Sophos Global Trade Compliance

Sophos Global Trade Compliance Overview

It is Sophos’ corporate policy to comply with all applicable global trade compliance laws and regulations, including all export controls and economic sanctions laws and regulations in each country in which it does business. This policy applies to all Sophos subsidiaries, affiliates, and employees. Sophos also requires its partners and customers to comply with these laws and regulations when they purchase and use of our products and services.

Any person or entity exporting or re-exporting Sophos products directly or indirectly and via any means, including electronic transfer, is wholly responsible for doing so in accordance with the applicable export control and economic sanctions laws and regulations, including, but not limited to, the laws and regulations of the United States, United Kingdom, and the European Union.

Embargoed Jurisdictions

The exportation, reexportation, sale or supply, directly or indirectly, from the United States, or by a U.S. person wherever located, of any Sophos goods, software, technology (including technical data), or services to Iran, Syria, Sudan, North Korea, Cuba, or the Crimea region of Ukraine is strictly prohibited without prior authorization by the U.S. Government.

Prohibited and/or Restricted Person Lists

Sophos products may not be sold, exported, or reexported to any person or entity designated as prohibited or restricted by the United States, United Kingdom, or European Union (including, but not limited to the U.S. Treasury Department’s list of Specially Designated Nationals or the U.S. Department of Commerce Denied Person’s List or Entity List).

Prohibited Uses

Sophos products may not be used for (i) military purposes, or (ii) use in connection with the development, production, handling, operation, maintenance, storage, detection, identification or dissemination of chemical, biological or nuclear weapons, or other nuclear explosive devices, or the development, production, maintenance or storage of missiles capable of delivering such weapons.

EU Export Controls

Sophos products are subject the EU Dual Use export control regime governed by Regulation (EC) No 428/2009. EU export controls require an export authorization for the export from the EU of the dual-use items listed in the EU Control List, in Annex I to the Regulation.

The export from the EU of certain Sophos products may require the completion of an End User declaration.

US Export Controls

Many Sophos products are subject to the US Export Administration Regulations (“EAR”) and must comply with US export control requirements. Any person or entity exporting or re-exporting Sophos products directly or indirectly and via any means, including electronic transfer, is wholly responsible for doing so in accordance with the EAR and any other applicable export controls.

The U.S. government regulates exports, including deemed exports (i.e., releasing controlled technology to a non-U.S. national in the United States), re-exports, including deemed re-exports (i.e., releasing controlled technology outside the United States to a national of a third country), and transfers of U.S.-origin goods, software, technology, technical data (collectively, "Items"), non-U.S. Items that incorporate certain amounts or types of U.S.-origin content, and the exporting activities of U.S. persons, including individuals and companies. These export controls apply to a wide range of Items that are transported out of the United States, moved between foreign countries (re-exported), or moved within a foreign country (transferred). The EAR set forth export restrictions on a wide variety of goods, software, and technologies listed in the Commerce Control List, as well as restrictions relating to Items that are not specifically described on the Commerce Control List.

ENC/Restricted and Government End Users

ENC/Restricted products may be exported or re-exported to most civilian and commercial end users located in all territories, except embargoed destinations and countries designated as supporting terrorist activities.

Export or reexport of ENC/Restricted products to government entities in many countries requires specific authorization from the US government. However, government entities located in the following countries do not require a specific authorization to receive ENC/Restricted products: Austria, Australia, Belgium, Bulgaria, Canada, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Japan, Latvia, Lithuania, Luxembourg, Malta, Netherlands, New Zealand, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey, United Kingdom, and United States.

Important Notice & Disclaimer

Sophos is providing this information as a general guideline to our customers and partners and makes no representation or warranty as to its accuracy or reliability. Each exporter is responsible for their own compliance with all applicable export control and sanctions laws and regulations. Any use of the information herein by the user is without recourse to Sophos. Sophos expressly disclaims any liability whatsoever, including but not limited to, direct, indirect, incidental, special, or consequential damages in connection with or arising from the furnishing of the information provided herein. We recommend that customers and partners consult legal counsel to ensure their compliance with all Global Trade laws and regulations, including sanctions and export controls.

For assistance with the US Export Administration Regulations or for help determining your export compliance obligations (including licensing requirements), visit the US Department of Commerce, Bureau of Industry and Security’s web page at

If you have questions regarding the information on this page, please contact us at