On September 23, 2022, the U.S. Department of the Treasury’s Office of Foreign Assets Controls (“OFAC”) issued Iranian General License D-2 (“GL D-2“), which amends and replaces the former Iranian General License D-1 (“GL D-1“), and posted three frequently asked questions (“FAQsGL D-2 permits a broader set of Internet communication-related activities, including cloud-based software and services, which are otherwise prohibited under Iran’s Transactions and Sanctions Regulations ( “ITSR”). According to the accompaniment Press releaseGL D-2 aims to support Internet freedom in Iran by updating U.S. sanctions guidelines in light of changes in communications technologies since the release of GL D-1 in 2014 and to respond to the efforts of the Iranian government to suppress internet access following recent anti-government moves in Iran.
Specifically, GL D-2 expands the scope of prior authorization under GL D-1 to provide the people of Iran with more options for Internet platforms and services. For example, GL D-2;
- now allows additional categories of paid or free software/services, including social media platforms, collaboration platforms, video conferencing, online games, e-learning platforms, machine translation, web maps and user authentication services, as well as cloud-based services supporting these services. GL D-1 only listed instant messaging, chat and email, social networking, photo and movie sharing, web browsing and blogging as permitted categories of software/services;
- removes the requirement that authorized communications must be “personal” in nature, which OFAC says is intended to ease the compliance burden for companies seeking to verify the subject matter of communications. (This change is consistent with a similar general license in the Cuba program);
- changes the stipulation that software is “necessary” for services relating to the exchange of communications over the Internet, requiring only that it be “incidental to or enable” such services; and
- expands the case-by-case licensing policy for activities not covered by GL D-2 to specifically include “other activities aimed at supporting Internet freedom in Iran, including the development and hosting anti-surveillance software by Iranian developers” with the aim of encouraging Iranian developers to create homemade anti-surveillance and anti-censorship applications.
In the accompanying FAQ, OFAC notes that:
- Software exported under GL D-2: (1) must be designated as EAR99 under Export Administration Regulations (“EAR”) or classified under Export Control Classification Number (“ECCN”) 5D992. vs ; or (2) if the software is not subject to the EAR, it must be the type of software that would be designated as EAR99 or classified under ECCN 5D992.c if it were subject to the EAR (see FAQ 1087).
- A cloud service or software provider whose non-Iranian customers provide services or software to persons in Iran via the provider’s cloud may rely on authorization under GL D-2 to provide access to Iran, provided that such Supplier exercises due diligence based on information available in the ordinary course of business to confirm that the Non-Iranian Customer: (1) is not a person whose ownership and ownership interests are blocked, except as permitted under GL D-2; and (2) provides software and services that fall into any of the categories described in FAQ 1087or otherwise involve activity permitted or exempted under the ITSR (see FAQ 1088).
- Persons seeking to export software, services, or hardware to Iran in support of Internet freedom may apply for a specific license from OFAC if the export is not otherwise authorized by GL D-2 (see FAQ 1089).
The categories of services, software and hardware “incidents to communications” authorized under this general license (ie those listed in the appendix) remain unchanged.
Also unchanged is the requirement that the provision of any covered software or services to the Iranian government be limited to “free” software and services.