Wassenaar Arrangement: Need for Reform in the Cloud & AI Era

Context

Recently protests erupted against Microsoft over claims that its Azure cloud services support Israeli military actions affecting Palestinians, highlighting gaps in the Wassenaar Arrangement. As cloud and AI technologies outpace traditional rules, the regime faces urgent calls for reform to curb misuse of dual-use tech.

Gaps in the Current Regime

• Outdated Structure: Originally designed for physical exports (hardware, chips, devices). Digital services like cloud computing and SaaS were never envisaged.
• Cloud Services in Grey Area: Remote access and API calls not clearly defined as “exports”. It allows exploitation by regimes misusing global cloud providers for surveillance and repression.
• Voluntary Nature: Any member can block reforms. Implementation left to domestic laws → patchy and inconsistent across states.
• Limited End-use Oversight: Controls are framed around military/WMD proliferation, not mass human rights violations enabled by AI and surveillance.
• Loopholes
  • Exemptions for “defensive research” and intra-country transfers.
  • Services can slip through due to lack of consensus definitions.

Reform Proposals

• Expand Control Lists
  • Include infrastructure/services enabling large-scale surveillance, profiling, and cross-border data policing.
  • Define thresholds for capacity and carve out strictly licensed defensive uses.
• Redefine “Export”
  • Treat remote enablement, authorisation, and granting admin rights as equivalent to exports.
  • Apply controls to SaaS and cloud transactions.
• Embed End-use & Human Rights Controls
  • Licensing to factor in: Identity of user, Jurisdiction & oversight regime& Potential for abuse
  • Align with UN Guiding Principles on Business and Human Rights.
• Binding Framework
  • Move from voluntary coordination to mandatory minimum standards.
  • Require denial of exports in atrocity-prone regions.
• Institutional Agility
  • Establish a technical committee/secretariat to fast-track controls on emerging tech (AI, cyber weapons, surveillance).
  • Introduce sunset clauses to review items periodically.
• Enhanced Coordination
  • Create shared watchlists, real-time red alerts, and interoperability standards among licensing authorities.

Challenges in Reform

• Political Resistance: Some states may resist reforms, citing sovereignty, innovation, or commercial interests in exporting surveillance tools.
• Consensus Requirement: The arrangement works on unanimity, allowing even a few holdouts to block reforms.
• Technical Complexity: Defining exports in the cloud era, mapping software functions to control categories, and distinguishing benign from malign uses is intricate.
• Industry Pushback: Private tech companies may resist additional compliance burdens. Fear of stifling innovation in fast-moving domains like AI.
• Differing National Priorities: States vary in their ambition: the EU has stronger human rights controls, while others prioritise commercial and security interests.

Way Forward

• Broaden the Scope of Wassenaar: Include digital technologies, AI, and cloud services in its ambit with clear definitions.
• Shift to Binding Commitments: Move from voluntary sharing to enforceable minimum global standards.
• Integrate Human Rights into Export Controls: Explicitly address misuse of technology for mass surveillance, repression, and discrimination.
• Create Domain-Specific Control Regimes: E.g., a specialised regime for AI, cyber weapons, and digital surveillance, aligned with Wassenaar but more agile.
• India’s Role
  • As a relatively new member, India should push reforms reflecting Global South concerns.
  • Advocate for balanced rules that prevent misuse but also ensure technology access for development.

Sharing is caring!