Lots of regulation news lately.
The US Department of Commerce has announced new export controls on advanced computing chips used for artificial intelligence. While certain allied countries and universities will be exempt, the regulations aim to protect national security by preventing foreign adversaries from accessing top-tier AI technology. The Secretary of Commerce, Gina Raimondo, emphasized that these measures are designed to foster a trusted technological ecosystem globally. However, Nvidia, a major US chipmaker, criticized the rules as excessive and detrimental to America’s technological leadership, arguing they could hinder innovation and competition.
Nvidia has expressed support for the incoming Trump administration while criticizing new artificial intelligence regulations proposed. These regulations significantly impacting Nvidia, which holds an estimated ninety percent share of the AI chip market. The Biden administration’s rules are designed to prevent countries like China and Russia from accessing U.S. AI technology, citing national security risks associated with powerful AI systems. Nvidia argues that these new restrictions could stifle global innovation and economic growth, reversing progress made during the previous Trump administration.
President Biden signed an executive order aimed at accelerating the construction of artificial intelligence data centers across the United States. This directive instructs the Department of Defense and the Department of Energy to lease federal sites to private companies developing large-scale AI data centers and clean energy facilities. The order also prioritizes fast-tracking the permitting process for AI infrastructure, which has raised concerns among environmental and consumer advocacy groups regarding potential increases in pollution and energy costs. According to the Lawrence Berkeley National Laboratory, electricity demand from data centers has tripled over the past decade and is projected to double or triple again by 2028, consuming up to twelve percent of U.S. electricity. The government will require companies building these facilities to cover all associated costs and ensure that the electricity used comes from clean sources.
The U.S. Department of Health and Human Services has proposed significant changes to the HIPAA Security Rule, aiming to strengthen cybersecurity measures within healthcare organizations. The new rule, which is open for public comment until March seventh, mandates that all healthcare providers, health plans, and their associates implement strict cybersecurity practices, including conducting thorough risk analyses and maintaining comprehensive asset inventories. Notably, the proposed changes eliminate the previous ‘addressable’ requirements, making all cybersecurity measures mandatory. Organizations will also need to conduct compliance audits every year and ensure that all business associates verify their adherence to these cybersecurity standards. This overhaul comes after a prolonged period since the last update in 2013, reflecting the growing need for robust cybersecurity in the face of increasing cyber threats. The final rule is expected to be published following the review of public comments, with a six-month grace period for organizations to comply before enforcement begins.
Why do we care?
Each policy represents a potential disruptor—or enabler—for the IT sector, depending on how companies adapt. The biggest risk lies in underestimating the operational and compliance implications of these regulations.
At the current time, I do not believe most firms listening to this show need to worry about the AI chip export rules, just be aware of them. Those who do need to worry know who they are.
On the other head, the HIPAA rule changes are notable. For IT service providers catering to healthcare, the mandatory nature of these cybersecurity rules creates a surge in demand for compliance services, such as risk analyses, asset inventory management, and ongoing audits.
The short timeframe for implementing changes could overwhelm healthcare IT providers and their clients, leading to rushed implementations that increase the risk of errors. Or all be an opportunity.