Full Report
Two U.S. senators, Jacky Rosen and Bill Cassidy, have introduced a bill aimed at protecting sensitive federal data... The post Rosen and Cassidy seek to ban DeepSeek, other AI technologies from federal contracts over security concerns appeared first on Industrial Cyber.
Analysis Summary
# Regulation/Compliance: Protection Against Foreign Adversarial Artificial Intelligence Act (Proposed)
## Overview
This proposed legislation aims to prohibit federal contractors from using specific Artificial Intelligence (AI) technologies originating from adversarial foreign nations, particularly the People’s Republic of China (PRC), when fulfilling contracts with U.S. federal agencies. The primary driver is national security, citing concerns that AI technologies like DeepSeek are legally compelled under Chinese law to share collected data with the Chinese government and its intelligence agencies.
## Key Details
- **Issuing Authority:** U.S. Senators Jacky Rosen and Bill Cassidy (Legislative Proposal).
- **Effective Date:** Not yet specified (Currently proposed legislation).
- **Jurisdiction:** U.S. Federal Government contracting environment.
- **Status:** Proposed.
## Requirements
### Mandatory Requirements
1. **Prohibition on Use:** Federal contractors must be prohibited from using DeepSeek AI technology to fulfill any aspect of their federal contracts.
2. **Successor Prohibition:** Federal contractors must be prohibited from using any successor application to DeepSeek developed by High-Flyer while holding an active federal contract.
3. **Reporting Mandate:** The U.S. Secretary of Commerce, in consultation with the U.S. Secretary of Defense, must prepare and deliver a report to Congress detailing the national security and economic espionage threats posed by AI platforms from adversarial nations (including China, North Korea, Iran, and Russia).
### Recommended Practices
1. Organizations should proactively audit their existing technology stacks to identify any usage of DeepSeek or related applications by High-Flyer that are currently deployed in environments supporting federal contracts.
2. Organizations should review existing contractual obligations to anticipate future compliance burdens related to foreign adversarial AI usage.
## Affected Organizations
- **Industries:** Any industry that either holds or seeks to hold a contract with a U.S. Federal Agency.
- **Organization Size:** Not explicitly size-dependent, but scope covers entities engaged in federal contracting.
- **Geographic Scope:** Applies specifically to contractors operating under the purview of U.S. Federal Government contracts.
## Compliance Timeline
- **TBD (Upon Passage):** The bill, if enacted into law, will establish specific compliance effective dates and reporting deadlines for the Secretaries of Commerce and Defense.
- **TBD (Final Deadline):** Full compliance (i.e., termination of prohibited AI usage) required across all applicable federal contracts following the enactment date and specified grace periods.
## Implementation Guidance
### Assessment Phase
- Conduct a comprehensive inventory of all AI tools currently in use by personnel fulfilling federal contracts.
- Specifically trace the provenance of any generative or analytic AI tool, focusing on applications developed in adversarial nations (China, North Korea, Iran, Russia).
### Implementation Phase
- Develop immediate mitigation plans to phase out the use of DeepSeek and identified successor applications on all systems related to federal contract performance.
- Establish internal procurement policies restricting the acquisition of AI tools from identified adversarial sources for use in federally supported work.
### Validation Phase
- Contractual compliance officers must attest that no prohibited technology is active in the environment supporting federal work.
- Successful completion of the mandated reporting requirements by the relevant Secretaries will serve as a key validation milestone for the legislation's intent.
## Technical Requirements
The article emphasizes the prohibition of specific *applications* (DeepSeek and successors by High-Flyer) rather than prescribing a universal technical standard (like encryption strength). However, the underlying requirement implies the need for **strict access control and software asset management (SAM)** to prevent the installation or use of the banned software on contractor systems used for government work.
## Penalties & Enforcement
- **Fines:** Details on specific financial penalties for non-compliance are not provided in this summary but would typically be established upon finalization of the Act, likely mirroring Federal Acquisition Regulation (FAR) violation penalties.
- **Other Consequences:** Prohibition on bidding for or receiving future federal contracts. Breach of contract termination.
- **Enforcement:** Enforcement mechanisms would likely fall under the relevant contracting federal agency, managed by the Department of Defense (DoD) or other relevant supervisory bodies, informed by the statutory reporting requirements.
## Related Standards
- **FAR/DFARS Clauses:** The enacted legislation would likely necessitate the creation or modification of relevant clauses within the Federal Acquisition Regulation (FAR) or Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate this AI restriction.
- **Executive Orders:** This proposal aligns conceptually with broader U.S. government efforts (e.g., related to China/foreign adversary tech bans) aimed at securing the federal information technology and supply chains.
## Resources
- **Official Documentation:** The specific bill PDF linked: [link - defanged: cassidy.senate.gov/wp-content/uploads/2025/05/BAG257555-2.pdf]
- **Guidance Documents:** Any subsequent guidance issued by the Department of Commerce or DoD following the bill’s passage will be crucial.
- **Tools:** Application whitelisting and robust Software Composition Analysis (SCA) tools capable of identifying the origin and developer of software components.
## Practical Recommendations
1. **Immediate Review:** Federal contractors must immediately review contractor agreements against the specific AI platforms mentioned (DeepSeek, High-Flyer) and other known AI tools from adversarial nations.
2. **Policy Update:** Integrate this foreign adversarial AI restriction into internal Acceptable Use Policies (AUPs) and procurement rules for all personnel involved in federal projects.
3. **Advocacy Monitoring:** Closely track the legislative progress of the 'Protection Against Foreign Adversarial Artificial Intelligence Act' as it moves through Congress, as definitions and timelines will solidify upon passage.