IP geo-blocking and sanctions compliance

Yesterday, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced a settlement agreement with NewTek for apparent sanctions violations relating to Iran. NewTek is a small US company that develops and supplies live production and 3D animation hardware and software systems.

Corporates are coming increasingly under the regulatory radar and need to think more seriously about their approaches to compliance. The settlement agreement shows that NewTek was naive in its approach to sanctions compliance and as such this acts as yet another reminder to firms.

More interesting though are the remedial actions taken by NewTek and were considered by OFAC as mitigating factors. Following the apparent violations the company:

  • Established export controls and sanctions compliance policies and procedures;
  • Hired a Director of Compliance;
  • Provided compliance training to employees in sales, marketing, shipping, service, and compliance personnel;
  • Obtained formal export classifications from the U.S. Department of Commerce confirming that New Tek’s products are properly designated EAR99 for export control purposes;
  • Implemented bulk name screening of its product registrants and current and pending distributors against the SDN List;
  • Implemented geo-IP blocking measures to prevent individuals located in Cuba, Iran, North Korea, Syria, and the Crimea region of Ukraine from downloading or registering NewTek products;

The last of these is the most interesting.

If you are a software company, operating in the US or with US affiliation or ownership, what do you do today to stop your products from being downloaded by individuals located in sanctioned countries?

And since software is just bits and bytes, no different from web pages, documents, pictures or NFTs, what does this mean for other types of virtual assets?