Notice: You are viewing a detailed profile of an entity in our US Agency Mapping resource, in which we have compiled all information relevant for the regulation of advanced AI technologies in the US. To see an overview of all entities, return to the entity overview page.
Index
Department of Commerce (DoC)
International Trade Administration (ITA)
US Patent and Trade Administration (USPTO)
Bureau of Industry and Security (BIS)
National Institute of Standards and Technology (NIST)
US AI Safety Institute (USAISI)
National Telecommunication and Information Administration (NTIA)
Department of Energy (DoE)
Office of Cybersecurity, Energy Security, and Emergency Response (CESER)
Advanced Scientific Computing Research (ASCR)
Office of Critical and Emerging Technology (OCET)
Department of Homeland Security (DoHS)
Cybersecurity and & Infrastructure Security Agency (CISA)
Office of Cyber, Infrastructure, Risk, and Resilience (CIRR)
Bureau of Industry and Security (BIS)
Management and Policy Coordination (MPC) – Office of Information and Communications Technology and Services (ICTS)
MPC is the management body of BIS. It houses the ICTS, which evaluates the national security risks of ICTS transactions. The program aims to protect U.S. digital infrastructure by reviewing, investigating, and potentially prohibiting or mitigating ICTS transactions that pose unacceptable risks to national security.
Elizabeth Cannon - Executive Director Of Office Of Information And Communications Technology And Services
Description
MPC is the management body of BIS. It is responsible for the statutory, regulatory, policy, procedural, and strategic guide of the bureaus activities and operations.
The MPC houses the ICTS which evaluates the national security risks of ICTS transactions. The program aims to protect U.S. digital infrastructure by reviewing, investigating, and potentially prohibiting or mitigating ICTS transactions that involve foreign adversaries and pose unacceptable risks to national security. The program collaborates with other federal agencies, analyzes intelligence and cybersecurity threats, and has authority over areas including connected software applications, Infrastructure as a Service (IaaS) providers, and AI model training.
Authority
MPC Responsibilities
- Establishes overall policy agenda and Bureau priorities
- Coordinates agreement on goals, objectives, and performance metrics
- Evaluates program performance against established criteria
- Manages enterprise data network to support operations
- Coordinates funding allocation among programs and engages with Department, OMB, and Congress
- Oversees program operations and expenditures
- Executes or supervises implementation of select policy initiatives
- Adjudicates appeals on ICTS determinations, licensing decisions, and enforcement actions
List of authorities
| Code/Legislation | Description |
|---|---|
| EO 13873: “Securing the Information and Communications Technology and Services Supply Chain” | Grants Secretary of Commerce authority to prohibit or mitigate ICTS Transactions posing undue or unacceptable risks to the US |
| 15 C.F.R. Part 7: “Securing the Information and Communications Technology and Services Supply Chain” | Implements EO 13873, establishes scope of ICTS Transactions and review process |
| EO 13984: “Taking Additional Steps to Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities” | Directs Secretary of Commerce to propose “know your customer” rules for Infrastructure as a Service providers |
| EO 14034: “Protecting Americans’ Sensitive Data from Foreign Adversaries” | Expands on EO 13873 to address threats from connected software applications linked to foreign adversaries |
| EO 14110: “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence” | Directs Secretary of Commerce to impose record keeping requirements on IaaS providers for transactions with foreign persons training large AI models |
| IEEPA | Provides legal basis for Executive Orders related to international economic emergencies |
Budget
According to the FY 2025 Budget Request, the ICTS sought funding increases of $3,287,200 and the establishment of 7 positions to implement Section 4.2 of Executive Order 14110 on Artificial Intelligence. This will enable BIS to propose regulations requiring U.S. Infrastructure as a Service (IaaS) providers to report foreign persons potentially developing AI models with concerning capabilities. The funding will support evaluating technical parameters, proposing regulations for “use” identification and reporting, and establishing liaisons with industry and law enforcement. BIS aims to assess cyber threats that may require restrictions on U.S. IaaS providers’ foreign contracts. As these processes become more complex, BIS anticipates potential non-linear budgetary growth in the future.
References
https://www.bis.gov/sites/default/files/files/legal-authorities-2020-with-hyperlinks.pdf
Index
Department of Commerce (DoC)
International Trade Administration (ITA)
US Patent and Trade Administration (USPTO)
Bureau of Industry and Security (BIS)
National Institute of Standards and Technology (NIST)
US AI Safety Institute (USAISI)
National Telecommunication and Information Administration (NTIA)
Department of Energy (DoE)
Office of Cybersecurity, Energy Security, and Emergency Response (CESER)
Advanced Scientific Computing Research (ASCR)
Office of Critical and Emerging Technology (OCET)
Department of Homeland Security (DoHS)
Cybersecurity and & Infrastructure Security Agency (CISA)
Office of Cyber, Infrastructure, Risk, and Resilience (CIRR)