Trade Compliance Basics
GitLab software is considered U.S.-origin because the company is headquartered in this country.
What is the United States?
This Middle Eastern country is under comprehensive U.S. sanctions and prohibits nearly all business dealings.
What is Iran?
Team members may contact the Ethics & Compliance team for guidance using this Slack channel.
What is #ethics-and-compliance? (also acceptable: #sales-trade-compliance, #legal
This U.S. regulation governs exports of commercial and dual-use items, including software.
What is the EAR?
According to GitLab's training, this many people are responsible for trade compliance.
Who is everyone?
These three federal agencies oversee U.S. trade control regulations.
What are the Department of State, Department of Commerce, and Department of Treasury?
U.S. law treats these three Ukrainian regions as sanctioned because they are occupied by Russia.
What are Crimea, Donetsk, and Luhansk?
This GitLab executive serves as the Chief Legal Officer and receives reports of compliance violations.
Who is Robin Schulman?
The Department of Commerce enforces export controls through this bureau.
What is BIS (Bureau of Industry and Security)?
This GitLab committee, through the Board of Directors, is responsible for administering the Code of Conduct.
What is the Audit Committee?
This alphanumeric code tells us how GitLab software is controlled for export under US law.
What is 5D992.c?
A U.S. embargo on this company was lifted in 2025 after being originally imposed 46 years ago.
What is Syria?
This GitLab-provided reporting tool allows team members to report compliance violations anonymously, 24 hours a day, 365 days a year.
What is EthicsPoint?
GitLab must comply with this rule that prevents dealing with entities owned 50% or more by a Specially Designated National (aka an entity that is sanctioned).
What is OFAC’s 50% Rule?
Team members who become aware of potential compliance violations have this mandatory responsibility under GitLab's Code of Conduct.
What is to report them (or what is reporting)?
This type of export happens even if the information never physically leaves the country.
What is a “deemed export”?
This country is subject to the longest-standing US embargo.
What is Cuba?
Use EthicsPoint for Code of Conduct violations, but use this service for team member relations issues to ensure proper routing and audit reporting.
What is Lighthouse Services?
Export controls apply globally due to this concept, which means the controls continue to apply to GitLab software even after it leaves the U.S.
What is extraterritorial jurisdiction?
Team members may face this type of personal consequence for intentionally violating trade compliance laws, separate from any company penalties.
What is individual criminal or civil liability?
GitLab software is controlled under this U.S. regulatory framework.
What is the EAR or Export Administration Regulations?
Sales opportunities involving these three countries require additional legal approval from the Ethics & Compliance team.
What are Russia, Belarus, and Ukraine?
GitLab policy strictly prohibits this type of action against team members who report violations in good faith.
What is retaliation?
This EU regulation controls exports of dual-use items and has its own sanctions framework separate from U.S. rules
What is the EU Dual-Use Regulation?
This person serves as Trade Compliance Counsel at GitLab.
Who is Lotty Aghasili?