GitHub and Export Controls
GitHub.com, GitHub Enterprise, and the information you upload to either product may be subject to US export control laws, including U.S. Export Administration Regulations (the EAR).
Although we've provided the following information below for your convenience, it is ultimately your responsibility to ensure that your use of GitHub's products and services comply with all applicable laws and regulations, including US export control laws.
GitHub.com, the cloud-hosted service offering available at github.com has not been audited for compliance with ITAR or other export controls, and does not currently offer the ability to restrict repository access by country.
If you are looking to collaborate on ITAR- or other export-controlled data, we recommend you consider GitHub Enterprise, GitHub's on-premises offering.
GitHub Enterprise is a self-hosted virtual appliance that can be run within your own datacenter or virtual private cloud. As such, GitHub Enterprise can be used to store ITAR- or other export-controlled information, however, end users are responsible for ensuring such compliance.
GitHub has an Encryption Registration Number (ERN) of
GitHub Enterprise is a commercial, mass-market product and has been assigned the Encryption Control Registration Number (ECCN) of
5D992.c and may be exported to most destinations with no license required (NLR).
GitHub Enterprise may not be sold to, exported, or re-exported to any country listed in Country Group E:1 in Supplement No. 1 to part 740 of the EAR. This list currently contains Cuba, Iran, North Korea, Sudan & Syria, but may be subject to change.