Can GitHub Remain Safe Under US Export Controls? What It Means for Developers

Recent discussions in China revolve around the U.S. sanctions on Huawei, which have forced major chip and software vendors such as Google, Microsoft, Intel, and Qualcomm to halt supplies to Huawei.

Although Huawei received a 90‑day temporary license allowing chip and software imports until the end of August, the restrictions remain a looming threat.

The impact extends beyond hardware: GitHub, the world’s largest code‑hosting platform, has updated its Terms of Service to state that its services and user‑uploaded information are subject to U.S. export control laws.

GitHub’s policy emphasizes that users must ensure their content complies with U.S. export regulations, including the Export Administration Regulations (EAR) and the International Traffic in Arms Regulations (ITAR). The service cannot be used for prohibited purposes such as the development of nuclear, biological, or chemical weapons, or missile technology.

GitHub may allow users in sanctioned jurisdictions to access certain services only with proper authorization from the Office of Foreign Assets Control (OFAC). Use of VPNs or proxies to mask location is prohibited.

Countries currently subject to U.S. export restrictions include Cuba, Iran, North Korea, Sudan and Syria; China is not yet listed but could be added, which would affect companies relying on GitHub.

Software code, unlike physical products, is difficult to block entirely, yet many companies depend on GitHub for code hosting, and any restriction could disrupt normal operations.

From chips to operating systems to source code, the Huawei case serves as a warning for Chinese tech firms to avoid over‑reliance on foreign components, echoing Huawei’s own “backup” strategy.

GitHub Export Controls

GitHub.com, GitHub Enterprise Server, and any information you upload to these products may be subject to U.S. export control laws, including the Export Administration Regulations (EAR).

While we provide this information for convenience, you remain responsible for ensuring that your use of GitHub complies with all applicable laws and regulations, including U.S. export control laws.

GitHub.com

According to our Terms of Service, users may only access and use GitHub.com in accordance with applicable law, including U.S. export control and sanctions laws.

Users are responsible for ensuring that the content they develop and share on GitHub.com complies with U.S. export control laws, including EAR and the International Traffic in Arms Regulations (ITAR). GitHub’s cloud‑hosted services have not been reviewed for compliance with ITAR or other export controls and cannot currently restrict repository access by country or region. If you need to collaborate on ITAR‑controlled data, we recommend using GitHub Enterprise Server.

GitHub.com must not be used for purposes prohibited by export control laws, including the development, production, or use of nuclear, biological, or chemical weapons, missiles, or unmanned aerial vehicles.

GitHub may permit users in jurisdictions subject to U.S. sanctions to access certain services with authorization from OFAC. Users in those jurisdictions are prohibited from using IP proxies, VPNs, or other methods to disguise their location and may only use GitHub for non‑commercial personal communication.

Under U.S. and other applicable laws, specially designated nationals (SDN) and other blocked persons are prohibited from accessing or using GitHub.com. Users may not act on behalf of such parties, including governments of sanctioned countries.

For further details, see the official GitHub export controls page and the Apache Software Foundation’s export policy, which states that ASF software may not be exported to embargoed or sanctioned destinations without U.S. government authorization.