As jurisdictions around the world take their first steps toward regulating the most powerful AI systems, such as the EU AI Act and the US Executive Order 14110, there is a growing need for effective enforcement mechanisms that can verify compliance and respond to violations. We argue that compute providers should have legal obligations and ethical responsibilities associated with AI development and deployment, both to provide secure infrastructure and to serve as intermediaries for AI regulation. Compute providers can play an essential role in a regulatory ecosystem via four key capacities: as securers, safeguarding AI systems and critical infrastructure; as record keepers, enhancing visibility for policymakers; as verifiers of customer activities, ensuring oversight; and as enforcers, taking actions against rule violations. We analyze the technical feasibility of performing these functions in a targeted and privacy-conscious manner and present a range of technical instruments. In particular, we describe how non-confidential information, to which compute providers largely already have access, can provide two key governance-relevant properties of a computational workload: its type-e.g., large-scale training or inference-and the amount of compute it has consumed. Using AI Executive Order 14110 as a case study, we outline how the US is beginning to implement record keeping requirements for compute providers. We also explore how verification and enforcement roles could be added to establish a comprehensive AI compute oversight scheme. We argue that internationalization will be key to effective implementation, and highlight the critical challenge of balancing confidentiality and privacy with risk mitigation as the role of compute providers in AI regulation expands.

翻译：随着全球各司法管辖区开始对最强大的AI系统实施监管（如欧盟《人工智能法案》及美国第14110号行政令），亟需建立有效的执行机制以核查合规性并应对违规行为。我们认为，计算提供者应承担与AI开发及部署相关的法律义务与伦理责任，既要提供安全的基础设施，也要充当AI监管的中介角色。计算提供者可通过四种关键能力在监管生态系统中发挥核心作用：作为安全保障者，保护AI系统与关键基础设施；作为记录保存者，增强政策制定者的透明度；作为客户活动的核查者，确保监督有效性；以及作为执行者，对违规行为采取行动。我们分析了在目标精准且尊重隐私的前提下履行这些职能的技术可行性，并提出一系列技术工具。特别地，我们描述了计算提供者已基本掌握的非机密信息如何揭示计算工作负载的两项关键治理属性：类型（如大规模训练或推理）及其消耗的计算量。以AI第14110号行政令为案例，我们概述了美国如何开始对计算提供者实施记录保存要求，并探讨如何引入核查与执行职能以建立全面的AI计算监管机制。我们指出，国际化是实现有效实施的关键，并强调随着计算提供者在AI监管中角色的扩展，如何平衡机密性、隐私保护与风险缓解将成为核心挑战。