On May 17, 2024, the U.S. Department of the Treasury’s Office of Foreign Assets Control amended the Iranian Transactions and Sanctions Regulations (“ITSR”), 31 CFR Part 560, in order to incorporate the provisions in General License D-2 and other amendments into the existing authorizations in §560.540. The amendment, among other things, authorizes the exportation or reexporation to Iran of certain services and software related to the exchange of communications over the internet, including cloud-based services, subject to certain conditions. The amendment also includes a list of services, software, and hardware determined to be incident to communications under the ITSR and are, therefore, authorized for export or reexport to Iran – a list that had previously existed as an annex to General Licenses D, D-1, and D-2. According to OFAC, the list is also being updated to include information that will restrict the computing power of certain items on the list. The amended list will take effect 30 days after the date of publication in the Federal Register.
On the same day, OFAC issued a new Frequently Asked Question (“FAQ”) 1173 to define and provide examples of “user authentication services” for purposes of the general license in section 540 of the ITSR. OFAC also updated 26 FAQs to provide the public with an overview of the changes made to the ITSR and to clarify the types of transactions that are authorized as well as the services, software, and hardware that can be exported/reexported under the revised 31 CFR §560.540.
Federal Register – ITSR Amendment | Federal Register – List of Services, Software and Hardware Incident to Communications | FAQ 1173 | 26 Updated FAQs