It's really not benign as far as I can see. There is an implication that its purpose is to allow providers to start writing reports on foreign users training LLMs (which, incidentally, I'm not condoning either), but in the process it requires every American IaaS has to start implementing KYC folly.
No one wants to send in selfies and their passport just to start a Digital Ocean droplet.
I'm curious if the spammers will find a way around this. I would actually like to be ID'd by a provider if that also meant they had no un-ID'd customers. I'd expect their IP range would start to get a pretty good reputation.
The spammers are criminals. They'll just use ID scans and info from data breaches of other companies. Requiring more companies to collect them makes it even worse because now there are more places to exfiltrate them and it makes it easier for criminals to commit identity theft against financial institutions etc.
There are also non-"criminals" who are more than willing to use their actual ID for the sort of things that aren't strictly illegal but will still get your IP space on a bunch of block lists when they can make a buck doing it, so it wouldn't solve the problem even if it could actually identify all of the customers.
And now more people will have thier passports pinched as they'll be opening themselves up to more opportunities to have it stolen.
It'll be great to get ready for that overseas trip, or while returning, to find out you need to now visit an embassy as a forged version of it is now in use.
No one wants to send in selfies and their passport just to start a Digital Ocean droplet.