Skip to main content

Filter by topic and date

Filter by topic and date

IETF LLC Statement on OFAC Compliance Questions

24 Mar 2021

IETF contributors recently asked the IETF LLC about the implications of complying with the US Treasury Department’s Office of Financial Asset Controls (OFAC).


The sanctions rules managed by the US Treasury Department’s Office of Financial Asset Controls (OFAC) are nuanced and complex; broad statements about them are inevitably oversimplifications. That said, we think it unlikely that OFAC rules would meaningfully inhibit participation in IETF activities by individuals from sanctioned countries, or ever have in the past, as a general matter. OFAC rules focus on transactions and trade. Most IETF activity is fundamentally speech, excepted out from OFAC regulation either explicitly in the OFAC rules themselves or implicitly via U.S. constitutional safeguards.

We are not aware of any instance where OFAC rules have inhibited an individual from participating in the IETF. If such a situation were to arise in the future, we would work the affected individual to seek an appropriate accommodation to enable participation—for example, we could avoid problematic transactions while still engaging in communications, or seek a license from OFAC, or even escalate the issue as a legal matter if we thought that an individual’s right “to seek, receive and impart information and ideas through any media and regardless of frontiers” was being infringed (quoting the U.N. Declaration of Human Rights).

Properly complying with the OFAC regulations—as well as all other applicable laws and regulations—remains a critical task for IETF LLC. Our OFAC policy is designed to ensure our compliance. We do not anticipate that compliance will cause negative impacts on the IETF or its current or potential future new participants.

Recommendation of the IETF LLC to the General Area Dispatch working group and the Internet-Draft authors that asked the initial question.

We have no data to suggest OFAC rules have ever prevented any individual from participating in and contributing to the technical work of the IETF. We predict this will remain true in the future. OFAC rules thus do not appear to be a factor that will lead to a negative impact on the diversity and inclusiveness of the IETF. Further, OFAC regulations are a complex, nuanced topic that is difficult for non-experts to assess, and that defy simple summary treatment. Misstatements about compliance can have consequences. 

Accordingly, we recommend that any IETF groups or individuals focusing on issues of diversity and inclusiveness leave OFAC issues out of scope, given that (a) they are unlikely to negatively impact participation, (b) there is no evidence suggesting it has had an impact in the past, and (c) statements about IETF OFAC compliance are best managed by legal counsel.

Share this page