Sanctions List Screening

Hi there,

One of my customers needs to do a sanctions list screening and asks met to do the same for the development software I’m using. Any ideas on how to proceed with this for n8n?

Thanks in advance, and best regards, Dick

Hey @dickhoning,
what do you mean by sanctions list screening? Usually the interesting places to look at for things like audits are

1 Like

An example (question) could be; does the software or any of it’s components originate from any of the countries that are on the European sanctions list …

1 Like

Well n8n is developed by the n8n GmbH registered in Berlin germany. You can also run n8n with other databases than sqlite, like PostgreSQL. If you optin to use horizontal scaling you would also use Redis as a message broker. All of these are registered companies and it depends if you are actually using them.

You could go deeper since n8n is an publicly github hosted project accepting pull request from outside users and using external npm dependencies as software modules. I personally would keep it at this highlevel approach of registered companies.

1 Like

Hi Marcus, thanks for the info. The only question remaining, is what to do when the high-level approach is not acceptable by my customer? Are GitHub and npm already taking care of this? Thanks again and best regards - Dick

Hey Dick,
npm and github are not taking care of this.

I can’t give you a definitive answer on that but my reasoning would be that the sanction list exist to not financially support any blacklisted governments. All the npm packages we use are open source so nobody is earning money here. Also all github pull requests coming from the community aren’t financially compensated and are tested thoroughly by n8n before getting merged. So nobody outside of n8n is earning money.

Hope this helps.

1 Like