The following are the details of the rules:
GitHub.com,GitHub Enterprise Server and the information you upload to any of the Github products may be subject to trade control regulations, including the United States Export Control Regulation (EAR).)
GitHub's vision is to become a platform for global developer collaboration. We are responsible for a comprehensive review of government authorizations to ensure that users and customers are not affected by legal requirements. This includes keeping public repository services, including those for open source projects, available and accessible to support personal communications involving developers in sanctioned areas.
GitHub recently made some necessary changes to the way services are served in order to comply with U.S. trade control laws. With the development of U.S. trade control laws, we will continue to work with U.S. regulators to understand the extent to which we can provide free code collaboration services to developers in sanctioned markets. We believe that the provision of these free services supports the U.S. foreign policy of encouraging the free flow of information and freedom of speech in these markets.
In order to facilitate user understanding, we will describe in detail Github.com and Github Enterprise Server's legal issues to ensure that you understand that the use of GitHub products and services complies with all applicable laws and regulations, including U.S. export control laws.
Export Overview GitHub.com
Under our terms of service, users can only access and use GitHub.com in accordance with applicable laws, including U.S. export control and sanctions laws.
Users are responsible for ensuring that the content they develop and share on GitHub.com complies with U.S. export control laws, including EAR and the U.S. International Arms Trade Ordinance (ITAR). The cloud hosting service offered on Github.com is not intended to host ITAR-bound data. Currently, it does not provide the ability to restrict repository access by country/region. If you want to collaborate on ITAR or other export control data, we recommend that you consider using GitHub's native product, GitHub Enterprise Server.
U.S. trade control laws restrict the use of GitHub.com services by users in certain countries and regions. GitHub allows users of countries and regions subject to U.S. sanctions to use certain free GitHub.com services under authorization from the Office of Foreign Asset Control (OFAC) of the U.S. Treasury Department. The prohibition covers the use of IP agents, VPNs and other camouflage methods located in these restricted countries and addresses.
Under the United States and other applicable laws, special designated nationals(SDN)and other persons denied or blocked persons are prohibited from accessing or using GitHub.com. In addition, other users must not use GitHub.com on behalf of such parties(including governments in the sanctioned countries). In addition, GitHub.com shall not be used for purposes prohibited by applicable export control laws, including the prohibited end use described in 17CFR744.
GitHub Enterprise Serve
GitHub Enterprise Server is a self-hosted software product that can run in your own data center or virtual private cloud. Therefore, GitHub Enterprise Server can be used to store ITAR or other export control information, but the end user is still responsible for ensuring compliance with ITAR and other applicable export controls.
GitHub Enterprise Server is a commercial software product that has been assigned the 5D992.c Export Control Classification Number (ECCN) and may be exported to most destinations without a license (NLR).
GitHub Enterprise Server shall not be sold, exported or re-exported to any of the countries listed in the supplementary document to Part 740 of EAR or in Group E:1 of the States of the Crimean Region of Ukraine. The list currently includes Cuba, Iran, North Korea and Syria, but may change.
1. Which countries and regions do U.S. government sanctions apply to?
Crimea, Cuba, Iran, North Korea and Syria.
2. Will Github use be affected during travel in these areas?
Travel in these areas may affect the status of your account, but once you submit a successful appeal, you can restore availability once you are outside the sanctioned country or region.
3. What is available and unavailable?
The availability of sanctioned countries and regions in the United States will be limited, but some GitHub services may be available to free individuals and free organizations with GitHub.com accounts. This includes limited access to GitHub public repository services, such as GitHub pages and public repositories for open source projects, for personal purposes only, not for commercial purposes. The restriction also includes suspended access to private repository services and paid services (such as availability of private organized accounts and GitHub Marketplace services).
4. Can the private repositories of trade-restricted users be made public?
Repository administrators can expose restricted private repositories for personal use only, not for commercial purposes. Owners can do this by setting tabs in the repository and clicking the Open button. After the repository is exposed, users can access public repository services. This operation cannot be undone.
5. Can Trade Restricted Users Access Private Repository Data (e.g. Download or Delete Repository Data)?
Unfortunately, our understanding of the law did not allow us to download or delete private repository content until the U.S. government authorized it. Together with U.S. regulators, we will strongly advocate that trade-restricting users have the right to protect the content of their private repositories. We will also advocate more GitHub services for developers in sanctioned markets and further emphasize the importance of code collaboration in supporting personal communications among developers worldwide.
6. How do you define these specific users?
If GitHub determines that the user or customer is located in an area subject to U.S. trade control or that the user is subject to U.S. economic sanctions, the subsidiary account must comply with these legal requirements. Identifying the location of users and customers who implement these legal restrictions comes from many sources, including IP addresses and payment histories. Nationality and race are not used as sanctions to mark users.
7. How does GitHub ensure that persons who do not reside and/or have professional ties with sanctioned countries and regions still have the right to appeal?
In very few cases, the account will inadvertently or errors, we will have an appeal process to deal with such instances.
If the user considers that they are marked as errors, the user has the opportunity to appeal against the flag by providing authentication information to GitHub. If GitHub receives enough information to prove that the user is not a resident of the sanctioned territory or is subject to U.S. economic sanctions, the logo will be deleted. Please refer to the application form.