The focus of the probe is on how the company stores U.S. clients' data, including personal information and intellectual property, and whether the Chinese government could gain access to it, the people said. The potential for Beijing to disrupt access by U.S. users to their information stored on Alibaba cloud is also a concern, one of the people said.
U.S. regulators could ultimately choose to force the company to take measures to reduce the risks posed by the cloud business or prohibit Americans at home and abroad from using the service altogether. The U.S.-listed shares of Alibaba fell nearly 3 percent before the market open Tuesday and were last trading down just over 1 percent.
Former President Donald Trump's Commerce Department was concerned about Alibaba's cloud business, but the Biden administration launched the formal review after he took office in January, according to one of the three people and a former Trump administration official.
Alibaba's U.S. cloud business is small, with annual revenue of less than an estimated $50 million, according to research firm Gartner Inc. But if regulators ultimately decide to block transactions between American firms and Alibaba Cloud, it would damage the bottom line one of the company's most promising businesses and deal a blow to reputation of the company as a whole.
A Commerce Department spokesperson said the agency does not comment on the "existence or non-existence of transaction reviews." The Chinese Embassy in Washington did not respond to a request for comment.
Alibaba declined to comment. It did flag similar concerns about operating in the U.S. in its most recent annual report, saying U.S. companies that have contracts with Alibaba "may be prohibited from continuing to do business with us, including performing their obligations under agreements involving our...cloud services."
The probe into Alibaba's cloud business is being led by a small office within the Commerce Department known as the Office of Intelligence and Security. It was created by the Trump administration to wield broad new powers to ban or restrict transactions between U.S. firms and internet, telecom and tech companies from "foreign adversary" nations like China, Russia, Cuba, Iran, North Korea, and Venezuela.
The office has been particularly focused on Chinese cloud providers, one of the sources said, amid growing concern over the potential for data theft and access disruption by Beijing.
The Trump administration issued a warning in August, 2020 against Chinese cloud providers including Alibaba, "to prevent U.S. citizens' most sensitive personal information and our businesses' most valuable intellectual property...from being stored and processed on cloud-based systems accessible to our foreign adversaries."
Cloud servers are also seen as ripe for hackers to launch cyber attacks because they can conceal the origin of the attack and offer access to a vast array of client networks.
While there are scant public cases of the Chinese government compelling a tech company to turn over sensitive customer data, indictments of Chinese hackers reveal their use of cloud servers to gain access to private information.
For example, hackers connected to the Chinese Ministry of State Security penetrated HPE’s cloud computing service and used it as a launch pad to attack customers, plundering reams of corporate and government secrets for years in what U.S. prosecutors say was an effort to boost Chinese economic interests.
"Pillar of growth"
Alibaba, the world's fourth largest cloud provider according to research firm Canalys, has about 4 million customers and describes its cloud business as its "second pillar of growth." It saw a 50 percent rise in revenue to $9.2 billion in 2020, though the division accounts for just 8 percent of overall sales.
It has boasted business relationships with units of top U.S. companies including Ford Motor Co, IBM's Red Hat, and Hewlett Packard Enterprise, according to press releases.
While the sweeping Trump era powers don't cover foreign subsidiaries of U.S. companies, U.S. regulators have previously found ways to link them to their U.S. parent companies, which can in turn be subject to restrictions.
Before tech tensions between the United States and China started to boil, Alibaba had big ambitions for its U.S. cloud business. In 2015, it launched a cloud computing hub in Silicon Valley, its first outside of China, with plans to compete with Amazon.com Inc, Microsoft Corp and Alphabet Inc's Google. It later added additional data centers there and in Virginia.
A person familiar with the matter says the company scaled back its U.S. gambit during Trump's presidency as tensions with China escalated.
In 2018, U.S. authorities blocked a bid by Alibaba affiliate Ant Financial, now Ant Group, to acquire U.S. money transfer company MoneyGram International Inc over national security concerns. But a move to put Ant Group on a trade blacklist failed and an executive order banning its mobile payment app Alipay was revoked by Biden.
Biden, like Trump, has placed more and more restrictions on Chinese companies. Last month, the U.S. government put investment and export curbs on dozens of Chinese firms, including top drone maker DJI.