As jurisdictions around the world take their first steps toward regulating the most powerful AI systems, such as the EU AI Act and the US Executive Order 14110, there is a growing need for effective enforcement mechanisms that can verify compliance and respond to violations. We argue that compute providers should have legal obligations and ethical responsibilities associated with AI development and deployment, both to provide secure infrastructure and to serve as intermediaries for AI regulation. Compute providers can play an essential role in a regulatory ecosystem via four key capacities: as securers, safeguarding AI systems and critical infrastructure; as record keepers, enhancing visibility for policymakers; as verifiers of customer activities, ensuring oversight; and as enforcers, taking actions against rule violations. We analyze the technical feasibility of performing these functions in a targeted and privacy-conscious manner and present a range of technical instruments. In particular, we describe how non-confidential information, to which compute providers largely already have access, can provide two key governance-relevant properties of a computational workload: its type-e.g., large-scale training or inference-and the amount of compute it has consumed. Using AI Executive Order 14110 as a case study, we outline how the US is beginning to implement record keeping requirements for compute providers. We also explore how verification and enforcement roles could be added to establish a comprehensive AI compute oversight scheme. We argue that internationalization will be key to effective implementation, and highlight the critical challenge of balancing confidentiality and privacy with risk mitigation as the role of compute providers in AI regulation expands.

翻译：随着全球各司法管辖区迈出监管最强大AI系统的第一步（例如欧盟《AI法案》和美国第14110号行政令），迫切需要能够验证合规性并应对违规行为的有效执行机制。我们认为，计算提供者应承担与AI开发部署相关的法律义务和道德责任，既要提供安全基础设施，又要充当AI监管的中介。计算提供者可通过四项关键能力在监管生态系统中发挥重要作用：作为安全守护者，保障AI系统和关键基础设施；作为记录保管者，增强政策制定者的可见性；作为客户活动验证者，确保监督到位；以及作为执行者，对违规行为采取行动。我们分析了以目标导向且保护隐私的方式履行这些功能的技术可行性，并提出了一系列技术工具。特别地，我们描述了计算提供者基本已可获取的非机密信息如何揭示计算工作负载的两项治理相关属性：其类型（如大规模训练或推理）及消耗的计算量。以AI第14110号行政令为案例，我们概述了美国如何开始对计算提供者实施记录保存要求。同时探讨了如何增加验证与执行角色以建立全面的AI计算监督体系。我们认为，国际化将是有效实施的关键，并强调随着计算提供者在AI监管中角色的扩展，如何在风险缓解与机密性及隐私保护之间取得平衡是一项关键挑战。