On September 23, 2022, OFAC issued Iran General License (GL) D-2 to further support the provision of communication tools to ordinary Iranians and assist in their efforts to resist repressive internet censorship and surveillance tools deployed by the Iranian government. GL D-2, which supersedes GL D-1, both expands and clarifies the authorizations in GL D-1 and section 560.540 of the Iranian Transactions and Sanctions Regulations, 31 CFR 560 (ITSR), with respect to the exportation and reexportation, directly or indirectly, from the United States or by a U.S. person, of certain software and services incident to the exchange of communications over the internet. See FAQ 344 for additional information on how the authorizations in GL D-2 compare to section 560.540 of the ITSR.
Since GL D-1 was issued on February 7, 2014, the types of software and services that support communication over the internet have changed. To reflect technological developments in communication-related software and services since the issuance of GL D-1 (including in cloud-based services), OFAC issued GL D-2 to expand and clarify the range of U.S. software and services available to Iranians under OFAC’s sanctions program. For example, GL D-2 explicitly authorizes certain types of software and services for exportation or reexportation to Iran that are incident to communications over the internet, including cloud-based software and services.
GL D-2 expands and clarifies the pre-existing authorizations in several ways, including by making the following changes:
- Removing the “personal” qualifier from the prior authorizations relating to “personal communications,” which resulted in compliance burdens for companies seeking to verify the personal nature of the communications supported by their software or services;
- Expanding and clarifying the list of examples of communication tools within the authorizations in paragraphs (a)(1) and (2) to include: social media platforms, collaboration platforms, video conferencing, e-gaming, e-learning platforms, automated translation, web maps, and user authentication services, as well as cloud-based software and services in support of the foregoing, or of any other activity authorized or exempt under the ITSR;
- Expanding the authorization in paragraph (a)(2) for software incident to the exchange of communications over the internet to include software that enables services incident to the exchange of communications over the internet (including cloud-based services);
- Clarifying that the authorization in paragraph (a)(4) for the export or reexport of non-commercial grade internet connectivity services includes cloud-based services; and
- Expanding the case-by-case licensing policy for activity not authorized by general license or exempt to include additional services that support internet freedom in Iran, such as certain activities relating to the development and hosting of anti-surveillance software by Iranian software developers. Such services would also include, for example, the development and hosting of anti-censoring software by Iranian software developers and the exportation of certain software development tools to Iranians seeking to create their own anti-surveillance or anti-censorship apps and upload them to mobile app sites.