By James Baratta

Copyright prospect

Welcome to Big Ideas, a Prospect survey of next-generation solutions for pressing policy problems. Our writers scour the policy landscape to find out how to bring power back to the people and make America successful. Visit prospect.org/BigIdeas for more.

Perhaps the most overlooked front in the corporate artificial intelligence (AI) arms race is the cloud computing sector, which facilitates the storing and processing of the massive datasets needed for training models. Virtually every publicly traded company uses cloud services (Netflix and Spotify run almost all of their backend infrastructure and streaming on the cloud), and government agencies have awarded billions of dollars in contracts for such services.

The market for cloud computing is huge, with revenues exceeding those of smartphones, search engines, and broadband. Global cloud computing revenues reached $632 billion in 2023, and the U.S. accounted for more than half of that total. While slow quarterly earnings growth seems to have shaken investor confidence, cloud service providers expect sustained AI-driven demand to boost revenues significantly. Amazon Web Services (AWS), the biggest player in the cloud computing market, is one such provider, and it’s been so successful historically that its profits cross-subsidized the massive investments Amazon needed to dominate e-commerce.

The AI buildout has cloud companies salivating. “It’s hard to overstate how optimistic we are about what lies ahead for AWS’ customers and business,” Andy Jassy, president and chief executive officer of Amazon, said in February. “AI represents for sure the biggest opportunity since cloud and probably the biggest technology shift and opportunity in business since the internet.”

AWS, Microsoft Azure, and Alphabet’s Google Cloud Platform represent roughly two-thirds of the cloud computing market. The trio are known as “hyperscalers.” In addition to providing cloud services, hyperscalers operate colossal data center infrastructures to meet their customers’ computing, storage, and networking needs. Hyperscalers have reaped massive profits from cloud services in recent years. Their parent companies, flush with cash, have spent billions of dollars to acquire, invest in, or partner with potential competitors, increasing market concentration at the expense of competition (not to mention innovation).

In a new report, Asad Ramzanali, director of artificial intelligence and technology policy at Vanderbilt Policy Accelerator, offers a detailed blueprint for how to address cloud computing market failures and the national-security risks they create. Ramzanali identifies five factors that have eroded competition in the cloud sector—market concentration, vertical integration, conglomerate effects, opaque and differential pricing, and high switching costs—before outlining specific actions policymakers can take to correct cloud computing market failures and enhance national security.

Key among them is structural separation, an economic regulatory tool designed to remedy conflicts of interest arising from a single enterprise or parent company acting as the supplier, customer, competitor, and investor in a particular industry. Cloud service providers frequently engage in this. As the report points out, these enterprises offer “hundreds of products across dozens of categories,” and hyperscalers in particular have been acquiring startups “at rates comparable to the largest venture capital firms.” Lawmakers have proposed bipartisan legislation to implement structural separation in digital markets, but the momentum has not been enough to pass “the laws we need,” Ramzanali told the Prospect in an interview.

Global cloud computing revenues reached $632 billion in 2023, and the U.S. accounted for more than half of that total.

The cloud is a critical layer of the AI technology stack. Every layer of this stack “depends on the one(s) beneath it while retaining some operational independence,” the report explains. Semiconductor chips are central to cloud computing, which forms the bedrock of AI models like ChatGPT that applications depend on. Ramzanali described cloud computing as “the invisible digital infrastructure that people don’t pay attention to, but actually is a massive market, and has impacts on so much of what we do online.”

AI applications and chips represent the top and bottom layers of the tech stack, respectively. Both have been at the center of press and policy attention—and for good reason. Deepfakes and other issues related to AI applications are “most visible to end users,” Ramzanali told the Prospect. In 2022, Congress passed the CHIPS Act in response to pandemic-related supply chain shocks, providing $52 billion for domestic manufacturing and research.

Although Ramzanali was encouraged by broad bipartisan interest in these issues, he maintains that it’s past time to pursue policy that can keep pace with the rapidly evolving cloud industry. “This is a looming crisis, at the end of the day,” he told the Prospect. “Now is the time to regulate.”

The report includes sample legislative text, which Ramzanali says is intended to serve as a “starting point” for policymakers, “to show that this is doable.”

Oftentimes, policymakers “don’t have the time to spend two months getting into the weeds” of which terms they should use in draft legislation and assessing the trade-offs among different definitions. That reality is not lost on Ramzanali, who previously served as legislative director for former Rep. Anna Eshoo (D-CA). “My job as an academic is to do that analysis,” he told the Prospect.

Performing that analysis led Ramzanali to recommend that policymakers apply neutrality rules to the cloud sector. The concept of neutrality dates back to the Roman Empire, and essentially provides for an equal-access obligation to “serve all comers.” In modern history, the railroad-focused Interstate Commerce Act of 1887—which established the first regulatory agency in the United States—and the Communications Act of 1934 are rooted in this concept. Implementing neutrality rules in cloud computing would restrict preferential treatment for favored customers by eliminating discounts and resource prioritization. It would also end the practice of bundling cloud and non-cloud products together.

Additional recommendations include capping egress fees, which users incur when they move data from one provider to another. This creates lock-in for individual cloud companies. The report also calls for imposing “know your customer” requirements to prevent illegal activity that cloud computing could facilitate.

Cloud computing market failures also present “significant national security risks.” Outages, whether orchestrated by malicious foreign actors or merely the outcome of human error, have the potential to trigger widespread financial and operational disruptions, given how much is now hooked up to the cloud. Designating the cloud as critical infrastructure is one way to make it more secure. The Department of Homeland Security (DHS) defines critical infrastructure as assets “considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic activity, national economic health, or any combination thereof.”

Think of it like a dam. “If you live in a town that is downstream from a dam, your dependency on that dam is really high,” Ramzanali told the Prospect. “That’s why [DHS] closely tracks threats towards dams.”

The designation is not a panacea, but would force DHS to track threats to data centers and other critical infrastructure assets, likely enhance interagency and law enforcement coordination, and in the event of a national-security emergency, allow the federal government to allocate cloud capacity for defense.

Cloud computing is also at the center of geopolitical competition between the U.S. and China. The U.S. has long restricted foreign ownership and control of various industries, dating back to the days of Alexander Hamilton. Congress could require the Committee on Foreign Investment in the United States (CFIUS) to perform mandatory reviews of cloud service providers.

As the report suggests, shoring up national-security gaps and cultivating the competitive forces needed for a healthy market would do much to ensure the integrity of the cloud sector.

“We’re all paying a little bit of a tax; we’re all paying a little bit more for our digital goods and services than we should be,” Ramzanali told the Prospect. “We have dealt with these kinds of problems in other markets, and we know how to think about these kinds of policy questions, so that’s part of my rationale for bringing precedents into each section.”