Comment by patricklorio

I read the document a bit, it seems like this is essentially saying that services like AWS need to know the identity of their customer if they suspect they are a foreign entity.

I don't think this would cover VPNs or internet access, mainly just people spending lots of $$ on compute. Is that correct? If so it seems reasonable. If a non US group is spending lots of money using US technology to develop an AI model I do think that falls under foreign trade and should be documented.