Cross-Border Obligations

Cross Border Obligations

Many organisations are bound by what is allowed to cross their borders. For example: in Swiss banks, there are strong controls in place to make sure no data leaves Switzerland. This is a consideration for code too, as code contributed to GitHub is data leaving the organisation and there may be requirements around these obligations.

Intersection With Open Source

• Cross Border Data Clearance (CBDC): Only really applies to data. Not source code. Public source doesn't apply. Working groups don't apply. Use of data classified as public. Not banning data, but asking "is this public?".

Controls

• Screen out (via Code Review) contributions containing data (including what might be regarded as "test data") and only allow code-only. This is another example of why preventing contributions with "test data" in them may be good policy.

• Publication Code Review Training

Further Reading

• Digital Cross-Border Compliance: The Definitive Guide - Written by Apiax.