What's actually legal now
As of July 2026, the core economic sanctions walls against Syria are down. The United States terminated its comprehensive Syria sanctions program on July 1, 2025 under Executive Order 14312, the European Union lifted its economic sanctions on May 28, 2025, and the US Congress permanently repealed the Caesar Act in the FY2026 National Defense Authorization Act, signed December 18, 2025. A European or Gulf-domiciled company faces essentially no economic-sanctions barrier to doing business with Syria today. A US-domiciled company, or one dependent on US cloud infrastructure, still has two things to check before committing: export-control classification, and the residual "State Sponsor of Terrorism" designation, which is itself now mid-rescission.
How the wall came down
The dismantling happened in three stages. General License 25, issued May 23, 2025, authorized transactions otherwise prohibited under the Syrian Sanctions Regulations and paired it with a State Department Caesar Act waiver. Executive Order 14312 then revoked the six executive orders underpinning the sanctions program and terminated the national emergency behind it, effective July 1, 2025. The Treasury's Office of Foreign Assets Control removed 518 individuals and entities from the Specially Designated Nationals list, including the Central Bank of Syria and all Syrian financial institutions — meaning US persons can now provide financial services and process payments through Syrian banks. The Syrian Sanctions Regulations were formally struck from the Code of Federal Regulations on August 26, 2025.
The Caesar Act repeal, folded into the FY2026 NDAA and passed by the Senate 77–20, removed the mandatory secondary-sanctions threat that had deterred foreign — particularly Gulf and European — investment for years. It is unconditional, though it requires the President to certify Syria's progress to Congress every 180 days for four years, a mechanism worth watching for reversal risk.
The EU and UK moved on a similar timeline: the EU adopted its sanctions lift on May 28, 2025, delisting the Central Bank of Syria and telecom entities, and restored the full EU-Syria Cooperation Agreement in May 2026. The UK delisted dozens of entities through March and April 2025.
What still complicates SaaS and tech specifically
Two things remain, and they matter more for software and cloud services than for most other sectors. First, export controls: the Commerce Department eased licensing on September 2, 2025, so civilian-use software and consumer communications devices generally no longer require a license, but legal counsel (Goodwin, October 2025) has flagged that "specific controls remain that restrict the provision of items to Syria, including software or cloud-based services." Accurate export classification and Specially Designated Nationals screening are still a real compliance step, not a formality.
Second, the State Sponsor of Terrorism designation. Syria has carried this label since 1979. On July 8, 2026, the State Department notified Congress of the administration's intent to rescind it, opening a 45-day congressional review period that, absent objection, would conclude in late August 2026 (State Department, July 2026). The designation's practical effect on SaaS has been less about direct legal prohibition and more about the compliance stigma it created — many US cloud and payments platforms geoblocked Syria out of caution well beyond what the law strictly required, and some (AWS, Azure, Stripe, PayPal) had still not fully updated their posture as of mid-2026.
What this means for a market-entry decision
If your company is domiciled in Europe, the Gulf, or another non-US jurisdiction, the sanctions question is largely settled — the remaining diligence is standard SDN screening. If you are US-domiciled or run on US hyperscale cloud, the sanctions wall is also down, but you should document your export-control classification now and watch the SST rescission timeline, since its completion removes the last significant reputational and compliance friction specific to your sector. Either way, the regulatory story is no longer the reason to wait — the harder constraints on Syria market entry now sit in infrastructure and payments, not sanctions law.
For a full picture of how sanctions relief interacts with connectivity, payment rails, and Gulf capital flows, see our market-entry opportunity map for Syria. Companies weighing responsible-investment framing given Syria's transitional political context should also review our responsible investment communications work.
This is not legal advice. Sanctions and export-control rules change quickly and depend on your specific jurisdiction and business model; consult qualified counsel before acting on any of the above.
Ready to assess where your company actually stands on Syria market entry? Run the Readiness Scorecard or book a call with our team.
Sources: US Department of State, EO 14312 background, [FY2026 NDAA Caesar Act repeal], [EU Council sanctions decision May 2025], [Goodwin export-control client alert, October 2025].