Although GitHub’s goal is to facilitate collaboration among the global developer community, U.S. trade control laws have required that the platform limit services that developers in certain countries can use. The GitHub Terms of Service state that users can only use GitHub in compliance with laws, including U.S. export control and sanctions laws.
On the GitHub and Trade Controls GitHub Help page, the company states, “As U.S. trade controls laws evolve, we will continue to work with U.S. regulators about the extent to which we can offer free code collaboration services to developers in sanctioned markets. We believe that offering those free services supports U.S. foreign policy of encouraging the free flow of information and free speech in those markets.”
U.S. sanctions, currently effective against, Crimea, Cuba, Iran, North Korea and Syria, are impacting some GitHub users. In a GitHub post the week of July 22, for example, Anatoliy Kashkin, stated, “My GitHub account has been restricted due to U.S. sanctions as I live in Crimea.” He added that he may not be able to continue to host GameHub, a unified game library. The message Kashkin received from GitHub explained that he may have limited access to free GitHub public repository services for personal communications only.
Hamed Saeedi Fard, an Iranian developer, received a similar communication on July 25.
GitHub states it will restrict accounts if they determine that a user is located in a country subject to trade control restrictions, either through IP address, payment history or other sources. GitHub adds, “Nationality and ethnicity are not used to flag users for sanctions restrictions.”
Updates to Hamed’s original post on the topic point out that the Iranian users didn’t have notice so they could back up their data, and GitHub cannot legally export disabled repository content. Further updates to Hamed’s post revealed that GitHub is “quietly rolling back” some of the restrictions, and that users are finding ways to recover code by making private repositories public so they can clone them.
GitHub gives users the chance to appeal accounts that have been flagged in error.
GitHub points out that travel to countries where sanctions are applied may impact a user’s account status, but their accounts can be restored when they leave the country and submit an appeal.
GitHub also advises users that although they’ve provided information on trade regulations, “It is ultimately your responsibility to ensure that your use of GitHub’s products and services complies with all applicable laws and regulations, including U.S. export control laws.”
Do You Have Users in Countries Subject to U.S. Sanctions?
Although the news coverage of GitHub’s compliance with U.S. trade laws is charged with emotion, it’s important for ISVs and SaaS providers to look past the hype and make sure their own practices and policies are in compliance.
Resources available from the U.S. Department of the Treasury include information on:
- Iran sanctions
- Ukraine/Russia-related sanctions
- Syria sanctions
- Cuba sanctions
- North Korea sanctions
The U.S. Department of The Treasury Office of Foreign Assets and Controls administers the economic sanctions program. The OFAC states that fines for noncompliance can be “substantial,” and advises referring to Appendix A of OFAC’s Economic Sanctions Enforcement Guidelines for current penalty amounts.