Law and policy profoundly shape software development—including what software is built, how it is used, and who gets to build it. Many policies that impact developers have an international relations aspect, which is both challenging and absolutely critical to understand and navigate. Software collaboration and related communication are global, and GitHub is committed to an inclusive future which every human can help build, and from which every human can benefit.
Sanctions are one international policy area that’s been especially painful for us at GitHub and for the global developer community. Sanctions are complex both in their terms and in their implementation, so we think it’s important to provide some explanation of US sanctions laws, why GitHub is required to take certain steps in accordance with US sanctions laws, and how GitHub is striving to implement these steps in a compliant way but also with minimal impact on the global developer community. In writing about sanctions, our goal is to provide a basic explanation of the topic, along with how it affects both developers—including GitHub—and the global open source community.
Countries may impose sanctions to achieve national security and foreign policy goals, and in response to various international events, such as armed conflicts, human rights issues, or concerns about terrorism, among other reasons. For example, the US imposes broad prohibitions at the country level, which generally prohibit US persons (including US companies) from doing business with a sanctioned country, or anyone in it. The US also imposes comprehensive sanctions against individuals and entities that the government designates on its Specially Designated Nationals and Blocked Persons List.
Sanctions are complex and were originally designed to regulate trade in more traditional goods and services, especially financial products. For companies that provide certain types of digital services, compliance presents novel legal questions and involves some uncertainty.
One approach has been to block access to these digital services from sanctioned countries entirely. For companies taking that blanket approach, developers in sanctioned countries have lost—or never had—access to many services provided by those companies. GitHub approaches this differently. We’re dedicated to both allowing as many developers around the world as possible to participate in the open source community and to following the law. Compliance with US sanctions laws means that we’ve had to restrict access to some of our services for developers in sanctioned countries, including some of the services we ordinarily provide at no cost to individual developers.
At the same time, we’re doing everything we can to keep as much of GitHub available to as many developers as possible. While many of the GitHub services—in particular, private repositories—are currently inaccessible to users in sanctioned countries, developers can still contribute to and use public repositories, and participate in the global open source software community by working on public projects. If a user’s private repository has been restricted, we give them the option to make that repository public so they can still access their contents for personal communication purposes. Importantly, open source projects on GitHub remain freely available to developers virtually everywhere, supporting a global community and minimizing fracturing of the internet along national borders.
Complying with these sanctions isn’t a choice based on what we think about a particular country or the developers in it. Instead, this is GitHub following the law, which is the obligation of any company doing business in the US. We implemented access restrictions for developers we understand to be located or resident in sanctioned countries, and not based on nationality or heritage. If your account has been restricted, it will display a link to an appeal form. If you’ve been flagged in error, please fill out the appeals form to help us fix it quickly.
We believe that preserving access to code and code collaboration promotes the broader objectives of US sanctions laws and the US government’s commitment to supporting the free flow of information worldwide. That means GitHub will continue to advocate for rules and regulatory interpretations that keep source code, open source collaboration, and GitHub available to as many people as possible. We’re working to engage with US regulators regarding the impact of sanctions on GitHub and the global developer community. Our goal is to preserve as much access as possible for developers around the world, including in sanctioned countries.
If you have questions, our trade controls policy and FAQ is the best place to look for current information about trade compliance at GitHub. Like the rest of the policies that govern GitHub, our trade controls policy is open source.
Looking ahead, we’ll continue to closely monitor developments in US sanctions laws and will restore access for restricted users as soon as we’re legally able to do so. We’ll continue to speak—to corporations, to individuals, and to governments—about the value of ensuring that humanity can share information and collaborate around the world to produce positive outcomes. We’ll also continue our work to ensure as much clarity as possible regarding the impact of US sanctions laws on GitHub. We believe sanctions must be narrowly tailored and clear as to precisely what they cover so that software collaboration, research, and development aren’t inadvertently affected by these laws. Protecting software development, and software developers, is the primary goal of GitHub and our Policy Team.