Communications Daily is a Warren News publication.

OFAC Expands Authorizations for Certain Communications Services, Tools to Iran

The Office of Foreign Assets Control last week updated an Iran-related general license and guidance to expand the types of internet and communications services and exports that can be provided to Iran. Updated General License D2 “dramatically increases” U.S. support for internet freedom in Iran, a State Department official said, adding that the announcement brings U.S. sanctions guidance "in line with changes in modern technology.”

Sign up for a free preview to unlock the rest of this article

Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!

The new license expands the types of communications-related services, software and hardware that can be exported to or provided to Iran, including certain categories of social media, video conferencing, cloud-based services and other “collaboration platforms,” OFAC said. The license also authorizes transactions involving “tools that incorporate communication functions,” such as online maps, and provides additional “authorization for the services that support the communication tools to assist ordinary Iranians in resisting repressive internet censorship and surveillance tools deployed by the Iranian regime.”

Notably, the license, which has no expiration, no longer includes a prior provision under General License D1 that had required the authorized services to be connected to “personal” communications. “What D2 does is it updates and expands these authorized communication tools to match modern times,” a Treasury Department official said, speaking alongside the State Department official during a Sept. 23 call with reporters. “So everything from social media platforms, collaboration platforms, conferencing, e-gaming and other tools that maybe were not exclusively what was before a requirement for personal communication.”

OFAC also revised its licensing policy for certain transactions that may fall just outside of General License D2. The agency will review those transactions on a case-by-case basis, particularly ones that the agency said “allow Iranian developers to create homegrown anti-surveillance and anti-censorship apps, which many Iranian people rely upon to circumvent domestic internet controls.”

The updated license and licensing policy was the result of years of conversations with U.S. technology companies, which included discussions on “the issues they face in providing access to personal communication tools for the people in Iran,” the State Department official said. “The updated guidance will authorize technology companies to offer the Iranian people more options for secure, private outside platforms and services. With these changes, the Iranian people will be better equipped to counter the Iranian government's efforts to surveil and censor them.”

The administration plans to continue talks with companies “so that they understand what's covered by this general license and to the extent that any of them have ideas that they want to pursue that may require additional licensing,” the State Department official said. OFAC plans to prioritize specific license applications for items and services in this space, the Treasury official said, and will issue more guidance in “coming weeks” to help businesses and non-governmental organizations use the license.

“We welcome conversations in meetings with companies that are within our regulatory scope or “seek to have authorization so that they can take advantage of [the license] and we understand what additional needs they may have,” the Treasury official said.

The official said the most important aspect of the expanded license is its authorization for cloud-based services. “Today, so many [virtual private networks] and other anti-surveillance tools are delivered via cloud,” the person said. “And so it was important that this authorization expanded the cloud-based services, and also that we give guidance to those cloud service providers so that they understand that their due diligence obligations really are manageable.”

Although the license expands the types of services and items that can be provided to Iran by U.S. companies, the officials noted that the Iranian government will still use tactics to prevent its people from accessing those tools and services.

“This general license does not remove every tool of communications repression that the government of Iran has to direct at its own people,” the State Department said. “But it will, over time, give the Iranian people more tools to address those repressive efforts."

Along with the updated license, OFAC published three new frequently asked questions to provide additional guidance on what types of transactions are authorized. Notably, FAQ 1088 outlines OFAC’s due diligence expectations for cloud-based service and software providers, including those that sell to non-Iranian customers that then provide the services to Iran. Those providers generally should confirm that their non-Iranian customers aren’t subject to sanctions.

In cases where cloud-based services or software are used to “support” the export of services or software to Iran using GL D2, OFAC said it doesn’t “generally expect a cloud-based service or software provider to evaluate” the ultimate end use or end user if it already “conducts due diligence based on information available to it in the ordinary course of business.” But if a U.S. service or software provider “supports non-Iranian customers providing certain enterprise management software to Iran, such as payroll management software,” the U.S. provider “would be expected to evaluate whether its support of the software is a prohibited export of software or services to Iran because payroll management software is not generally considered a qualifying software incident to communications,” OFAC said.