Regulations last checked for updates: Nov 23, 2024

Title 31 - Money and Finance: Treasury last revised: Nov 18, 2024
§ 560.540 - Certain services, software, and hardware incident to communications.

(a) To the extent that such transactions are not exempt from the prohibitions of this part, and subject to the restrictions set forth in paragraph (b) of this section, the following transactions are authorized:

(1) Services. The exportation or reexportation, directly or indirectly, from the United States or by a U.S. person, wherever located, to Iran of services incident to the exchange of communications over the internet, such as instant messaging, chat and email, social networking, sharing of photos and movies, web browsing, blogging, social media platforms, collaboration platforms, video conferencing, e-gaming, e-learning platforms, automated translation, web maps, and user authentication services, as well as cloud-based services in support of the foregoing or of any other transaction authorized or exempt under this part.

(2) Software—(i) Software subject to or excluded from the EAR. The exportation, reexportation, or provision, directly or indirectly, to Iran of software subject to the Export Administration Regulations, 15 CFR parts 730 through 774 (EAR), pursuant to 15 CFR 734.3(a), that is incident to, or enables services incident to, the exchange of communications over the internet, such as instant messaging, chat and email, social networking, sharing of photos and movies, web browsing, blogging, social media platforms, collaboration platforms, video conferencing, e-gaming, e-learning platforms, automated translation, web maps, and user authentication services, as well as cloud-based services in support of the foregoing or of any other transaction authorized or exempt under this part, provided that such software is designated EAR99, excluded from the EAR because it is described under 15 CFR 734.3(b)(3), or classified by the U.S. Department of Commerce on the Commerce Control List, 15 CFR part 774, supplement No. 1 (CCL), under export control classification number (ECCN) 5D992.c.

(ii) Software that is not subject to the EAR because it is of foreign origin and is located outside the United States. The exportation, reexportation, or provision, directly or indirectly, by a U.S. person, wherever located, to Iran of software that is not subject to the EAR because it is of foreign origin and is located outside the United States, that is incident to, or enables services incident to, the exchange of communications over the internet, such as instant messaging, chat and email, social networking, sharing of photos and movies, web browsing, blogging, social media platforms, collaboration platforms, video conferencing, e-gaming, e-learning platforms, automated translation, web maps, and user authentication services, as well as cloud-based services in support of the foregoing or of any other transaction authorized or exempt under this part, provided that such software would be designated EAR99 if it were located in the United States or would meet the criteria for classification under ECCN 5D992.c if it were subject to the EAR.

(3) Additional software, hardware, and related services. To the extent not authorized by paragraph (a)(1) or (2) of this section, the exportation, reexportation, or provision, directly or indirectly, to Iran of certain software and hardware incident to communications, as well as related services, as follows:

(i) In the case of hardware and software subject to the EAR, the items specified in the “List of Services, Software, and Hardware Incident to Communications under 31 CFR 560.540”, which is maintained on OFAC's website (https://ofac.treasury.gov) on the Iran Sanctions page;

(ii) In the case of hardware and software that is not subject to the EAR because it is of foreign origin and is located outside the United States that is exported, reexported, or provided, directly or indirectly, by a U.S. person, wherever located, hardware and software that is of a type described in the “List of Services, Software, and Hardware Incident to Communications under 31 CFR 560.540”, provided that the item would be designated EAR99 if it were located in the United States or would meet the criteria for classification under the relevant ECCN specified in the “List of Services, Software, and Hardware Incident to Communications under 31 CFR 560.540” if it were subject to the EAR; and

(iii) In the case of software not subject to the EAR because it is described in 15 CFR 734.3(b)(3) that is exported, reexported, or provided, directly or indirectly, from the United States or by a U.S. person, wherever located, software that is of a type described in the “List of Services, Software, and Hardware Incident to Communications under 31 CFR 560.540”.

Note 1 to paragraphs (a)(2) and (3):

The authorizations in paragraphs (a)(2) and (3) of this section include the exportation, reexportation, or provision, directly or indirectly, to Iran of authorized hardware and software by an individual leaving the United States for Iran.

(4) Internet connectivity services and telecommunications capacity. The exportation or reexportation, directly or indirectly, from the United States or by a U.S. person, wherever located, to Iran of non-commercial-grade internet connectivity services, to include cloud-based services, and the provision, sale, or leasing of capacity on telecommunications transmission facilities (such as satellite or terrestrial network connectivity) incident to communications.

Note 2 to paragraph (a)(4):

See § 560.508 for authorizations relating to transactions with respect to the receipt and transmission of telecommunications involving Iran.

(5) Importation into the United States or a third country of hardware and software previously exported to Iran. The importation into the United States or a third country of hardware and software authorized for exportation, reexportation, or provision to Iran under paragraph (a)(2) or (3) of this section, provided that the hardware or software was previously exported, reexported, or provided to Iran under an authorization issued pursuant to this part.

Note 3 to paragraph (a)(5):

See § 560.306 for definitions of the terms goods of Iranian origin and Iranian-origin goods, which do not include goods that have been previously exported or reexported to Iran under an authorization issued pursuant to this part and which have subsequently been exported from and are located outside of Iran.

(6) Publicly available, no cost services and software to the Government of Iran—(i) Services. The exportation or reexportation, directly or indirectly, from the United States or by a U.S. person, wherever located, to the Government of Iran, as defined in § 560.304, of services described in paragraph (a)(1) of this section or categories (6) through (11) of the “List of Services, Software, and Hardware Incident to Communications under 31 CFR 560.540”, provided that such services are publicly available at no cost to the user.

(ii) Software. The exportation, reexportation, or provision, directly or indirectly, to the Government of Iran of software described in paragraph (a)(2) or (3) of this section or categories (6) through (11) of the “List of Services, Software, and Hardware Incident to Communications under 31 CFR 560.540”, provided that such software is publicly available at no cost to the user.

(7) Services conducted outside Iran to install, repair, or replace. The exportation or reexportation, directly or indirectly, from the United States or by a U.S. person, wherever located, to Iran of services conducted outside Iran to install, repair, or replace hardware or software authorized for exportation, reexportation, or provision to Iran pursuant to paragraph (a)(2) or (3) of this section.

Note 4 to paragraph (a):

In paragraph (a)(6) of this section, the term “publicly available” refers generally to software that is widely available to the public. Paragraph (a)(3)(iii) of this section refers to software that is described in 15 CFR 734.3(b)(3), which defines “publicly available” software for purposes of the EAR. The scope of the term “publicly available” in paragraph (a)(6) of this section thus differs from the scope of the Department of Commerce's regulation at 15 CFR 734.3(b)(3) as referenced in paragraph (a)(3)(iii) of this section.

(b) This section does not authorize:

(1) The exportation, reexportation, or provision, directly or indirectly, of the services, software, or hardware specified in paragraph (a) of this section with knowledge or reason to know that such services, software, or hardware are intended for the Government of Iran, except for services or software specified in paragraph (a)(6) of this section, or for any person blocked pursuant to this part other than the Government of Iran.

(2) The exportation or reexportation, directly or indirectly, of commercial-grade internet connectivity services or telecommunications transmission facilities (such as dedicated satellite links or dedicated lines that include quality of service guarantees).

(3) The exportation or reexportation, directly or indirectly, of web-hosting services that are for websites of commercial entities located in Iran or of domain name registration services for or on behalf of the Government of Iran, as defined in § 560.304, or any other person whose property and interests in property are blocked pursuant to § 560.211.

(4) Any transaction by a U.S.-owned or -controlled foreign entity otherwise prohibited by § 560.215 if the transaction would be prohibited by any other part of chapter V if engaged in by a U.S. person or in the United States.

(5) Any action or activity involving any item (including information) subject to the EAR that is prohibited by, or otherwise requires a license under, part 744 of the EAR or participation in any transaction involving a person whose export privileges have been denied pursuant to part 764 or 766 of the EAR, without authorization from the Department of Commerce.

(c) Transfers of funds from Iran or for or on behalf of a person in Iran in furtherance of an underlying transaction authorized by paragraph (a) of this section may be processed by U.S. depository institutions and U.S. registered brokers or dealers in securities provided they are consistent with § 560.516.

(d) Specific licenses may be issued on a case-by-case basis for the exportation, reexportation, or provision of services, software, or hardware incident to communications not specified in paragraph (a) of this section, including in the “List of Services, Software, and Hardware Incident to Communications under 31 CFR 560.540”, or other activities to support internet freedom in Iran, including development and hosting of anti-surveillance software by Iranian developers.

[89 FR 43313, May 17, 2024]
authority: 3 U.S.C. 301; 18 U.S.C. 2339B,2332d; 22 U.S.C. 2349aa-9,7201,8501,8701; 31 U.S.C. 321(b); 50 U.S.C. 1601-1651,1701; Pub. L. 101-410, 104 Stat. 890, as amended (28 U.S.C. 2461 note); E.O. 12613, 52 FR 41940, 3 CFR, 1987 Comp., p. 256; E.O. 12957, 60 FR 14615, 3 CFR, 1995 Comp., p. 332; E.O. 12959, 60 FR 24757, 3 CFR, 1995 Comp., p. 356; E.O. 13059, 62 FR 44531, 3 CFR, 1997 Comp., p. 217; E.O. 13599, 77 FR 6659, 3 CFR, 2012 Comp., p. 215; E.O. 13846, 83 FR 38939, 3 CFR, 2018 Comp., p. 854
source: 77 FR 64666, Oct. 22, 2012, unless otherwise noted.
cite as: 31 CFR 560.540