OFAC Sanctions and Open Source Collaboration

It is disappointing that the open source community cannot operate independently of international sanctions programs, but these sanctions are the law of each country and are not optional. Many developers work on open source projects in their spare time, or for fun. Dealing with U.S. and international sanctions was unlikely on the list of things that most (or very likely any) open source developers thought they were signing up for. We hope that in time relevant authorities will clarify that open source and standards activities may continue unabated. Until that time, however, with the direct and indirect sponsorship of developers by companies, the intersection of sanctions on corporate entities leaves us in a place where we cannot ignore the potential risks.

In addition to strict liability, OFAC sanctions do not always have a blanket exemption for all transactions involving “publicly available” technology as the U.S export control regulations generally do for nearly all export-controlled transactions.

It is important to understand the basics of these sanctions programs. OFAC’s prohibited transactions often include:

• Financial investments and transactions (e.g. payment for services)

• Trade (import or export) of goods, technology, or services

• Any other property transactions (including intellectual property and contracts)

The OFAC sanctions may impact common community behaviors, such as two-way collaboration on a proposed software change which could be interpreted as a prohibited provision of services. It would be an issue for developers to provide services to a developer who is employed (directly or indirectly) by an SDN or an entity directly or indirectly owned 50% or more by an SDN.