Skip to content
LexBuild

Iranian Transactions and Sanctions Regulations 

---
identifier: "/us/fr/2024-10721"
source: "fr"
legal_status: "authoritative_unofficial"
title: "Iranian Transactions and Sanctions Regulations"
title_number: 0
title_name: "Federal Register"
section_number: "2024-10721"
section_name: "Iranian Transactions and Sanctions Regulations"
positive_law: false
currency: "2024-05-17"
last_updated: "2024-05-17"
format_version: "1.1.0"
generator: "[email protected]"
agency: "Treasury Department"
document_number: "2024-10721"
document_type: "rule"
publication_date: "2024-05-17"
agencies:
  - "Treasury Department"
  - "Foreign Assets Control Office"
cfr_references:
  - "31 CFR Part 560"
fr_citation: "89 FR 43311"
fr_volume: 89
effective_date: "2024-05-17"
fr_action: "Final rule."
---

#  Certain services, software, and hardware incident to communications.

**AGENCY:**

Office of Foreign Assets Control, Treasury.

**ACTION:**

Final rule.

**SUMMARY:**

The Department of the Treasury's Office of Foreign Assets Control (OFAC) is adopting a final rule amending the Iranian Transactions and Sanctions Regulations (ITSR) to incorporate a general license that was previously published on OFAC's website. In particular, the rule incorporates, with amendments, a general license relating to the export, reexport, and provision of certain services, software, and hardware incident to communications over the internet. This amendment also makes additional conforming changes.

**DATES:**

This rule is effective May 17, 2024.

**FOR FURTHER INFORMATION CONTACT:**

OFAC: Assistant Director for Licensing, 202-622-2480; Assistant Director for Regulatory Affairs, 202-622-4855; or Assistant Director for Sanctions Compliance & Evaluation, 202-622-2490.

**SUPPLEMENTARY INFORMATION:**

**Electronic Availability**

This document and additional information concerning OFAC are available on OFAC's website *https://ofac.treasury.gov.*

**Background**

On October 22, 2012, OFAC issued a final rule that amended the former Iranian Transactions Regulations, 31 CFR part 560 (ITR), and reissued them in their entirety as the Iranian Transactions and Sanctions Regulations (ITSR or “the Regulations”) (77 FR 64664, October 22, 2012). Since then, OFAC has amended the Regulations on several occasions. As set forth in more detail below, OFAC is now amending the Regulations to incorporate, with certain amendments, a general license that previously was published on OFAC's website and to make additional conforming changes.

*Services, Software, and Hardware Incident to Personal Communications.* On March 10, 2010, in order to foster and support the free flow of information to individual Iranian citizens, OFAC issued a final rule amending the ITR to add a general license in § 560.540 authorizing the exportation of certain services and software incident to the exchange of personal communications over the internet, provided that, among other things, such services and software were publicly available at no cost to the user (75 FR 10997, March 10, 2010). The authorization under § 560.540 was preserved in the ITSR, as reissued in October 2012 (77 FR 64664).

On May 30, 2013, OFAC, in consultation with the Departments of State and Commerce, issued General License (GL) D under the Regulations. GL D was made available on OFAC's website and the *Federal Register* (78 FR 43278, July 19, 2013). GL D authorized the exportation or reexportation, directly or indirectly, from the United States or by U.S. persons, wherever located, to persons in Iran of additional services, software, and hardware incident to personal communications, including fee-based versions of the software and services authorized in § 560.540, subject to certain conditions. GL D also contained an Annex that listed items authorized for export or reexport to Iran that had been determined to be incident to personal communications.

On February 7, 2014, OFAC issued GL D-1, which replaced and superseded GL D in its entirety. GL D-1 was made available on OFAC's website and the *Federal Register* (79 FR 13736, March 11, 2014). GL D-1 clarified certain aspects of GL D and added new authorizations relating to the provision to Iran and importation from Iran of certain hardware, software, and services incident to personal communications. GL D-1 also updated the Annex from GL D with minor technical amendments. On September 23, 2022, OFAC issued GL D-2, which replaced and superseded GL D-1 in its entirety. GL D-2 was made available on OFAC's website and in the *Federal Register* (87 FR 62003, October 13, 2022). GL D-2 updated and clarified GL D-1 by, among other things: removing the “personal” qualifier from the authorization for software and services incident to “personal communication”; providing additional examples of modern types of software and services that are incident to the exchange of communications, including social media platforms, collaboration platforms, video conferencing, e-gaming, e-learning platforms, automated translation, web maps, and user authentication services; explicitly authorizing cloud-based services and software in support of the foregoing software or services or of any other transaction that is authorized pursuant to the Regulations; clarifying the restrictions on the exportation of web-hosting services or domain name registration services; and expanding the specific licensing policy set forth in GL D-1. GL D-2 maintained the Annex as updated by GL D-1.

OFAC, in consultation with the Departments of State and Commerce, is now amending the Regulations to incorporate the provisions of GL D-2 and certain additional amendments into the existing authorization at § 560.540. First, OFAC is amending § 560.540(a) to incorporate paragraphs (a)(1) and (2) of GL D-2, which authorize the exportation or reexportation to Iran of certain no-cost or fee-based services and software that are incident to, and software that enables services incident to, the exchange of communications over the internet, as well as cloud-based services in support of the foregoing services or of any other transactions authorized or exempt under the Regulations, subject to certain conditions. New § 560.540(a)(3) incorporates paragraph (a)(3) of GL D-2, which authorizes the exportation, reexportation, or provision of certain software, hardware, and related services not authorized by § 560.540(a)(1) or (2). OFAC is also publishing in the *Federal Register* a list of the services, software, and hardware authorized by new § 560.540(a)(3) (the “List of Services, Software, and Hardware Incident to Communications under 31 CFR 560.540”), which includes the items previously listed in the Annex to GL D-2. However, concurrent with this rule, OFAC is publishing an update, effective 30 days after publication of this rule, that would amend the “List of Services, Software, and Hardware Incident to Communications under 31 CFR 560.540” to limit the computing power of laptops, tablets, and personal computing devices that are authorized for exportation or reexportation to Iran under category (5) of “List of Services, Software, and Hardware Incident to Communications under 31 CFR 560.540”, in order to address concerns about the use of multiple, connected computing devices with increased computing powers to create high-powered computers. The updated “List of Services, Software, and Hardware Incident to Communications under 31 CFR 560.540” is being published separately in the *Federal Register* . New § 560.540(a)(4) through (6) incorporate  paragraphs (a)(4) through (6) of GL D-2, which authorize: the exportation or reexportation of certain internet connectivity services and the provision, sale, or lease of telecommunications facilities incident to communications; the importation into the United States or a third country of hardware and software previously exported to Iran; and the exportation and reexportation of certain publicly available, no-cost services and software to the Government of Iran, respectively.

OFAC is also expanding § 560.540 in two ways to address repair and replacement issues with respect to items exported pursuant to the ITSR. First, OFAC is revising the authorization at paragraph (a)(5) of GL D-2 and incorporating the revised text into § 560.540(a)(5), to authorize transactions for the importation of hardware or software into third countries, in addition to the United States, provided that the items were previously exported to Iran pursuant to an authorization issued pursuant to the ITSR. Second, OFAC is adding a new § 560.540(a)(7) to authorize the exportation or reexportation, of certain services conducted outside Iran to install, repair, or replace hardware or software authorized for exportation, reexportation, or provision to Iran by paragraph (a)(2) or (3) of that section. The new § 560.540(a)(7) authorizes such services only when the service provider is located outside Iran and does not authorize the service providers to engage in such services while in Iran.

This final rule also revises § 560.540(b) to incorporate paragraph (b) of GL D-2, which includes restrictions on transactions authorized by § 560.540(a), with slight revisions. Section 560.540(b)(3) refines and clarifies the restrictions of paragraph (b)(4) of GL D-2 related to the provision of web-hosting services or of domain name registration services in Iran. Specifically, newly revised § 560.540(b)(3) excludes from authorization the exportation or reexportation of web-hosting services for websites of commercial entities located in Iran or of domain name registration services for or on behalf of the Government of Iran or another person whose property and interests in property are blocked pursuant to § 560.211.

OFAC is revising § 560.540(c) to incorporate paragraph (c) of GL D-2 into § 560.540(c)(1), which provides that U.S. depository institutions and U.S. registered brokers or dealers in securities may process transfers of funds in furtherance of an underlying transaction authorized by § 560.540(a), provided the transfer does not involve debiting or crediting an Iranian account. U.S. depository institutions and U.S. registered brokers or dealers in securities may also continue to process transfers of funds that are ordinarily incident and necessary to authorized transactions pursuant to § 560.516.

OFAC is also adding a new § 560.540(d) to incorporate the specific licensing policy set forth in paragraph (d) of GL D-2, which expands upon the specific licensing policy previously set forth in § 560.540(c). The new § 560.540(d) sets forth a case-by-case licensing policy for additional activities that support internet freedom in Iran. OFAC is not incorporating certain notes and a provision in GL D-2 that are duplicative of prohibitions that continue to apply independently from the Regulations and therefore are unnecessary to include. Finally, OFAC is adding an explanatory note referring to this general license in §§ 560.418, 560.508, and 560.519. Upon publication of this final rule, OFAC will archive GL D-2 on its website. GLs D, D-1, and D-2 will continue to be available in the *Federal Register* : GL D was published in the *Federal Register* on July 19, 2013 (78 FR 43278, July 19, 2013); GL D-1 was published in the *Federal Register* on March 11, 2014 (79 FR 13736, March 11, 2014); and GL D-2 was published in the *Federal Register* on October 13, 2022 (87 FR 62003, October 13, 2022).

**Public Participation**

Because the Regulations involve a foreign affairs function, the provisions of Executive Order (E.O.) 12866 of September 30, 1993, “Regulatory Planning and Review” (58 FR 51735, October 4, 1993), as amended, and the Administrative Procedure Act (5 U.S.C. 553) requiring notice of proposed rulemaking, opportunity for public participation, and delay in effective date are inapplicable. Because no notice of proposed rulemaking is required for this rule, the Regulatory Flexibility Act (5 U.S.C. 601-612) does not apply.

**Paperwork Reduction Act**

The collections of information related to the Regulations are contained in 31 CFR part 501 (the “Reporting, Procedures and Penalties Regulations”). Pursuant to the Paperwork Reduction Act of 1995 (44 U.S.C. 3507), those collections of information have been approved by the Office of Management and Budget under control number 1505-0164. An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless the collection of information displays a valid control number.

**List of Subjects in 31 CFR Part 560**

Administrative practice and procedure, Banks, banking, Blocking of assets, Communications, Credit, Foreign trade, Iran, Nonprofit organizations, Penalties, Reporting and recordkeeping requirements, Sanctions, Securities, Services.

For the reasons set forth in the preamble, OFAC amends 31 CFR part 560 as follows:

**PART 560—IRANIAN TRANSACTIONS AND SANCTIONS REGULATIONS**

**31 CFR Part 560**

1. The authority citation for part 560 continues to read as follows:

**Authority:**

3 U.S.C. 301; 18 U.S.C. 2339B, 2332d; 22 U.S.C. 2349aa-9, 7201-7211, 8501-8551, 8701-8795; 31 U.S.C. 321(b); 50 U.S.C. 1601-1651, 1701-1706; Pub. L. 101-410, 104 Stat. 890, as amended (28 U.S.C. 2461 note); E.O. 12613, 52 FR 41940, 3 CFR, 1987 Comp., p. 256; E.O. 12957, 60 FR 14615, 3 CFR, 1995 Comp., p. 332; E.O. 12959, 60 FR 24757, 3 CFR, 1995 Comp., p. 356; E.O. 13059, 62 FR 44531, 3 CFR, 1997 Comp., p. 217; E.O. 13599, 77 FR 6659, 3 CFR, 2012 Comp., p. 215; E.O. 13846, 83 FR 38939, 3 CFR, 2018 Comp., p. 854.

**Subpart D—Interpretations**

**31 CFR Part 560**

2. Amend § 560.418 by adding note 3 to the section to read as follows:

§ 560.418

**Note 3 to § 560.418:**

*See* § 560.540 for a general license authorizing the exportation, reexportation, or provision to Iran of certain services, software, and hardware incident to the exchange of communications.

**Subpart E—Licenses, Authorizations, and Statements of Licensing Policy**

**31 CFR Part 560**

3. Amend § 560.508 by adding note 1 to paragraph (a) to read as follows:

§ 560.508

(a) * * *

**Note 1 to paragraph (a):**

*See* § 560.540 for a general license authorizing the exportation, reexportation, or provision to Iran of certain services, software, and hardware incident to the exchange of communications.

**31 CFR Part 560**

4. Amend § 560.519 by revising the headings of the note to paragraph (c)(1) and the note to the section and adding note 3 to the section to read as follows:

§ 560.519

**Note 1 to paragraph (c)(1):**

* * *

**Note 2 to § 560.519:**

* * *

**Note 3 to § 560.519:**

*See* § 560.540 for a general license authorizing the exportation, reexportation, or provision to Iran of certain services, software, and hardware incident to the exchange of communications.

**31 CFR Part 560**

5. Revise § 560.540 to read as follows:

§ 560.540

(a) To the extent that such transactions are not exempt from the prohibitions of this part, and subject to the restrictions set forth in paragraph (b) of this section, the following transactions are authorized:

(1) *Services.* The exportation or reexportation, directly or indirectly, from the United States or by a U.S. person, wherever located, to Iran of services incident to the exchange of communications over the internet, such as instant messaging, chat and email, social networking, sharing of photos and movies, web browsing, blogging, social media platforms, collaboration platforms, video conferencing, e-gaming, e-learning platforms, automated translation, web maps, and user authentication services, as well as cloud-based services in support of the foregoing or of any other transaction authorized or exempt under this part.

(2) *Software—* (i) *Software subject to or excluded from the EAR.* The exportation, reexportation, or provision, directly or indirectly, to Iran of software subject to the Export Administration Regulations, 15 CFR parts 730 through 774 (EAR), pursuant to 15 CFR 734.3(a), that is incident to, or enables services incident to, the exchange of communications over the internet, such as instant messaging, chat and email, social networking, sharing of photos and movies, web browsing, blogging, social media platforms, collaboration platforms, video conferencing, e-gaming, e-learning platforms, automated translation, web maps, and user authentication services, as well as cloud-based services in support of the foregoing or of any other transaction authorized or exempt under this part, provided that such software is designated EAR99, excluded from the EAR because it is described under 15 CFR 734.3(b)(3), or classified by the U.S. Department of Commerce on the Commerce Control List, 15 CFR part 774, supplement No. 1 (CCL), under export control classification number (ECCN) 5D992.c.

(ii) *Software that is not subject to the EAR because it is of foreign origin and is located outside the United States.* The exportation, reexportation, or provision, directly or indirectly, by a U.S. person, wherever located, to Iran of software that is not subject to the EAR because it is of foreign origin and is located outside the United States, that is incident to, or enables services incident to, the exchange of communications over the internet, such as instant messaging, chat and email, social networking, sharing of photos and movies, web browsing, blogging, social media platforms, collaboration platforms, video conferencing, e-gaming, e-learning platforms, automated translation, web maps, and user authentication services, as well as cloud-based services in support of the foregoing or of any other transaction authorized or exempt under this part, provided that such software would be designated EAR99 if it were located in the United States or would meet the criteria for classification under ECCN 5D992.c if it were subject to the EAR.

(3) *Additional software, hardware, and related services.* To the extent not authorized by paragraph (a)(1) or (2) of this section, the exportation, reexportation, or provision, directly or indirectly, to Iran of certain software and hardware incident to communications, as well as related services, as follows:

(i) In the case of hardware and software subject to the EAR, the items specified in the “List of Services, Software, and Hardware Incident to Communications under 31 CFR 560.540”, which is maintained on OFAC's website ( *https://ofac.treasury.gov* ) on the Iran Sanctions page;

(ii) In the case of hardware and software that is not subject to the EAR because it is of foreign origin and is located outside the United States that is exported, reexported, or provided, directly or indirectly, by a U.S. person, wherever located, hardware and software that is of a type described in the “List of Services, Software, and Hardware Incident to Communications under 31 CFR 560.540”, provided that the item would be designated EAR99 if it were located in the United States or would meet the criteria for classification under the relevant ECCN specified in the “List of Services, Software, and Hardware Incident to Communications under 31 CFR 560.540” if it were subject to the EAR; and

(iii) In the case of software not subject to the EAR because it is described in 15 CFR 734.3(b)(3) that is exported, reexported, or provided, directly or indirectly, from the United States or by a U.S. person, wherever located, software that is of a type described in the “List of Services, Software, and Hardware Incident to Communications under 31 CFR 560.540”.

**Note 1 to paragraphs (a)(2) and (3):**

The authorizations in paragraphs (a)(2) and (3) of this section include the exportation, reexportation, or provision, directly or indirectly, to Iran of authorized hardware and software by an individual leaving the United States for Iran.

(4) *Internet connectivity services and telecommunications capacity.* The exportation or reexportation, directly or indirectly, from the United States or by a U.S. person, wherever located, to Iran of non-commercial-grade internet connectivity services, to include cloud-based services, and the provision, sale, or leasing of capacity on telecommunications transmission facilities (such as satellite or terrestrial network connectivity) incident to communications.

**Note 2 to paragraph (a)(4):**

*See* § 560.508 for authorizations relating to transactions with respect to the receipt and transmission of telecommunications involving Iran.

(5) *Importation into the United States or a third country of hardware and software previously exported to Iran.* The importation into the United States or a third country of hardware and software authorized for exportation, reexportation, or provision to Iran under paragraph (a)(2) or (3) of this section, provided that the hardware or software was previously exported, reexported, or provided to Iran under an authorization issued pursuant to this part.

**Note 3 to paragraph (a)(5):**

*See* § 560.306 for definitions of the terms *goods of Iranian origin* and *Iranian-origin goods,* which do not include goods that have been previously exported or reexported to Iran under an authorization issued pursuant to this part and which have subsequently been exported from and are located outside of Iran.

(6) *Publicly available, no cost services and software to the Government of Iran* —(i) *Services.* The exportation or reexportation, directly or indirectly, from the United States or by a U.S. person, wherever located, to the Government of Iran, as defined in § 560.304, of services described in paragraph (a)(1) of this section or categories (6) through (11) of the “List of Services, Software, and Hardware Incident to Communications under 31 CFR 560.540”, provided that such services are publicly available at no cost to the user.

(ii) *Software.* The exportation, reexportation, or provision, directly or indirectly, to the Government of Iran of software described in paragraph (a)(2) or (3) of this section or categories (6) through (11) of the “List of Services,  Software, and Hardware Incident to Communications under 31 CFR 560.540”, provided that such software is publicly available at no cost to the user.

(7) *Services conducted outside Iran to install, repair, or replace.* The exportation or reexportation, directly or indirectly, from the United States or by a U.S. person, wherever located, to Iran of services conducted outside Iran to install, repair, or replace hardware or software authorized for exportation, reexportation, or provision to Iran pursuant to paragraph (a)(2) or (3) of this section.

**Note 4 to paragraph (a):**

In paragraph (a)(6) of this section, the term “publicly available” refers generally to software that is widely available to the public. Paragraph (a)(3)(iii) of this section refers to software that is described in 15 CFR 734.3(b)(3), which defines “publicly available” software for purposes of the EAR. The scope of the term “publicly available” in paragraph (a)(6) of this section thus differs from the scope of the Department of Commerce's regulation at 15 CFR 734.3(b)(3) as referenced in paragraph (a)(3)(iii) of this section.

(b) This section does not authorize:

(1) The exportation, reexportation, or provision, directly or indirectly, of the services, software, or hardware specified in paragraph (a) of this section with knowledge or reason to know that such services, software, or hardware are intended for the Government of Iran, except for services or software specified in paragraph (a)(6) of this section, or for any person blocked pursuant to this part other than the Government of Iran.

(2) The exportation or reexportation, directly or indirectly, of commercial-grade internet connectivity services or telecommunications transmission facilities (such as dedicated satellite links or dedicated lines that include quality of service guarantees).

(3) The exportation or reexportation, directly or indirectly, of web-hosting services that are for websites of commercial entities located in Iran or of domain name registration services for or on behalf of the Government of Iran, as defined in § 560.304, or any other person whose property and interests in property are blocked pursuant to § 560.211.

(4) Any transaction by a U.S.-owned or -controlled foreign entity otherwise prohibited by § 560.215 if the transaction would be prohibited by any other part of chapter V if engaged in by a U.S. person or in the United States.

(5) Any action or activity involving any item (including information) subject to the EAR that is prohibited by, or otherwise requires a license under, part 744 of the EAR or participation in any transaction involving a person whose export privileges have been denied pursuant to part 764 or 766 of the EAR, without authorization from the Department of Commerce.

(c) Transfers of funds from Iran or for or on behalf of a person in Iran in furtherance of an underlying transaction authorized by paragraph (a) of this section may be processed by U.S. depository institutions and U.S. registered brokers or dealers in securities provided they are consistent with § 560.516.

(d) Specific licenses may be issued on a case-by-case basis for the exportation, reexportation, or provision of services, software, or hardware incident to communications not specified in paragraph (a) of this section, including in the “List of Services, Software, and Hardware Incident to Communications under 31 CFR 560.540”, or other activities to support internet freedom in Iran, including development and hosting of anti-surveillance software by Iranian developers.

Bradley T. Smith,

Director, Office of Foreign Assets Control.