Washington, D.C. – Today, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS), in conjunction with the U.S. Department of State, announced the removal of Canada-based Sandvine Incorporated (Sandvine) from the Entity List in light of changes the company has made to its corporate governance and business practices.

Sandvine was added to the Entity List in February 2024 after its products were used to conduct mass web-monitoring and censorship and target human rights activists and dissidents, including by enabling the misuse of commercial spyware. It has since taken significant steps to address the misuse of its technology that can undermine human rights.

Over the past several months, Sandvine has overhauled its corporate structure, leadership, and business model. The company has pivoted to focus on servicing democracies committed to the protection of human rights. Sandvine’s actions include, amongst others: exiting non-democratic countries, with 32 already exited and an additional 24 countries in process; fostering deeper relationships with civil society; dedicating profits to the protection of rights; adding human rights experts to its new leadership team; vetting business decisions through the newly created Business Ethics Committee; and closely monitoring technology misuse in countries in which they plan to remain.

The Departments of Commerce and State will closely monitor Sandvine's implementation of its commitments.

“Recognizing when a company has changed its behavior to protect national security and human rights is just as critical as restricting trade with parties of concern,” said Principal Deputy Assistant Secretary of Commerce for Export Administration Matthew Borman. “Sandvine’s delisting is a clear example of how the Entity List may be used to shape corporate behavior in favor of human rights and digital safety.”

“Promoting and protecting human rights is not just critical for U.S. national security and foreign policy, it’s good business. The U.S. government won’t hesitate to use all available tools – including export controls, sanctions, and others – to promote accountability and advance human rights. As Sandvine’s listing and subsequent delisting shows, these tools work in driving reform and strengthening human rights due diligence,” said Deputy Assistant Secretary of State Christopher Le Mon. “This action demonstrates clearly that accountability for human rights abuses has a positive impact on addressing past harm and preventing future abuses. We will continue to work with industry and civil society to promote reforms and counter the misuse of technology to violate or abuse human rights worldwide.” 

This action supports the United States’ commitments under the Export Controls and Human Rights Initiative (ECHRI) and comprehensive approach to countering the misuse of surveillance and censorship technologies, including commercial spyware. The United States continues to advance the promotion and protection of human rights globally, including by using export controls to prevent the misuse of items that may enable human rights abuses.

The removal of Sandvine from the Entity List reaffirms the United States’ commitment to put human rights at the center of U.S. foreign policy and the effectiveness of the United States’ tools to bolster business and human rights reforms.  

Additional Background on the Entity List Process

This BIS action was taken under the authority of the Export Control Reform Act of 2018 and its implementing regulations, the Export Administration Regulations (EAR).

The Entity List (supplement no. 4 to part 744 of the EAR) identifies entities and addresses for which there is reasonable cause to believe, based on specific and articulable facts, that the entities – including businesses, research institutions, government and private organizations, individuals, and other types of legal persons – or parties that are operating at an address that presents a high diversion risk, have been involved, are involved, or pose a significant risk of being or becoming involved in activities contrary to the national security or foreign policy interests of the United States. Parties on the Entity List are subject to individual licensing requirements and policies supplemental to those found elsewhere in the EAR.

Entity List additions are determined by the interagency End-User Review Committee (ERC), comprised of the Departments of Commerce (Chair), Defense, State, Energy, and where appropriate, the Treasury. The ERC makes decisions regarding additions to, removals from, or other modifications to the Entity List. The ERC makes all decisions to add an entity to the Entity List by majority vote and makes all decisions to remove or modify an entity by unanimous vote.

Additional information on the Entity List is available on BIS’s website at: https://www.bis.gov/entity-list.  

For more information, visit www.bis.gov.

###