On September 23, 2022, the Department of the Treasury’s Office of Foreign Assets Control issued Iran General License D-2 pursuant to Iranian Transactions and Sanctions Regulations, 31 CFR part 560, and published 3 new Frequently Asked Questions in response to the Iranian government’s efforts to terminate Internet access for most of its 80 million citizens. According to OFAC, the Iranian government is restricting access to the Internet to prevent the world from witnessing its violent response to peaceful protestors prompted by the death of Mahsa Amini while in the custody of Iran’s Morality Police. OFAC issued GL D-2 in order to expand the range of internet services available to the Iranian people and foster the free flow of fact-based information to them despite government efforts to surveil and censor its citizens.
GL D-2, or the “General License with Respect to Certain Services, Software, and Hardware Incident to Communications,” was expanded in order to bring US sanctions guidance in line with advances in technology that have occurred since Iran GL D-1 was issued. GL D-2 authorizes the exportation, reexportation or provision of fee-based or no-cost services and software by US persons as well as the provision of software that is not subject to the EAR because it originates or is located outside of the United States. The GL was expanded to include additional categories of software and services such as social media and collaboration platforms, video conferencing and cloud-based services that often come with tools with communication functions (e.g. online maps, e-gaming, automated translations) and provides additional authorization for services that ordinary Iranians can use to counter the repressive tools utilized by the Iranian regime. The GL also continues to authorize anti-virus and anti-malware software; anti-tracking and anti-censorship software; and Virtual Private Network (VPN) software and related tools aimed at preserving Iranians’ free expression. In an effort to ease compliance burdens for companies seeking to provide software and services to Iran, OFAC removed the condition that communications be “personal” in nature. Furthermore, in order to encourage Iran-based developers to create their own anti-surveillance and anti-censorship apps, OFAC provides that activity not specifically covered by GL D-2 would be approved on a case-by-case basis.
OFAC also issued FAQs 1087 – 1089 to further clarify the provisions in GL D-2. FAQ 1087 provides a general overview of GL D-2, and FAQ 1088 discusses the due diligence expectations for cloud-based service or software providers to ensure that the services and software support communication tools provided to Iran are authorized by GL D-2. Finally, FAQ 1089 encourages persons interested in exporting services or software to Iran that are not specifically authorized in GL D-2 to apply for a specific license.