Sophos Global Trade Compliance

It is Sophos’ corporate policy to comply with all applicable global trade compliance laws and regulations, including all export controls and economic sanctions laws and regulations in each country in which it does business. This policy applies to all Sophos subsidiaries, affiliates, and employees. Sophos also requires its partners and customers to comply with these laws and regulations when they purchase and use our products and services.

Any person or entity exporting or re-exporting Sophos products directly or indirectly and via any means, including electronic transfer, is wholly responsible for complying with the applicable export control and economic sanctions laws and regulations, including, but not limited to, the laws and regulations of the United States, United Kingdom, and the European Union.

Prohibited Jurisdictions

The exportation, re-exportation, sale or supply, directly or indirectly, from the United States, or by a U.S. person wherever located, of any Sophos goods, software, technology (including technical data), or services toIran, North Korea, Cuba, Russia, Belarus, or the Donetsk, Luhansk or Crimea region of Ukraineis strictly prohibited without prior authorization by the government with jurisdiction for the export shipment.

Prohibited and/or Restricted Person Lists

Sophos products may not be sold, exported, or reexported to any person or entity designated as prohibited or restricted by the United States, United Kingdom, or European Union (including, but not limited to, the U.S. Treasury Department’s list of Specially Designated Nationals or the U.S. Department of Commerce Denied Person’s List or Entity List).

Prohibited Uses

Sophos products may not be used for military purposes, or in connection with the development, production, handling, operation, maintenance, storage, detection, identification or dissemination of chemical, biological or nuclear weapons, or other nuclear explosive devices, or the development, production, maintenance or storage of missiles capable of delivering such weapons.

EU Export Controls

Certain Sophos products may be subject to the EU Dual Use export control regime, governed by Regulation (EC) No 821/2021. EU export controls require an export authorization for the export from the EU of the dual-use items listed in the EU Control List, in Annex I to the Regulation.

The export from the EU of certain Sophos products may require the completion of an End User declaration.

US Export Controls

The U.S. government regulates exports, including deemed exports (i.e., releasing controlled technology to foreign nationals, who are non-U.S. persons working from any country), re-exports, including deemed re-exports (i.e., releasing controlled technology outside the United States to a national of a third country), and transfers of U.S.-origin dual use goods, software, technology, technical data (collectively, "Items"), non-U.S. Items that incorporate certain amounts or types of U.S.-origin content, and the exporting activities of U.S. persons, including individuals and companies. These export controls apply to a wide range of Items that are transported out of the United States, moved between foreign countries (re-exported), or moved within a foreign country (transferred). The EAR set forth export restrictions on a wide variety of dual use goods, software, and technologies listed in the Commerce Control List, as well as restrictions relating to Items that are not specifically described on the Commerce Control List.

Any person or entity exporting or re-exporting Sophos products directly or indirectly and via any means, including electronic transfer, is wholly responsible for doing so in accordance with the EAR and any other applicable export controls.

For assistance with the U.S. Export Administration Regulations or for help determining your export compliance obligations (including licensing requirements), visit the U.S. Department of Commerce, Bureau of Industry and Security’s web page at https://www.bis.doc.gov/index.php/.

Important Notice & Disclaimer

Sophos provides this information as a general guideline to our customers and partners and makes no representation or warranty as to its accuracy or reliability. Each exporter is responsible for their own compliance with all applicable export control and sanctions laws and regulations, including Sophos Partners. Any use of the information herein by the user is without recourse to Sophos. Sophos expressly disclaims any liability whatsoever, including but not limited to, direct, indirect, incidental, special, or consequential damages in connection with or arising from the furnishing of the information provided herein. We recommend that customers and partners consult legal counsel to ensure their compliance with all Global Trade laws and regulations, including sanctions and export controls.