First, the rule applies to WordPress and all that kind of thing, and then providers would have to KYC WordPress users. Which is a reason not to pass it.
Second, the rule is completely pointless, because it doesn't, and then anyone could create an AI training WordPress plugin that uses whatever arbitrarily fast hardware the server has and thereby easily bypass the rule. Which is a reason not to pass it.
It applies to any "software that is not predefined". An OS is just an non-exhaustive example of one type of software that applies.
The next sentence is:
> The consumer [...] has control over the operating systems, storage, and any deployed applications.
That was just a snippet of the full definition here:
https://www.federalregister.gov/d/2024-01580/p-46
There are two possibilities here.
First, the rule applies to WordPress and all that kind of thing, and then providers would have to KYC WordPress users. Which is a reason not to pass it.
Second, the rule is completely pointless, because it doesn't, and then anyone could create an AI training WordPress plugin that uses whatever arbitrarily fast hardware the server has and thereby easily bypass the rule. Which is a reason not to pass it.
7 replies →
"and applications", not just operating systems.
I think it’s most reasonable to read that as “includes [all of these examples]” not “excludes if it can’t [any of these examples]”
AWS Lambda would clearly (IMO) be in-scope as IaaS by this definition, as an example, even though I can’t install another OS.
AWS Lambda qualifies because it is part of AWS and an AWS account gives you access to EC2 which definitely qualifies.