No, provided that the provision of services is not an indirect export to a person located in the Russian Federation.  For the purposes of the IT and Software Services Determination, OFAC interprets the “indirect” provision of the prohibited services to include when the benefit of the services is ultimately received by a “person located in the Russian Federation.”

In contrast, OFAC would not consider to be prohibited the provision of services to a third country company that is located outside of Russia, including such a company owned or controlled by persons located in the Russian Federation, provided that the services will not be further exported or reexported to persons located in the Russian Federation.

For example, the following scenarios describe services that would be prohibited under the IT and Software Services Determination:

• A U.S. company designs and delivers proprietary supply chain management software to a third country limited liability company (Company X) on behalf of its Russian parent company, which Company X intends to supply to its parent company.
• A U.S. company designs and delivers proprietary accounting software to a third country software re-seller (Company Y), which Company Y indicates that they intend to supply to a Russian company. 
• A U.S. consulting company signs a contract to provide enterprise management software and related information technology support services to Company X.  Company X provides access to these services to its Russian parent, such that employees from the Russian parent call the U.S. consulting company when they have problems with their enterprise management software. 

The following scenarios illustrate services to a non-Russian subsidiary of a Russian person that would not be prohibited under the IT and Software Services Determination:

• A U.S. software company assists a U.S. subsidiary of a Russian company in upgrading the U.S. subsidiary’s IT systems, including procuring new software and hardware.  The U.S. subsidiary has an office and employees in the United States and conducts business in the United States, and the services will not be exported or reexported to the Russian parent company.
• A U.S. software company signs a contract with the third-country subsidiary (Company Z) of a Russian company for the delivery via cloud of building information software to Company Z.  This subsidiary has an office and employees in the third country and conducts business in this third country, and the software will not be provided to the Russian parent company.
• A U.S. technology company designs a website for the subsidiary of a Russian company located in a third country. This subsidiary has an office and employees in the third country and conducts business in this third country, and the services will not be reexported to the Russian parent company.
   

OFAC expects to promulgate regulations that define or interpret these terms as follows:

The term enterprise management software means the following types of software:  enterprise resource planning (ERP), customer relationship management (CRM), business intelligence (BI), supply chain management (SCM), enterprise data warehouse (EDW), computerized maintenance management system (CMMS), project management, and product lifecycle management (PLM) software.

The term design and manufacturing software means the following types of software:  building information modelling (BIM), computer aided design (CAD), computer-aided manufacturing (CAM), and engineer to order (ETO) software.

The term cloud-based services includes the delivery of software via the internet or over the cloud, including through Software-as-a-Service (SaaS), or SaaS cloud services in relation to such software. 

The term information technology support services is defined consistent with the United Nations’ Central Product Classification (CPC) Code 83132 to include:  

1. providing technical expertise to solve problems for the client in using software, hardware, or an entire computer system, such as: (a) providing customer support in using or troubleshooting the software; (b) upgrading services and the provision of patches and updates; (c) providing customer support in using or troubleshooting the computer hardware, including testing and cleaning on a routine basis and repair of information technology (IT) equipment; (d) technical assistance in moving a client’s computer system to a new location; (e) providing customer support in using or troubleshooting the computer hardware and software in combination; and
2. providing technical expertise to solve specialized problems for the client in using a computer system, such as:  (a) auditing or assessing computer operations without providing advice or other follow-up action including auditing, assessing and documenting a server, network or process for components, capabilities, performance, or security; (b) data recovery services, i.e. retrieving a client’s data from a damaged or unstable hard drive or other storage medium, or providing standby computer equipment and duplicate software in a separate location to enable a client to relocate regular staff to resume and maintain routine computerized operations in event of a disaster such as a fire or flood; and (c) other IT technical support services not elsewhere classified.

The term information technology consultancy and design services includes both IT consulting services and IT design and development services for applications, and is defined consistent with United Nations’ Central Product Classification (CPC) Codes 83131 and 83141, respectively.

• IT consultancy services includes providing advice or expert opinion on technical matters related to the use of information technology, such as:  (a) advice on matters such as hardware and software requirements and procurement; (b) systems integration; (c) systems security; and (d) provision of expert testimony on IT related issues. 
• IT design and development services for applications includes services of designing the structure and/or writing the computer code necessary to create and/or implement a software application, such as:  (a) designing the structure of a web page and/or writing the computer code necessary to create and implement a web page; (b) designing the structure and content of a database and/or writing the computer code necessary to create and implement a database; (c) designing the structure and writing the computer code necessary to design and develop a custom software application; (d) customization and integration, adapting (modifying, configuring, etc.) and installing an existing application so that it is functional within the clients’ information system environment.

The IT and Software Services Determination prohibits the exportation, reexportation, sale, or supply, directly or indirectly, from the United States, or by a United States person, wherever located, of both IT support services and cloud-based services for the Covered Software to a person located in the Russian Federation.  IT support services include the provision of technical expertise to solve problems for the client in using software, hardware, or an entire computer system.  Cloud-based services include the supply of software and associated services via the internet or the cloud, including through Software-as-a-Service (SaaS).  See FAQ 1187 for more information on how OFAC intends to define “enterprise management software,” “design and manufacturing software,” “cloud-based services,” and “information technology support services.”

The following are examples of activities that would be prohibited by the IT and Software Services Determination if such services were provided to a company located in the Russian Federation that is not owned or controlled directly or indirectly by a U.S. person (Russian company):

• A U.S. company sells a cloud-based enterprise resource planning software subscription to a Russian company.
• A U.S. employee of a third country company provides customer support services to a Russian company that is experiencing technical difficulties with its human resources software.
• A U.S. company provides a software patch to a Russian company to fix a bug in its computer-aided design software.

The following are examples of activities that would not be prohibited by the IT and Software Services Determination:

• A U.S. company sells a cloud-based electronic health records software subscription to a Russian company.  
• A U.S. company provides customer support services to a Russian individual who is experiencing technical difficulties with their publicly available cloud-based spreadsheet web application. 
• A U.S. person working at a third country company provides customer support services to a Russian individual who is experiencing technical difficulties with their free-of-charge publicly available teleconferencing application.
• A U.S. company provides IT support services to a Russian individual to a non-covered software application.

The IT and Software Services Determination complements regulations to be issued by the U.S. Department of Commerce Bureau of Industry and Security (BIS) pertaining to the export, reexport, or transfer (in-country) to the Russian Federation of the following types of software subject to the Export Administration Regulations, 15 CFR part 730–774 (EAR):  Enterprise resource planning (ERP); customer relationship management (CRM); business intelligence (BI); supply chain management (SCM); enterprise data warehouse (EDW); computerized maintenance management system (CMMS); project management software, product lifecycle management (PLM);  building information modelling (BIM); computer aided design (CAD); computer-aided manufacturing (CAM); and engineering to order (ETO).

See General License (GL) 25D for more information about certain authorizations for transactions relating to the receipt or transmission of telecommunications involving the Russian Federation and the provision of certain services incident to the exchange of communications over the internet.  See GL 6D for more information on authorizations for transactions related to certain agricultural and medical activities involving the provision of information technology and software-related services. 

As noted in FAQ 1185, some of these activities may be subject to other Federal laws or requirements of other Federal agencies, including export, reexport, and transfer (in-country) licensing requirements maintained by the BIS under the EAR.
 

IT consultancy and design services include the development and implementation of software, as well as assistance or advice relating to the development and implementation of software, including the supply and installation of bespoke software.  However, the retail sale of off-the-shelf software, falling under United Nations’ Central Product Classification (CPC) Code 63252, is not included in the scope of IT consultancy and design services.  IT consultancy and design services are distinct from information technology (IT) support services, which fall under United Nations’ CPC Code 83132.  See FAQ 1187 for more information on how OFAC intends to define “IT consultancy and design services.”  See FAQ 1186 for a description of prohibited “IT support services” and “cloud-based services” for enterprise management software and design and manufacturing software. 

The following are examples of activities that would be prohibited by the IT and Software Services Determination if such services were provided to a company located in the Russian Federation that is not owned or controlled directly or indirectly by a U.S. person (Russian company):

• A U.S. company signs a contract with a Russian company to assist the Russian company in upgrading its IT systems.  The U.S. consulting company advises on, among other matters, the kinds of software and hardware needed for the Russian company’s operations and how best to procure such technology. 
• A U.S. company works to modify existing web applications to be functional within a Russian company’s internal IT environment.
• A U.S. service provider signs a contract with a Russian company for the design and engineering of bespoke (i.e., custom-made) software that the Russian company uses for internal purposes.
• A U.S. person working at a third country company signs a contract with a Russian company to design the structure of their sales website.

The following are examples of activities that would not be prohibited by the IT and Software Services Determination: 

• A U.S. service provider provides a Russian company with internet access. 
• A U.S. service provider provides a Russian company with internet services.  The delivery of internet services includes, for example, Domain Name Services.
• A U.S. company provides Russian individuals and entities with continued access to cloud-based, free-of-charge, publicly available web applications, such as email, spreadsheet, and document applications.
• A U.S. company provides virtual private network (VPN) services to customers in the Russian Federation.

Some of these activities – such as the sale of off-the-shelf software – may be subject to other Federal laws or requirements of other Federal agencies, including export, reexport, and transfer (in-country) license requirements maintained by the Department of Commerce’s Bureau of Industry and Security under the Export Administration Regulations, 15 CFR parts 730–774 (EAR).   
 

In line with G7 efforts to disrupt Russia’s defense industry’s reliance on western IT systems, on June 12, 2024, Treasury issued a determination that restricts the provision of certain IT and software-related services to Russia.  The determination, “Prohibition on Certain Information Technology and Software Services,” issued pursuant to Executive Order (E.O.) 14071 (the “IT and Software Services Determination”), prohibits the exportation, reexportation, sale, or supply, directly or indirectly, from the United States, or by a United States person, wherever located, to any person located in the Russian Federation of:  (1) IT consultancy and design services; and (2) IT support services and cloud-based services for the following categories of software: enterprise management software and design and manufacturing software (collectively, “Covered Software”).  The IT and Software Services Determination will take effect at 12:01 a.m. eastern daylight time on September 12, 2024.  See FAQs 1185, 1186, 1187, and 1188 for additional information. 

The aim of this action is not to prohibit all activity relating to the provision of IT and software-related services to Russia.  The United States strongly supports the free flow of information and communications globally as facilitated by telecommunications and the internet.  These measures do not prohibit internet access or the delivery of internet-based communications services.  Treasury already has in place General License (GL) 25D, which authorizes certain transactions ordinarily incident and necessary to the receipt or transmission of telecommunications involving the Russian Federation and the provision of certain services incident to the exchange of communications over the internet, subject to certain restrictions.  For additional information, see FAQ 1040.  Treasury has also amended GL 6D to authorize transactions related to certain agricultural and medical activities involving the provision of information technology and software-related services.  Additionally, the importation from any country, or the exportation to any country of any information or informational materials, regardless of format or medium, is generally exempt from the scope of sanctions prohibitions under the International Emergency Economic Powers Act.  See 50. U.S.C. § 1702(b)(3).

In addition, the IT and Software Services Determination does not prohibit the following IT and software services, which are excluded from its scope:  (1) any service to an entity located in the Russian Federation that is owned or controlled, directly or indirectly, by a United States person; (2) any service in connection with the wind down or divestiture of an entity located in the Russian Federation that is not owned or controlled, directly or indirectly, by a Russian person; and (3) any service for software that would be eligible for a license exception or otherwise authorized for export or reexport to Russia by the Department of Commerce.
 

On June 12, 2024, OFAC issued Russia-related general licenses (GLs) GL 99, GL 100, and amended GL 8J, authorizing certain transactions involving MOEX, NCC, NSD, or any entity in which one of these entities owns, directly or indirectly, individually or in the aggregate, a 50 percent or greater interest (collectively, “the Blocked Entities”).

GL 99 authorizes the wind down of transactions involving the Blocked Entities, as well as certain transactions related to the divestment to non-U.S. persons of debt or equity issued or guaranteed by, or derivative contracts involving, the Blocked Entities.  For example, GL 99 would authorize a U.S. person to divest their equity in MOEX to a non-blocked non-U.S. person.  This authorization expires at 12:01 a.m. eastern daylight time August 12, 2024.  See GL 99 for more information. 

GL 100 authorizes certain transactions for the divestment to non-blocked, non-U.S. persons of debt or equity, or for the conversion of currencies, involving one or more of the Blocked Entities solely as a securities, trade, or settlement depository, central counterparty or clearing house, or public trading market.  GL 100 is intended to cover the divestment of debt or equity of non-blocked companies that may be traded on or through one of the Blocked Entities in their capacity as a securities, trade, or settlement depository, central counterparty or clearing house, or public trading market.  For example, GL 100 would authorize a U.S. person to divest their equity in a non-blocked Russian company that is being traded on MOEX to a non-blocked, non-U.S. person.  This example would be distinct from the divestment of equity in MOEX itself, which would be covered by GL 99.  GL 100 would also authorize U.S. persons to transact with one of the Blocked Entities to the extent ordinarily incident and necessary to convert U.S. dollars to another currency, or vice versa.  This authorization expires at 12:01 a.m. eastern daylight time August 12, 2024. See GL 100 for more information.

GL 8J authorizes certain transactions related to energy involving NCC.  See FAQ 976 for more information.

Treasury remains focused on counteracting activity that involves sanctions evasion or third-country support to Russia’s military-industrial base. At the same time, legitimate humanitarian activity and agricultural and medical trade are not the target of our sanctions. Accordingly, FFIs may continue to conduct or facilitate any transaction(s) or provide any service related to activities that are otherwise authorized or exempted under the Russian Harmful Foreign Activities Sanctions program. Foreign persons do not risk the imposition of sanctions for engaging in transactions authorized for U.S. persons under General Licenses issued under the Russian Harmful Foreign Activities Sanctions program. 

FFIs may continue to rely on Treasury’s existing authorizations in place for transactions related to agricultural commodities, medicine, medical devices and related replacement parts, components, or software updates, the Coronavirus Disease 2019 (General License (GL) 6D), energy-related transactions (GL 8J), certain transactions in support of non-governmental organizations (GL 27), official business of third-country diplomatic or consular missions located in the Russian Federation (GL 20), certain transactions and official business of certain international organizations and entities by employees, grantees, or contractors thereof (31 CFR 587.510). Additionally, the importation or exportation of information or informational materials and transactions ordinarily incident to travel to or from any country are exempt under the International Emergency Economic Powers Act (IEEPA).  

See OFAC’s Advisory to Foreign Banks on Russia Sanctions Risks for additional guidance. 
 

In line with G7 commitments and in response to the Government of the Russian Federation’s continued efforts to reorient its economy and government resources to support its war effort, Treasury has updated its definition of Russia’s military-industrial base to include all persons blocked pursuant to E.O. 14024.  This updated definition reflects Russia’s reorientation of its economy and government resources to support its war.  This action means that FFIs risk being sanctioned for conducting or facilitating any significant transaction or transactions or for providing any service involving a person blocked pursuant to E.O. 14024. 

As updated in FAQ 1151, Russia’s military-industrial base includes all persons blocked pursuant to E.O. 14024, as well as any person operating in the technology, defense and related materiel, construction, aerospace, and manufacturing sectors of the Russian Federation economy (and other sectors as may be determined pursuant to E.O. 14024).  For definitions of those identified sectors, see FAQ 1126.  Russia’s military-industrial base may also include individuals and entities that support the sale, supply, or transfer, directly or indirectly, of critical items identified pursuant to subsection 11(a)(ii) of E.O. 14024 to the Russian Federation.  See determination of December 22, 2023 pursuant to subsection 11(a)(ii) of Executive Order 14024 (Russia Critical Items Determination). 

OFAC has also updated its Advisory to Foreign Banks on Russia Sanctions Risks to provide additional guidance for FFIs.  For additional information, see FAQs 1147, 1148, 1149, 1150, 1151, 1152, and 1182.