Remote Access Security Act

On December 17, 2025, Senators McCormick (R-PA), Wyden (D-OR), Cotton (R-AR), and Coons (D-DE) introduced S. 3519, the Remote Access Security Act, which was referred to the Senate Committee on Banking, Housing, and Urban Affairs. The bill remains in early legislative stages with no further action since introduction. The legislation amends the Export Control Reform Act of 2018 to classify remote access to dual-use AI models and offensive cyber tools via cloud infrastructure as a 'deemed export' when accessed by foreign persons of concern, defined broadly to include training AI models for WMD design, offensive cyber operations, and human rights surveillance. This directly imposes compliance obligations on cloud providers to vet foreign customer access. The money trail is entirely regulatory, not fiscal — the bill authorizes $0 in direct spending. The economic impact is entirely negative: increased compliance costs, reduced addressable market for high-margin AI workloads, and potential loss of international cloud AI revenue. The bill targets the four largest US cloud infrastructure providers — AWS ($AMZN), Azure ($MSFT), GCP ($GOOGL), and OCI ($ORCL) — as the obligated parties required to implement foreign person vetting for restricted AI and cyber tool access. The mechanism operates through existing Export Administration Regulations, creating a regulatory burden without any offsetting tax credit, grant, or procurement benefit. Structural winners are absent; this is a pure regulatory tightening on US cloud hyperscalers. No sector or company benefits directly. Companies with significant international AI/cloud exposure face the greatest downside. The bipartisan sponsorship (McCormick, Wyden, Cotton, Coons) suggests the bill has political momentum across the aisle, though referral to Banking Committee (rather than Intelligence or Commerce) indicates it is not a national security priority. The bill is one of several in the 119th Congress targeting AI export controls. Market data as of April 30, 2026, shows the four cloud stocks diverging: GOOGL surged +8.04% over 7 days to $372.08 (near its 52-week high of $377.03), while MSFT fell -4.39% to $405.98, ORCL dropped -6.21% to $162.53, and AMZN declined -1.6% to $259.77. These moves suggest other factors (earnings, AI competition) are dominant in the short term, but the regulatory overhang is a medium-term risk. The timeline for passage is uncertain: the bill has seen no committee hearings, markup, or further action in over four months. For passage, it must clear the Banking Committee, pass the Senate, pass the House (no companion bill introduced), and survive potential veto or amendment. The most likely near-term impact is through regulatory action by the Commerce Department rather than legislation, given the existing authority under the Export Control Reform Act. Investors should monitor committee assignments and markup schedules as key catalysts.