§ 560.540 — Certain Services, Software, And Hardware Incident To Communications

(a) To the extent that such transactions are not exempt from the prohibitions of this part, and subject to the restrictions set forth in paragraph (b) of this section, the following transactions are authorized:

(1) Services. The exportation or reexportation, directly or indirectly, from the United States or by a U.S. person, wherever located, to Iran of services incident to the exchange of communications over the internet, such as instant messaging, chat and email, social networking, sharing of photos and movies, web browsing, blogging, social media platforms, collaboration platforms, video conferencing, e-gaming, e-learning platforms, automated translation, web maps, and user authentication services, as well as cloud-based services in support of the foregoing or of any other transaction authorized or exempt under this part.

(2) Software—(i) Software subject to or excluded from the EAR. The exportation, reexportation, or provision, directly or indirectly, to Iran of software subject to the Export Administration Regulations, 15 CFR parts 730 through 774 (EAR), pursuant to 15 CFR 734.3(a), that is incident to, or enables services incident to, the exchange of communications over the internet, such as instant messaging, chat and email, social networking, sharing of photos and movies, web browsing, blogging, social media platforms, collaboration platforms, video conferencing, e-gaming, e-learning platforms, automated translation, web maps, and user authentication services, as well as cloud-based services in support of the foregoing or of any other transaction authorized or exempt under this part, provided that such software is designated EAR99, excluded from the EAR because it is described under 15 CFR 734.3(b)(3), or classified by the U.S. Department of Commerce on the Commerce Control List, 15 CFR part 774, supplement No. 1 (CCL), under export control classification number (ECCN) 5D992.c.

(ii) Software that is not subject to the EAR because it is of foreign origin and is located outside the United States. The exportation, reexportation, or provision, directly or indirectly, by a U.S. person, wherever located, to Iran of software that is not subject to the EAR because it is of foreign origin and is located outside the United States, that is incident to, or enables services incident to, the exchange of communications over the internet, such as instant messaging, chat and email, social networking, sharing of photos and movies, web browsing, blogging, social media platforms, collaboration platforms, video conferencing, e-gaming, e-learning platforms, automated translation, web maps, and user authentication services, as well as cloud-based services in support of the foregoing or of any other transaction authorized or exempt under this part, provided that such software would be designated EAR99 if it were located in the United States or would meet the criteria for classification under ECCN 5D992.c if it were subject to the EAR.

(3) Additional software, hardware, and related services. To the extent not authorized by paragraph (a)(1) or (2) of this section, the exportation, reexportation, or provision, directly or indirectly, to Iran of certain software and hardware incident to communications, as well as related services, as follows:

(i) In the case of hardware and software subject to the EAR, the items specified in the “List of Services, Software, and Hardware Incident to Communications under 31 CFR 560.540”, which is maintained on OFAC's website (https://ofac.treasury.gov) on the Iran Sanctions page;

(ii) In the case of hardware and software that is not subject to the EAR because it is of foreign origin and is located outside the United States that is exported, reexported, or provided, directly or indirectly, by a U.S. person, wherever located, hardware and software that is of a type described in the “List of Services, Software, and Hardware Incident to Communications under 31 CFR 560.540”, provided that the item would be designated EAR99 if it were located in the United States or would meet the criteria for classification under the relevant ECCN specified in the “List of Services, Software, and Hardware Incident to Communications under 31 CFR 560.540” if it were subject to the EAR; and

(iii) In the case of software not subject to the EAR because it is described in 15 CFR 734.3(b)(3) that is exported, reexported, or provided, directly or indirectly, from the United States or by a U.S. person, wherever located, software that is of a type described in the “List of Services, Software, and Hardware Incident to Communications under 31 CFR 560.540”.

(4) Internet connectivity services and telecommunications capacity. The exportation or reexportation, directly or indirectly, from the United States or by a U.S. person, wherever located, to Iran of non-commercial-grade internet connectivity services, to include cloud-based services, and the provision, sale, or leasing of capacity on telecommunications transmission facilities (such as satellite or terrestrial network connectivity) incident to communications.

(5) Importation into the United States or a third country of hardware and software previously exported to Iran. The importation into the United States or a third country of hardware and software authorized for exportation, reexportation, or provision to Iran under paragraph (a)(2) or (3) of this section, provided that the hardware or software was previously exported, reexported, or provided to Iran under an authorization issued pursuant to this part.

(6) Publicly available, no cost services and software to the Government of Iran—(i) Services. The exportation or reexportation, directly or indirectly, from the United States or by a U.S. person, wherever located, to the Government of Iran, as defined in § 560.304, of services described in paragraph (a)(1) of this section or categories (6) through (11) of the “List of Services, Software, and Hardware Incident to Communications under 31 CFR 560.540”, provided that such services are publicly available at no cost to the user.

(ii) Software. The exportation, reexportation, or provision, directly or indirectly, to the Government of Iran of software described in paragraph (a)(2) or (3) of this section or categories (6) through (11) of the “List of Services, Software, and Hardware Incident to Communications under 31 CFR 560.540”, provided that such software is publicly available at no cost to the user.

(7) Services conducted outside Iran to install, repair, or replace. The exportation or reexportation, directly or indirectly, from the United States or by a U.S. person, wherever located, to Iran of services conducted outside Iran to install, repair, or replace hardware or software authorized for exportation, reexportation, or provision to Iran pursuant to paragraph (a)(2) or (3) of this section.

(b) This section does not authorize:

(1) The exportation, reexportation, or provision, directly or indirectly, of the services, software, or hardware specified in paragraph (a) of this section with knowledge or reason to know that such services, software, or hardware are intended for the Government of Iran, except for services or software specified in paragraph (a)(6) of this section, or for any person blocked pursuant to this part other than the Government of Iran.

(2) The exportation or reexportation, directly or indirectly, of commercial-grade internet connectivity services or telecommunications transmission facilities (such as dedicated satellite links or dedicated lines that include quality of service guarantees).

(3) The exportation or reexportation, directly or indirectly, of web-hosting services that are for websites of commercial entities located in Iran or of domain name registration services for or on behalf of the Government of Iran, as defined in § 560.304, or any other person whose property and interests in property are blocked pursuant to § 560.211.

(4) Any transaction by a U.S.-owned or -controlled foreign entity otherwise prohibited by § 560.215 if the transaction would be prohibited by any other part of chapter V if engaged in by a U.S. person or in the United States.

(5) Any action or activity involving any item (including information) subject to the EAR that is prohibited by, or otherwise requires a license under, part 744 of the EAR or participation in any transaction involving a person whose export privileges have been denied pursuant to part 764 or 766 of the EAR, without authorization from the Department of Commerce.

(c) Transfers of funds from Iran or for or on behalf of a person in Iran in furtherance of an underlying transaction authorized by paragraph (a) of this section may be processed by U.S. depository institutions and U.S. registered brokers or dealers in securities provided they are consistent with § 560.516.

(d) Specific licenses may be issued on a case-by-case basis for the exportation, reexportation, or provision of services, software, or hardware incident to communications not specified in paragraph (a) of this section, including in the “List of Services, Software, and Hardware Incident to Communications under 31 CFR 560.540”, or other activities to support internet freedom in Iran, including development and hosting of anti-surveillance software by Iranian developers.