Input in Development of Cyber Rules to Deter Malicious Use of Cloud Services


The Commerce Department issued advance notice of proposed rulemaking (ANPRM) in relation to Executive Order 13984 of January 19, 2021, Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities (E.O. 13984). The ANPRM seeks public comments on issues pertinent to the development of regulations to implement E.O. 13984.

E.O. 13984 directs the Secretary of Commerce to propose regulations to govern the process and procedures used to deter foreign malicious cyber actors’ use of United States Infrastructure as a Service (IaaS) products, otherwise known as cloud computing services. IaaS products and services provide users the ability to run software and store data on servers offered for rent or lease while avoiding responsibility for the maintenance and operating costs of those servers.

E.O. 13984 tasks the Secretary of Commerce, with proposing regulations that require U.S. IaaS providers to verify the identity of any foreign person that obtains and maintains Accounts with these providers.  It also tasks the Secretary with proposing regulations to prohibit or impose conditions on Accounts, within certain foreign jurisdictions or managed by certain foreign persons, that are used for malicious cyber-enabled activities.

The Department of Commerce is requesting comments from industry stakeholders and the public on several aspects of how the Department should implement relevant sections of E.O. 13984.  The ANPRM solicits input in particular on questions related to customer due diligence requirements and related exemptions, the imposition of special measures, and definitions to be incorporated into the rule. 

The Department encourages commenters to reference specific question numbers to facilitate the Department’s review of comments. Comments should be submitted by October 25, 2021.