[Federal Register Volume 89, Number 97 (Friday, May 17, 2024)]
[Rules and Regulations]
[Pages 43311-43314]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-10721]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Office of Foreign Assets Control

31 CFR Part 560


Iranian Transactions and Sanctions Regulations

AGENCY: Office of Foreign Assets Control, Treasury.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Department of the Treasury's Office of Foreign Assets 
Control (OFAC) is adopting a final rule amending the Iranian 
Transactions and Sanctions Regulations (ITSR) to incorporate a general 
license that was previously published on OFAC's website. In particular, 
the rule incorporates, with amendments, a general license relating to 
the export, reexport, and provision of certain services, software, and 
hardware incident to communications over the internet. This amendment 
also makes additional conforming changes.

DATES: This rule is effective May 17, 2024.

FOR FURTHER INFORMATION CONTACT: OFAC: Assistant Director for 
Licensing, 202-622-2480; Assistant Director for Regulatory Affairs, 
202-622-4855; or Assistant Director for Sanctions Compliance & 
Evaluation, 202-622-2490.

SUPPLEMENTARY INFORMATION:

Electronic Availability

    This document and additional information concerning OFAC are 
available on OFAC's website https://ofac.treasury.gov.

Background

    On October 22, 2012, OFAC issued a final rule that amended the 
former Iranian Transactions Regulations, 31 CFR part 560 (ITR), and 
reissued them in their entirety as the Iranian Transactions and 
Sanctions Regulations (ITSR or ``the Regulations'') (77 FR 64664, 
October 22, 2012). Since then, OFAC has amended the Regulations on 
several occasions. As set forth in more detail below, OFAC is now 
amending the Regulations to incorporate, with certain amendments, a 
general license that previously was published on OFAC's website and to 
make additional conforming changes.
    Services, Software, and Hardware Incident to Personal 
Communications. On March 10, 2010, in order to foster and support the 
free flow of information to individual Iranian citizens, OFAC issued a 
final rule amending the ITR to add a general license in Sec.  560.540 
authorizing the exportation of certain services and software incident 
to the exchange of personal communications over the internet, provided 
that, among other things, such services and software were publicly 
available at no cost to the user (75 FR 10997, March 10, 2010). The 
authorization under Sec.  560.540 was preserved in the ITSR, as 
reissued in October 2012 (77 FR 64664).
    On May 30, 2013, OFAC, in consultation with the Departments of 
State and Commerce, issued General License (GL) D under the 
Regulations. GL D was made available on OFAC's website and the Federal 
Register (78 FR 43278, July 19, 2013). GL D authorized the exportation 
or reexportation, directly or indirectly, from the United States or by 
U.S. persons, wherever located, to persons in Iran of additional 
services, software, and hardware incident to personal communications, 
including fee-based versions of the software and services authorized in 
Sec.  560.540, subject to certain conditions. GL D also contained an 
Annex that listed items authorized for export or reexport to Iran that 
had been determined to be incident to personal communications.
    On February 7, 2014, OFAC issued GL D-1, which replaced and 
superseded GL D in its entirety. GL D-1 was made available on OFAC's 
website and the Federal Register (79 FR 13736, March 11, 2014). GL D-1 
clarified certain aspects of GL D and added new authorizations relating 
to the provision to Iran and importation from Iran of certain hardware, 
software, and services incident to personal communications. GL D-1 also 
updated the Annex from GL D with minor technical amendments. On 
September 23, 2022, OFAC issued GL D-2, which replaced and superseded 
GL D-1 in its entirety. GL D-2 was made available on OFAC's website and 
in the Federal Register (87 FR 62003, October 13, 2022). GL D-2 updated 
and clarified GL D-1 by, among other things: removing the ``personal'' 
qualifier from the authorization for software and services incident to 
``personal communication''; providing additional examples of modern 
types of software and services that are incident to the exchange of 
communications, including social media platforms, collaboration 
platforms, video conferencing, e-gaming, e-learning platforms, 
automated translation, web maps, and user authentication services; 
explicitly authorizing cloud-based services and software in support of 
the foregoing software or services or of any other transaction that is 
authorized pursuant to the Regulations; clarifying the restrictions on 
the exportation of web-hosting services or domain name registration 
services; and expanding the specific licensing policy set forth in GL 
D-1. GL D-2 maintained the Annex as updated by GL D-1.
    OFAC, in consultation with the Departments of State and Commerce, 
is now amending the Regulations to incorporate the provisions of GL D-2 
and certain additional amendments into the existing authorization at 
Sec.  560.540. First, OFAC is amending Sec.  560.540(a) to incorporate 
paragraphs (a)(1) and (2) of GL D-2, which authorize the exportation or 
reexportation to Iran of certain no-cost or fee-based services and 
software that are incident to, and software that enables services 
incident to, the exchange of communications over the internet, as well 
as cloud-based services in support of the foregoing services or of any 
other transactions authorized or exempt under the Regulations, subject 
to certain conditions. New Sec.  560.540(a)(3) incorporates paragraph 
(a)(3) of GL D-2, which authorizes the exportation, reexportation, or 
provision of certain software, hardware, and related services not 
authorized by Sec.  560.540(a)(1) or (2). OFAC is also publishing in 
the Federal Register a list of the services, software, and hardware 
authorized by new Sec.  560.540(a)(3) (the ``List of Services, 
Software, and Hardware Incident to Communications under 31 CFR 
560.540''), which includes the items previously listed in the Annex to 
GL D-2. However, concurrent with this rule, OFAC is publishing an 
update, effective 30 days after publication of this rule, that would 
amend the ``List of Services, Software, and Hardware Incident to 
Communications under 31 CFR 560.540'' to limit the computing power of 
laptops, tablets, and personal computing devices that are authorized 
for exportation or reexportation to Iran under category (5) of ``List 
of Services, Software, and Hardware Incident to Communications under 31 
CFR 560.540'', in order to address concerns about the use of multiple, 
connected computing devices with increased computing powers to create 
high-powered computers. The updated ``List of Services, Software, and 
Hardware Incident to Communications under 31 CFR 560.540'' is being 
published separately in the Federal Register. New Sec.  560.540(a)(4) 
through (6) incorporate

[[Page 43312]]

paragraphs (a)(4) through (6) of GL D-2, which authorize: the 
exportation or reexportation of certain internet connectivity services 
and the provision, sale, or lease of telecommunications facilities 
incident to communications; the importation into the United States or a 
third country of hardware and software previously exported to Iran; and 
the exportation and reexportation of certain publicly available, no-
cost services and software to the Government of Iran, respectively.
    OFAC is also expanding Sec.  560.540 in two ways to address repair 
and replacement issues with respect to items exported pursuant to the 
ITSR. First, OFAC is revising the authorization at paragraph (a)(5) of 
GL D-2 and incorporating the revised text into Sec.  560.540(a)(5), to 
authorize transactions for the importation of hardware or software into 
third countries, in addition to the United States, provided that the 
items were previously exported to Iran pursuant to an authorization 
issued pursuant to the ITSR. Second, OFAC is adding a new Sec.  
560.540(a)(7) to authorize the exportation or reexportation, of certain 
services conducted outside Iran to install, repair, or replace hardware 
or software authorized for exportation, reexportation, or provision to 
Iran by paragraph (a)(2) or (3) of that section. The new Sec.  
560.540(a)(7) authorizes such services only when the service provider 
is located outside Iran and does not authorize the service providers to 
engage in such services while in Iran.
    This final rule also revises Sec.  560.540(b) to incorporate 
paragraph (b) of GL D-2, which includes restrictions on transactions 
authorized by Sec.  560.540(a), with slight revisions. Section 
560.540(b)(3) refines and clarifies the restrictions of paragraph 
(b)(4) of GL D-2 related to the provision of web-hosting services or of 
domain name registration services in Iran. Specifically, newly revised 
Sec.  560.540(b)(3) excludes from authorization the exportation or 
reexportation of web-hosting services for websites of commercial 
entities located in Iran or of domain name registration services for or 
on behalf of the Government of Iran or another person whose property 
and interests in property are blocked pursuant to Sec.  560.211.
    OFAC is revising Sec.  560.540(c) to incorporate paragraph (c) of 
GL D-2 into Sec.  560.540(c)(1), which provides that U.S. depository 
institutions and U.S. registered brokers or dealers in securities may 
process transfers of funds in furtherance of an underlying transaction 
authorized by Sec.  560.540(a), provided the transfer does not involve 
debiting or crediting an Iranian account. U.S. depository institutions 
and U.S. registered brokers or dealers in securities may also continue 
to process transfers of funds that are ordinarily incident and 
necessary to authorized transactions pursuant to Sec.  560.516.
    OFAC is also adding a new Sec.  560.540(d) to incorporate the 
specific licensing policy set forth in paragraph (d) of GL D-2, which 
expands upon the specific licensing policy previously set forth in 
Sec.  560.540(c). The new Sec.  560.540(d) sets forth a case-by-case 
licensing policy for additional activities that support internet 
freedom in Iran. OFAC is not incorporating certain notes and a 
provision in GL D-2 that are duplicative of prohibitions that continue 
to apply independently from the Regulations and therefore are 
unnecessary to include. Finally, OFAC is adding an explanatory note 
referring to this general license in Sec. Sec.  560.418, 560.508, and 
560.519. Upon publication of this final rule, OFAC will archive GL D-2 
on its website. GLs D, D-1, and D-2 will continue to be available in 
the Federal Register: GL D was published in the Federal Register on 
July 19, 2013 (78 FR 43278, July 19, 2013); GL D-1 was published in the 
Federal Register on March 11, 2014 (79 FR 13736, March 11, 2014); and 
GL D-2 was published in the Federal Register on October 13, 2022 (87 FR 
62003, October 13, 2022).

Public Participation

    Because the Regulations involve a foreign affairs function, the 
provisions of Executive Order (E.O.) 12866 of September 30, 1993, 
``Regulatory Planning and Review'' (58 FR 51735, October 4, 1993), as 
amended, and the Administrative Procedure Act (5 U.S.C. 553) requiring 
notice of proposed rulemaking, opportunity for public participation, 
and delay in effective date are inapplicable. Because no notice of 
proposed rulemaking is required for this rule, the Regulatory 
Flexibility Act (5 U.S.C. 601-612) does not apply.

Paperwork Reduction Act

    The collections of information related to the Regulations are 
contained in 31 CFR part 501 (the ``Reporting, Procedures and Penalties 
Regulations''). Pursuant to the Paperwork Reduction Act of 1995 (44 
U.S.C. 3507), those collections of information have been approved by 
the Office of Management and Budget under control number 1505-0164. An 
agency may not conduct or sponsor, and a person is not required to 
respond to, a collection of information unless the collection of 
information displays a valid control number.

List of Subjects in 31 CFR Part 560

    Administrative practice and procedure, Banks, banking, Blocking of 
assets, Communications, Credit, Foreign trade, Iran, Nonprofit 
organizations, Penalties, Reporting and recordkeeping requirements, 
Sanctions, Securities, Services.

    For the reasons set forth in the preamble, OFAC amends 31 CFR part 
560 as follows:

PART 560--IRANIAN TRANSACTIONS AND SANCTIONS REGULATIONS

0
1. The authority citation for part 560 continues to read as follows:

    Authority: 3 U.S.C. 301; 18 U.S.C. 2339B, 2332d; 22 U.S.C. 
2349aa-9, 7201-7211, 8501-8551, 8701-8795; 31 U.S.C. 321(b); 50 
U.S.C. 1601-1651, 1701-1706; Pub. L. 101-410, 104 Stat. 890, as 
amended (28 U.S.C. 2461 note); E.O. 12613, 52 FR 41940, 3 CFR, 1987 
Comp., p. 256; E.O. 12957, 60 FR 14615, 3 CFR, 1995 Comp., p. 332; 
E.O. 12959, 60 FR 24757, 3 CFR, 1995 Comp., p. 356; E.O. 13059, 62 
FR 44531, 3 CFR, 1997 Comp., p. 217; E.O. 13599, 77 FR 6659, 3 CFR, 
2012 Comp., p. 215; E.O. 13846, 83 FR 38939, 3 CFR, 2018 Comp., p. 
854.

Subpart D--Interpretations

0
2. Amend Sec.  560.418 by adding note 3 to the section to read as 
follows:


Sec.  560.418  Release of technology or software in the United States 
or a third country.

* * * * *

    Note 3 to Sec.  560.418: See Sec.  560.540 for a general license 
authorizing the exportation, reexportation, or provision to Iran of 
certain services, software, and hardware incident to the exchange of 
communications.

Subpart E--Licenses, Authorizations, and Statements of Licensing 
Policy

0
3. Amend Sec.  560.508 by adding note 1 to paragraph (a) to read as 
follows:


Sec.  560.508  Telecommunications and mail transactions authorized.

    (a) * * *

    Note 1 to paragraph (a): See Sec.  560.540 for a general license 
authorizing the exportation, reexportation, or provision to Iran of 
certain services, software, and hardware incident to the exchange of 
communications.

* * * * *

0
4. Amend Sec.  560.519 by revising the headings of the note to 
paragraph (c)(1) and the note to the section and adding note 3 to the 
section to read as follows:


Sec.  560.519  Journalistic activities and establishment of news 
bureaus in Iran.

* * * * *


[[Page 43313]]


    Note 1 to paragraph (c)(1): * * *

* * * * *

    Note 2 to Sec.  560.519: * * *


    Note 3 to Sec.  560.519: See Sec.  560.540 for a general license 
authorizing the exportation, reexportation, or provision to Iran of 
certain services, software, and hardware incident to the exchange of 
communications.


0
5. Revise Sec.  560.540 to read as follows:


Sec.  560.540  Certain services, software, and hardware incident to 
communications.

    (a) To the extent that such transactions are not exempt from the 
prohibitions of this part, and subject to the restrictions set forth in 
paragraph (b) of this section, the following transactions are 
authorized:
    (1) Services. The exportation or reexportation, directly or 
indirectly, from the United States or by a U.S. person, wherever 
located, to Iran of services incident to the exchange of communications 
over the internet, such as instant messaging, chat and email, social 
networking, sharing of photos and movies, web browsing, blogging, 
social media platforms, collaboration platforms, video conferencing, e-
gaming, e-learning platforms, automated translation, web maps, and user 
authentication services, as well as cloud-based services in support of 
the foregoing or of any other transaction authorized or exempt under 
this part.
    (2) Software--(i) Software subject to or excluded from the EAR. The 
exportation, reexportation, or provision, directly or indirectly, to 
Iran of software subject to the Export Administration Regulations, 15 
CFR parts 730 through 774 (EAR), pursuant to 15 CFR 734.3(a), that is 
incident to, or enables services incident to, the exchange of 
communications over the internet, such as instant messaging, chat and 
email, social networking, sharing of photos and movies, web browsing, 
blogging, social media platforms, collaboration platforms, video 
conferencing, e-gaming, e-learning platforms, automated translation, 
web maps, and user authentication services, as well as cloud-based 
services in support of the foregoing or of any other transaction 
authorized or exempt under this part, provided that such software is 
designated EAR99, excluded from the EAR because it is described under 
15 CFR 734.3(b)(3), or classified by the U.S. Department of Commerce on 
the Commerce Control List, 15 CFR part 774, supplement No. 1 (CCL), 
under export control classification number (ECCN) 5D992.c.
    (ii) Software that is not subject to the EAR because it is of 
foreign origin and is located outside the United States. The 
exportation, reexportation, or provision, directly or indirectly, by a 
U.S. person, wherever located, to Iran of software that is not subject 
to the EAR because it is of foreign origin and is located outside the 
United States, that is incident to, or enables services incident to, 
the exchange of communications over the internet, such as instant 
messaging, chat and email, social networking, sharing of photos and 
movies, web browsing, blogging, social media platforms, collaboration 
platforms, video conferencing, e-gaming, e-learning platforms, 
automated translation, web maps, and user authentication services, as 
well as cloud-based services in support of the foregoing or of any 
other transaction authorized or exempt under this part, provided that 
such software would be designated EAR99 if it were located in the 
United States or would meet the criteria for classification under ECCN 
5D992.c if it were subject to the EAR.
    (3) Additional software, hardware, and related services. To the 
extent not authorized by paragraph (a)(1) or (2) of this section, the 
exportation, reexportation, or provision, directly or indirectly, to 
Iran of certain software and hardware incident to communications, as 
well as related services, as follows:
    (i) In the case of hardware and software subject to the EAR, the 
items specified in the ``List of Services, Software, and Hardware 
Incident to Communications under 31 CFR 560.540'', which is maintained 
on OFAC's website (https://ofac.treasury.gov) on the Iran Sanctions 
page;
    (ii) In the case of hardware and software that is not subject to 
the EAR because it is of foreign origin and is located outside the 
United States that is exported, reexported, or provided, directly or 
indirectly, by a U.S. person, wherever located, hardware and software 
that is of a type described in the ``List of Services, Software, and 
Hardware Incident to Communications under 31 CFR 560.540'', provided 
that the item would be designated EAR99 if it were located in the 
United States or would meet the criteria for classification under the 
relevant ECCN specified in the ``List of Services, Software, and 
Hardware Incident to Communications under 31 CFR 560.540'' if it were 
subject to the EAR; and
    (iii) In the case of software not subject to the EAR because it is 
described in 15 CFR 734.3(b)(3) that is exported, reexported, or 
provided, directly or indirectly, from the United States or by a U.S. 
person, wherever located, software that is of a type described in the 
``List of Services, Software, and Hardware Incident to Communications 
under 31 CFR 560.540''.

    Note 1 to paragraphs (a)(2) and (3): The authorizations in 
paragraphs (a)(2) and (3) of this section include the exportation, 
reexportation, or provision, directly or indirectly, to Iran of 
authorized hardware and software by an individual leaving the United 
States for Iran.

    (4) Internet connectivity services and telecommunications capacity. 
The exportation or reexportation, directly or indirectly, from the 
United States or by a U.S. person, wherever located, to Iran of non-
commercial-grade internet connectivity services, to include cloud-based 
services, and the provision, sale, or leasing of capacity on 
telecommunications transmission facilities (such as satellite or 
terrestrial network connectivity) incident to communications.

    Note 2 to paragraph (a)(4): See Sec.  560.508 for authorizations 
relating to transactions with respect to the receipt and 
transmission of telecommunications involving Iran.

    (5) Importation into the United States or a third country of 
hardware and software previously exported to Iran. The importation into 
the United States or a third country of hardware and software 
authorized for exportation, reexportation, or provision to Iran under 
paragraph (a)(2) or (3) of this section, provided that the hardware or 
software was previously exported, reexported, or provided to Iran under 
an authorization issued pursuant to this part.

    Note 3 to paragraph (a)(5): See Sec.  560.306 for definitions of 
the terms goods of Iranian origin and Iranian-origin goods, which do 
not include goods that have been previously exported or reexported 
to Iran under an authorization issued pursuant to this part and 
which have subsequently been exported from and are located outside 
of Iran.

    (6) Publicly available, no cost services and software to the 
Government of Iran--(i) Services. The exportation or reexportation, 
directly or indirectly, from the United States or by a U.S. person, 
wherever located, to the Government of Iran, as defined in Sec.  
560.304, of services described in paragraph (a)(1) of this section or 
categories (6) through (11) of the ``List of Services, Software, and 
Hardware Incident to Communications under 31 CFR 560.540'', provided 
that such services are publicly available at no cost to the user.
    (ii) Software. The exportation, reexportation, or provision, 
directly or indirectly, to the Government of Iran of software described 
in paragraph (a)(2) or (3) of this section or categories (6) through 
(11) of the ``List of Services,

[[Page 43314]]

Software, and Hardware Incident to Communications under 31 CFR 
560.540'', provided that such software is publicly available at no cost 
to the user.
    (7) Services conducted outside Iran to install, repair, or replace. 
The exportation or reexportation, directly or indirectly, from the 
United States or by a U.S. person, wherever located, to Iran of 
services conducted outside Iran to install, repair, or replace hardware 
or software authorized for exportation, reexportation, or provision to 
Iran pursuant to paragraph (a)(2) or (3) of this section.

    Note 4 to paragraph (a): In paragraph (a)(6) of this section, 
the term ``publicly available'' refers generally to software that is 
widely available to the public. Paragraph (a)(3)(iii) of this 
section refers to software that is described in 15 CFR 734.3(b)(3), 
which defines ``publicly available'' software for purposes of the 
EAR. The scope of the term ``publicly available'' in paragraph 
(a)(6) of this section thus differs from the scope of the Department 
of Commerce's regulation at 15 CFR 734.3(b)(3) as referenced in 
paragraph (a)(3)(iii) of this section.

    (b) This section does not authorize:
    (1) The exportation, reexportation, or provision, directly or 
indirectly, of the services, software, or hardware specified in 
paragraph (a) of this section with knowledge or reason to know that 
such services, software, or hardware are intended for the Government of 
Iran, except for services or software specified in paragraph (a)(6) of 
this section, or for any person blocked pursuant to this part other 
than the Government of Iran.
    (2) The exportation or reexportation, directly or indirectly, of 
commercial-grade internet connectivity services or telecommunications 
transmission facilities (such as dedicated satellite links or dedicated 
lines that include quality of service guarantees).
    (3) The exportation or reexportation, directly or indirectly, of 
web-hosting services that are for websites of commercial entities 
located in Iran or of domain name registration services for or on 
behalf of the Government of Iran, as defined in Sec.  560.304, or any 
other person whose property and interests in property are blocked 
pursuant to Sec.  560.211.
    (4) Any transaction by a U.S.-owned or -controlled foreign entity 
otherwise prohibited by Sec.  560.215 if the transaction would be 
prohibited by any other part of chapter V if engaged in by a U.S. 
person or in the United States.
    (5) Any action or activity involving any item (including 
information) subject to the EAR that is prohibited by, or otherwise 
requires a license under, part 744 of the EAR or participation in any 
transaction involving a person whose export privileges have been denied 
pursuant to part 764 or 766 of the EAR, without authorization from the 
Department of Commerce.
    (c) Transfers of funds from Iran or for or on behalf of a person in 
Iran in furtherance of an underlying transaction authorized by 
paragraph (a) of this section may be processed by U.S. depository 
institutions and U.S. registered brokers or dealers in securities 
provided they are consistent with Sec.  560.516.
    (d) Specific licenses may be issued on a case-by-case basis for the 
exportation, reexportation, or provision of services, software, or 
hardware incident to communications not specified in paragraph (a) of 
this section, including in the ``List of Services, Software, and 
Hardware Incident to Communications under 31 CFR 560.540'', or other 
activities to support internet freedom in Iran, including development 
and hosting of anti-surveillance software by Iranian developers.

Bradley T. Smith,
Director, Office of Foreign Assets Control.
[FR Doc. 2024-10721 Filed 5-16-24; 8:45 am]
BILLING CODE 4810-AL-P