Geopolitics Technology · · 8 min read

GitHub’s Geopolitical Exposure Puts Open Source at Risk

Microsoft's ownership and US trade law compliance expose developers worldwide to sanctions and access restrictions, reviving questions about centralized code hosting.

B
based.technology
Technology

GitHub has blocked developers in Iran, Syria, and Crimea since 2019, and mounting US-China technology tensions threaten to extend those restrictions far wider.

The world’s largest code repository, owned by Microsoft and used by The Register estimates 83 million developers, operates under US export control laws that have already severed access for users in sanctioned territories. As Washington tightens semiconductor and AI Export Controls on Chinaadding 65 Chinese entities to restriction lists in 2025 alone – the possibility of broader GitHub access restrictions looms over the global developer community.

The Sanctions Precedent

TechCrunch reported in July 2019 that GitHub restricted private repositories and paid services for users based in Iran, Syria, Crimea, North Korea, and Cuba. Developers discovered their accounts locked without warning, unable to access private code or download backups. GitHub CEO Nat Friedman confirmed the company was “required to comply with US export law,” implementing restrictions based on IP address location and payment history rather than nationality.

A Crimean developer found his website hosted on GitHub returning 404 errors and his private repositories inaccessible. According to research published in 2025, 34% of affected Iranian users discontinued contributions when sanctions hit, though many returned after GitHub secured an Office of Foreign Assets Control license for Iran in 2021.

Context

US export controls apply extraterritorially through the Foreign Direct Product Rule, which can restrict items made anywhere if they use US technology or equipment. Software services provided over the internet were initially considered exempt, but GitHub’s own policy page notes it must comply with evolving trade control laws.

China in the Crosshairs

China represents GitHub’s second-largest user base. According to Rest of World, nearly 10% of GitHub’s 56 million contributors in 2020 came from China, where the platform serves as “the last major foreign-owned platform accessible in China that hosts user-generated content.”

Yet that access exists in a precarious legal space. The US Department of Commerce has expanded export controls on advanced computing, semiconductors, and related technologies to China through multiple rule packages in October 2022, October 2023, April 2024, and December 2024. While software collaboration services have not yet been directly targeted, the regulatory apparatus exists.

Microsoft suspended certain cloud services for Chinese institutions including Sun Yat-sen University and BGI Group in early 2025, according to Windows Forum, signaling that services once considered exempt from export controls face growing scrutiny. The suspensions, which disabled OneDrive, OneNote, and SharePoint access, were attributed to “strict export controls, trade blacklists, and evolving regulatory environments.”

GitHub’s Geopolitical Exposure
Users in China (2020)10%
Countries under US sanctions5
Chinese entities added to US export lists (2025)65

The Open Source Dilemma

The Software Freedom Conservancy, a nonprofit supporting open-source projects, has maintained a “Give Up GitHub” campaign since June 2022. While initially focused on concerns about GitHub Copilot’s use of open-source code for AI training, the organization’s stance reflects broader anxieties about relying on proprietary platforms controlled by US corporate interests.

The SFC told The Register it would “no longer accept new member projects that do not have a long-term plan to migrate away from GitHub.” The organization hosts over 40 member projects including Git, Samba, Wine, and Inkscape. Its campaign site recommends alternatives including GitLab, Codeberg, SourceHut, and self-hosted solutions.

China has already responded to potential GitHub restrictions by developing Gitee, a domestic alternative. Tekedia reported Gitee serves five million users hosting 10 million projects, backed by Huawei and nine other Chinese organizations. “Borderless collaboration is one key characteristic of Open Source, however the geopolitical friction is forcing China to consider alternatives,” Forrester analyst Charlie Dai observed.

July 2019
GitHub Restricts Sanctioned Countries
Platform blocks private repository access for Iran, Syria, Crimea, North Korea, Cuba based on US trade law.
June 2022
Software Freedom Conservancy Launches Campaign
Organization stops using GitHub, urges migration to alternatives citing proprietary control concerns.
December 2024
US Expands China Chip Controls
Commerce Department adds 140 Chinese entities to export restriction lists, tightens semiconductor equipment rules.
March 2025
Microsoft Service Suspensions
Cloud services disabled for select Chinese institutions amid export control compliance.

The Linux Foundation Test

Open source faces a fundamental stress test. In October 2024, according to Computer Weekly, the Linux Foundation removed Russian maintainers from kernel development in response to US sanctions. Amanda Brock of OpenUK warned that “any US sanctions to prevent people from certain countries from participating in open source projects not only has the potential to destroy global collaboration, but could also open the flood gates to wider scrutiny.”

The tension between open source’s borderless ethos and nation-state security concerns has never been sharper. Research from 2021 found China had the second-largest developer community on GitHub globally, contributing to projects including KubeEdge, Harbor, and Dragonfly. Cutting off that participation would fragment the ecosystem that has powered software innovation for three decades.

Alternatives to GitHub
  • GitLab: Offers self-hosted and cloud options with built-in CI/CD, gained 4% market share from 2018-19
  • Codeberg: Nonprofit platform with no external dependencies or tracking, powered by Gitea
  • SourceForge: Hosts over 502,000 projects with 30 million monthly users, completely open source
  • Self-hosted solutions: Gitea, Forgejo, and GitLab Community Edition provide full control

What to Watch

The Bureau of Industry and Security’s next rulemaking cycle in mid-2026 will clarify whether software collaboration platforms face new restrictions. Microsoft’s compliance decisions for its Chinese operations – including whether GitHub access will be curtailed for users at entities on the Commerce Department’s Entity List – remain uncertain.

Developers in countries with deteriorating US relations should establish backup access to their repositories now. The 2019 Iran restrictions gave no advance warning. Export control lawyers note the law provides no mechanism for companies to notify users before implementing restrictions.

The European Union’s Digital Markets Act and proposed Cyber Resilience Act may create alternative regulatory frameworks that force diversification of code hosting. For now, the global open-source community remains concentrated on infrastructure subject to unilateral US policy decisions – a risk that grows with every sanctions escalation.

Sources
The Register
US Congressional Research Service
TechCrunch
Rest of World
US Department of Commerce
Computer Weekly
ArXiv Research
Tekedia
China Export Controls Geopolitics GitHub Microsoft Open Source Software Freedom Conservancy
The Wire Daily

Get the day’s most important stories in technology, geopolitics, and macroeconomics — delivered every morning.

Subscribe Free →