How GitHub Handles US Trade Sanctions: Export Controls Explained

Recent news about GitHub restricting developers from US‑sanctioned countries caused a stir in the developer community, prompting GitHub to abruptly suspend services and publish a detailed explanation of its compliance measures.

GitHub.com, GitHub Enterprise Server, and any information uploaded to GitHub products may be subject to trade control regulations, including the U.S. Export Administration Regulations (EAR). GitHub’s vision is to be a global collaboration platform, and it carefully checks government authorizations to ensure users and customers are not adversely affected by legal requirements.

To comply with U.S. trade control laws, GitHub has made necessary modifications to its service delivery and will continue cooperating with U.S. regulators as the laws evolve, aiming to provide free code‑collaboration services where possible while supporting U.S. diplomatic goals of free information flow.

Export Overview

GitHub.com

According to the service terms, users must access and use GitHub.com in accordance with applicable laws, including U.S. export control and sanctions regulations. Users are responsible for ensuring that content they develop and share complies with EAR, ITAR, and related statutes. GitHub.com is not intended for hosting ITAR‑controlled data and does not currently offer country‑based repository access restrictions; for ITAR or other export‑controlled data, GitHub Enterprise Server is recommended.

U.S. trade control laws limit users from certain countries and regions. Under authorizations from the U.S. Treasury’s Office of Foreign Assets Control (OFAC), GitHub may allow some free services to users in sanctioned areas, but the use of IP proxies, VPNs, or other masking techniques from those locations is prohibited.

Specially Designated Nationals (SDN) and other blocked persons are prohibited from accessing or using GitHub.com, and users must not act on behalf of such parties. GitHub.com must not be used for prohibited end‑uses described in 17 CFR 744.

GitHub Enterprise Server

GitHub Enterprise Server is a self‑hosted product that can run in a private data center or virtual private cloud, allowing storage of ITAR or other export‑controlled information, though end users remain responsible for compliance.

The product is classified under ECCN 5D992.c and may be exported to most destinations without a license (NLR). However, it may not be sold, exported, or re‑exported to countries listed in EAR Part 740 Supplement 1 or the E:1 group for Crimea, including Cuba, Iran, North Korea, and Syria, subject to change.

Frequently Asked Questions

1. Which countries and regions are subject to U.S. government sanctions? Crimea, Cuba, Iran, North Korea, and Syria.

2. Will using GitHub while traveling in these regions be affected? Travel to these regions may affect account status, but after a successful appeal and once you are outside the sanctioned area, access can be restored.

3. What services are available or unavailable? Users in sanctioned areas have limited access: free personal and organization accounts may access public repositories and GitHub Pages for personal, non‑commercial use, while private repositories and paid services are suspended.

4. Can private repositories of restricted users be made public? Repository administrators can manually make a restricted private repository public for personal use; this action cannot be undone.

5. Can restricted users download or delete private repository data? Currently, without additional U.S. authorization, downloading or deleting private repository content is not permitted.

6. How does GitHub define these specific users? Users located in or connected to sanctioned regions, identified through IP addresses, payment history, and other signals, are subject to the restrictions; nationality or ethnicity are not used.

7. How does GitHub ensure that individuals with professional ties to sanctioned areas can appeal? In rare cases of mistaken flagging, an appeal process allows users to provide verification information to have the flag removed.

Author: Director Source: Open Source China