The U.S. House of Representatives has moved to redraw the boundaries of American export controls for the age of cloud computing, approving a sweeping bill designed to block foreign adversaries from tapping into powerful U.S. artificial intelligence hardware without ever importing a single chip.
On January 12, 2026, lawmakers passed the Remote Access Security Act (H.R. 2683) by a bipartisan margin of 369–22. The measure now heads to the Senate and would still require the president’s signature to become law. Its central aim is to shut what officials call the “cloud loophole” — a gap that has allowed overseas companies, particularly in China, to rent computing time on advanced U.S.-designed AI systems hosted in third-country data centers.
Under the proposal, the Commerce Department’s Bureau of Industry and Security (BIS) would gain explicit authority to treat remote access to controlled technology the same way it treats physical exports. That means cloud providers and intermediaries could be required to obtain licenses — and face penalties — if they allow foreign persons to use restricted U.S. chips or systems, even when the hardware never crosses a border.
Supporters argue the current rules have fallen behind reality. “Export controls are only as strong as their weakest link,” said Rep. Mike Lawler (R-NY), the bill’s sponsor, warning that the Chinese Communist Party has been exploiting this digital back door. Rep. John Moolenaar (R-MI), who chairs the House Select Committee on China, said the legislation updates U.S. law for a world where computing power can be rented as easily as it can be shipped, putting cloud services squarely under export control rules.
How the ‘Cloud Loophole’ Worked
The House action follows a series of reports showing how companies have navigated around existing restrictions. One of the most striking cases involved Shanghai-based startup INF Tech, which allegedly gained access to Nvidia’s GB200 systems through a deal routed via Indonesia — a transaction estimated at about $100 million. Chinese tech giants including Alibaba and Tencent have also been accused of enabling China-based customers to use restricted GPUs by relying on offshore hardware.
Meanwhile, U.S. cloud heavyweights such as Amazon Web Services and Microsoft operate in China through local partners. While those arrangements are structured to comply with U.S. law, regulators have acknowledged that policing who ultimately uses export-controlled hardware becomes far more complicated when access is delivered over the internet. As one industry observer put it, in the digital era the chips “aren’t going anywhere” — but their capabilities are.
The bill would force cloud providers and GPU rental platforms to tighten customer screening, apply for licenses when required, and ensure that sensitive accelerators and systems are not effectively “exported” through remote logins. For BIS, it would close a gray area that has made enforcement increasingly difficult as AI workloads migrate to global data centers.
The push also fits into a broader and sometimes contradictory U.S. policy toward China’s tech sector. Since April 2025, the Trump administration has permitted Nvidia to sell its H200 chips in China — though not its most advanced products. Beijing has not yet approved those imports and is accelerating efforts to build domestic alternatives, a process that remains slow but is gaining momentum.
A Growing Compliance Industry
The ripple effects are already being felt in Washington and beyond. On January 13, 2026, Beacon Global Strategies (BGS) announced the creation of a new Export Control and Industrial Strategy practice, aimed at helping companies navigate the expanding regulatory maze. The unit is being led by Managing Director Meghan Harris, a former National Security Policy Advisor at BIS, and Senior Advisor Kevin Kurland, who spent nearly 30 years in senior enforcement roles at the Commerce Department.
Harris said the goal is to give companies “decision advantage” in an environment where strategy and national security increasingly overlap. Kurland, drawing on his time at BIS, said executives now need advisors who understand how Washington thinks about technology competition and can anticipate regulatory shifts before they hit.
Across the Atlantic, similar moves are under way. Also on January 13, 2026, law firm Crowell & Moring said it had added Liesbeth Truyens as a partner in its Brussels office to bolster its European Union sanctions and export control practice, citing growing client demand for help with cross-border compliance.
Together, these developments underscore how quickly the rules of the game are changing for companies in AI, semiconductors, biotechnology, robotics, critical minerals, and energy. Export controls are no longer just about crates of hardware at ports — they are about logins, data centers, and who gets to press “run” on the world’s most powerful machines.
The Remote Access Security Act’s future now rests with the Senate, and the White House has not yet signaled whether it will back the measure. But the House vote suggests strong political momentum. For tech firms and cloud providers, the message is already clear: in the next phase of the global technology rivalry, remote access may be regulated almost as tightly as physical shipments.
