News and updates from the GitHub Policy Team

Global software collaboration in the face of sanctions

Image of Tyler Fuller
阅读中文版本

制裁下的全球软件合作

法律和政策对软件开发有深刻的影响 – 包括软件的构建元素、使用方式和构建者。 影响开发者的许多政策涉及国际关系,理解这些政策并不容易,但至关重要。 软件合作及相关的沟通是全球性的,GitHub 承诺打造一个包容性的未来,人人参与构建,人人从中受益。

关于制裁

制裁是一项令 GitHub 以及全球开发者社区都非常痛苦的国际政策。 制裁的条款和实施都很复杂,因此我们认为有必要对美国制裁法律做一些解释,并且说明 GitHub 为什么必须根据美国制裁法律采取某些措施,以及 GitHub 在实施这些措施时,如何确保合规,同时尽可能减小对全球开发者社区的影响。 我们关于制裁的书面文件,旨在对制裁这一主题作出基本解释,并且说明它对开发者 – 包括 GitHub – 和全球开源社区的影响。

国家可能实施制裁来达到国家安全和对外政策目标,以及因应各种国际事件,如军事冲突、人权问题或对于恐怖主义的担忧等。 例如,美国实施广泛的国家层面禁令,一般是禁止美国人(包括美国公司)与被制裁国家或该国任何人开展业务。 美国还会全面制裁被政府列入特别指定国民和封锁人员名单的个人和实体。

遵守制裁

制裁很复杂,最初的目的旨在规范传统货物和服务(特别是金融产品)的交易。 随着数字化的发展,一些提供特定数字服务的公司在确保合规时面临全新的法律问题,也涉及一些不确定性。

面对制裁,很多公司一直采取一刀切的方法:完全阻止被制裁国家访问这些数字服务。 此时,被制裁国家的开发者失去或再也不能访问这些公司提供的许多服务。 但 GitHub 采取的方法不一样。 我们致力于在遵守法律的前提下,让世界上尽可能多的开发者参加开源社区。 为遵守美国制裁法律,我们必须限制被制裁国家的开发者访问某些服务, 包括我们通常免费提供给个人开发者的一些服务

同时,我们正在尽一切努力让最多的开发者访问并使用更多的 GitHub 服务。尽管受制裁国家的用户当前无法访问许多 GitHub 服务 – 尤其是私有仓库,但开发者仍然可以贡献并使用公共仓库,以及通过公共项目来参与全球开源软件社区。 如果用户的私有仓库受到限制,我们将提供对该仓库公开的选项,以便他们出于个人沟通目的内容访问。 更重要的是,GitHub 的开源项目几乎可供全球所有开发者的自由访问,支持全球的开发社区并最大程度地减少了沿国界的互联网破裂。

遵守这些制裁不是基于我们对特定国家或该国内开发者的看法, 而是 GitHub 对法律的遵守,因为遵守法律是在美国开展业务的任何公司的义务。 我们是对我们认为位于或居住在被制裁国家的开发者实施访问限制,而不是基于国籍或文化传承实施限制。 如果您的帐户被限制,我们的界面将显示申诉表格链接。 如果发现标记错误,请填写申诉表格以便我们对其进行修正。

未来的制裁

我们相信,保持代码访问和代码协作有助于实现美国制裁法律的广泛目标和美国政府的承诺 ,支持全球信息的自由流动。 这意味着 GitHub 将继续倡导法规和法律解释,以确保最多的人能够访问源代码、进行开源协作和使用 GitHub 服务。 关于制裁对 GitHub 和全球开发者社区的影响,我们将配合美国监管机构。 我们的目标是让全球尽可能多的开发者(包括被制裁国家的开发者)访问。

如有疑问,最好的方式是参阅我们的贸易管制政策和常见问题,这里提供 GitHub 贸易合规的最新信息。 像其他管制 GitHub 的政策一样,我们的贸易管制政策也是开源的

展望未来,我们将继续密切关注美国制裁法律的发展变化,在法律允许时尽快恢复被限制用户的访问。 我们将继续向公司、个人及政府宣讲确保全球人类共享信息和协作创造积极成果的价值观。 我们还会继续确保最大程度明确美国制裁法律对 GitHub 的影响。 我们认为制裁的范围必须严密、清晰、精确,避免给软件合作、研究和开发带来不利影响。 保护软件开发和软件开发者是 GitHub 及其 政策团队的主要目标。


Law and policy profoundly shape software development—including what software is built, how it is used, and who gets to build it. Many policies that impact developers have an international relations aspect, which is both challenging and absolutely critical to understand and navigate. Software collaboration and related communication are global, and GitHub is committed to an inclusive future which every human can help build, and from which every human can benefit.

About sanctions

Sanctions are one international policy area that’s been especially painful for us at GitHub and for the global developer community. Sanctions are complex both in their terms and in their implementation, so we think it’s important to provide some explanation of US sanctions laws, why GitHub is required to take certain steps in accordance with US sanctions laws, and how GitHub is striving to implement these steps in a compliant way but also with minimal impact on the global developer community. In writing about sanctions, our goal is to provide a basic explanation of the topic, along with how it affects both developers—including GitHub—and the global open source community.

Countries may impose sanctions to achieve national security and foreign policy goals, and in response to various international events, such as armed conflicts, human rights issues, or concerns about terrorism, among other reasons. For example, the US imposes broad prohibitions at the country level, which generally prohibit US persons (including US companies) from doing business with a sanctioned country, or anyone in it. The US also imposes comprehensive sanctions against individuals and entities that the government designates on its Specially Designated Nationals and Blocked Persons List.

Complying with sanctions

Sanctions are complex and were originally designed to regulate trade in more traditional goods and services, especially financial products. For companies that provide certain types of digital services, compliance presents novel legal questions and involves some uncertainty.

One approach has been to block access to these digital services from sanctioned countries entirely. For companies taking that blanket approach, developers in sanctioned countries have lost—or never had—access to many services provided by those companies. GitHub approaches this differently. We’re dedicated to both allowing as many developers around the world as possible to participate in the open source community and to following the law. Compliance with US sanctions laws means that we’ve had to restrict access to some of our services for developers in sanctioned countries, including some of the services we ordinarily provide at no cost to individual developers.

At the same time, we’re doing everything we can to keep as much of GitHub available to as many developers as possible. While many of the GitHub services—in particular, private repositories—are currently inaccessible to users in sanctioned countries, developers can still contribute to and use public repositories, and participate in the global open source software community by working on public projects. If a user’s private repository has been restricted, we give them the option to make that repository public so they can still access their contents for personal communication purposes. Importantly, open source projects on GitHub remain freely available to developers virtually everywhere, supporting a global community and minimizing fracturing of the internet along national borders.

Complying with these sanctions isn’t a choice based on what we think about a particular country or the developers in it. Instead, this is GitHub following the law, which is the obligation of any company doing business in the US. We implemented access restrictions for developers we understand to be located or resident in sanctioned countries, and not based on nationality or heritage. If your account has been restricted, it will display a link to an appeal form. If you’ve been flagged in error, please fill out the appeals form to help us fix it quickly.

Sanctions in the future

We believe that preserving access to code and code collaboration promotes the broader objectives of US sanctions laws and the US government’s commitment to supporting the free flow of information worldwide. That means GitHub will continue to advocate for rules and regulatory interpretations that keep source code, open source collaboration, and GitHub available to as many people as possible. We’re working to engage with US regulators regarding the impact of sanctions on GitHub and the global developer community. Our goal is to preserve as much access as possible for developers around the world, including in sanctioned countries.

If you have questions, our trade controls policy and FAQ is the best place to look for current information about trade compliance at GitHub. Like the rest of the policies that govern GitHub, our trade controls policy is open source.

Looking ahead, we’ll continue to closely monitor developments in US sanctions laws and will restore access for restricted users as soon as we’re legally able to do so. We’ll continue to speak—to corporations, to individuals, and to governments—about the value of ensuring that humanity can share information and collaborate around the world to produce positive outcomes. We’ll also continue our work to ensure as much clarity as possible regarding the impact of US sanctions laws on GitHub. We believe sanctions must be narrowly tailored and clear as to precisely what they cover so that software collaboration, research, and development aren’t inadvertently affected by these laws. Protecting software development, and software developers, is the primary goal of GitHub and our Policy Team.

See what launched at GitHub Universe

Missed the main event? Learn more about everything that launched at GitHub Universe, from GitHub for mobile and a redesigned notifications experience to the GitHub Archive Program.

Read the day one keynote recap

Secure the world's code, together

On day two of GitHub Universe, we announced GitHub Security Lab, bringing together security researchers, maintainers, and companies across the industry to secure open source.

Read the day two keynote recap