Search for:

On September 23, 2022, the US Department of the Treasury’s Office of Foreign Assets Controls (“OFAC”) issued Iran General License D-2 (“GL D-2“), which amends and replaces the former Iran General License D-1 (“GL D-1“), and published three related Frequently Asked Questions (“FAQs“).  GL D-2 authorizes a more expansive set of internet communication-related activities, including cloud-based software and services, that are otherwise prohibited under the Iranian Transactions and Sanctions Regulations (“ITSR”).  According to the accompanying press release, GL D-2 aims to support internet freedom in Iran by updating US sanctions guidance in light of changes in communications technology since the issuance of GL D-1 in 2014 and to respond to the Iranian government’s efforts to suppress internet access following recent anti-government movement in Iran.  

More specifically, GL D-2 expands the scope of the prior authorization under GL D-1 to provide the Iranian people with more options for internet platforms and services.  For example, GL D-2;

  • now authorizes additional categories of fee-based or no-cost software/services, including social media platforms, collaboration platforms, video conferencing, e-gaming, e-learning platforms, automated translation, web maps, and user authentication services, as well as cloud-based services in support of such services.  GL D-1 only listed instant messaging, chat and email, social networking, sharing of photos and movies, web browsing, and blogging as authorized categories of software/services;
  • removes the requirement that authorized communications be “personal” in nature, which, according to OFAC, is intended to ease the compliance burdens for companies seeking to verify the purpose of communications.  (This change is in line with a similar general license in the Cuba program);
  • changes the stipulation that software be “necessary” to services incident to the exchange of communications over the internet, requiring only that it be “incident to, or enable” such services; and
  • expands the case-by-case licensing policy for activity not covered by GL D-2 to specifically include “other activities to support internet freedom in Iran, including development and hosting of anti-surveillance software by Iranian developers” in an effort to encourage Iranian developers to create homegrown anti-surveillance and anti-censorship apps. 

Through the accompanying FAQs, OFAC notes that:

  • Software exported under GL D-2 either: (1) must be designated as EAR99 under the Export Administration Regulations (“EAR”) or classified under Export Control Classification Number (“ECCN”) 5D992.c; or (2) if the software is not subject to the EAR, it must be the type of software that would be designated as EAR99 or classified under ECCN 5D992.c if it were subject to the EAR (see FAQ 1087).
  • A cloud-based service or software provider whose non-Iranian customers provide services or software to persons in Iran via the provider’s cloud may rely upon the authorization under GL D-2 to provide access to Iran, provided that such provider performs due diligence based on information available in the ordinary course of business to confirm that the non-Iranian customer: (1) is not a person whose property and interests in property are blocked, except as authorized under GL D-2; and (2) provides software and services that fall within one of the categories described in FAQ 1087, or otherwise involve activity authorized or exempt under the ITSR (see FAQ 1088).
  • Persons seeking to export software, services, or hardware to Iran in support of internet freedom can apply for a specific license from OFAC if the export is not otherwise authorized by GL D-2 (see FAQ 1089).

The categories of services, software, and hardware “incident to communications” authorized under this general license (i.e., those listed in the Annex) remain unchanged.   

Also unchanged is the requirement that the provision of any covered software or services to the Government of Iran be limited to “no-cost” software and services.


Alison Stafford Powell co-leads the Firm's West Coast Trade Compliance team. She has considerable experience counseling US and non-US companies on managing trade compliance in the areas of export controls, trade and financial sanctions and US anti-boycott laws. As a dual-qualified lawyer, she provides practical advice to help non-US companies reconcile US and foreign trade regulations and on the extra-territorial impact of US trade restrictions. Chambers USA quotes clients' praise for her being "extremely knowledgeable, responsive, commercially strong and understanding complex issues well." Legal 500 describes here as an "outstanding specialist." She has worked in the Firm's London, Washington, DC and Palo Alto offices since 1996.


Eunkyung Kim Shin regularly advises multi-national companies on complex international trade, regulatory compliance, and customs and import law related matters. She also counsels on cross-border compliance and commercial issues.


Andrea Tovar regularly advises multinational companies on cross-border commercial transactions and complex privacy and international trade matters. Andrea is also a member of the Firm’s Technology, Media & Telecoms Global Industry Group and Co-Chairs the North America Baker Unidos Affinity Group.

Write A Comment