Methodology

The authority taxonomy

A company can appear on several different government lists, and they do not mean the same thing. SpyLedger labels every designation with its authority and its legal type, because collapsing them — calling an export-control listing or an equipment rule a “sanction” — is both wrong and unfair. The four types in the record:

Sanction (asset-blocking)

Property within US jurisdiction is blocked and US persons are generally prohibited from dealings (e.g. OFAC SDN List).

Export control

A license is required to export US-origin items/technology to the entity, typically reviewed under a presumption of denial (e.g. BIS Entity List). It is not an asset freeze.

Equipment-authorization restriction

Covered equipment cannot receive new FCC authorization for certain purposes. It is not a sanction or asset freeze and does not ban all of the company’s products (e.g. FCC Covered List).

Investment restriction

US persons are barred from buying or selling the company’s publicly traded securities. It is not an asset freeze or a ban on ordinary commercial trade (e.g. Treasury NS-CMIC List).

Each program code on a designation (RUSSIA-EO14024, CMIC-EO13959, SDGT and the like) corresponds to a specific OFAC authority; the sanctions-programs reference explains what each one means. The clearest example is the FCC Covered List: it restricts new equipment authorizations for certain national-security-sensitive purposes. It is not an asset freeze and does not ban all of a company's products in the United States, so SpyLedger renders it as an equipment-authorization restriction with its verbatim scope, never as a flat sanction.

Scope — and fairness

• Designations are rebuilt from primary public-domain feeds — US BIS Entity List, US OFAC SDN, US Treasury NS-CMIC, the US FCC Covered List, and the EU consolidated list — each with a source link. Designation status is a statement of public government record.
• No designation is stated plainly. Where a vendor carries no designation, the record says so explicitly. Inclusion in SpyLedger is not itself an accusation — several tracked vendors have no designation at all.
• Removed listings are marked historical. A delisted or rescinded action (for example, a listing later removed after corporate reforms) is shown as historical, not active.
• Look-alike entities are not conflated. A designation against one legal entity is not attributed to a similarly named affiliate unless the primary record names that entity.
• No customer-deployment claims in v0. Which government uses which product is the highest-evidence, highest-risk claim in this field; it is curated separately and not published here.

Ethical guardrail — track the watchers, not the watched

SpyLedger documents the surveillance industry and the governments that regulate it — the powerful side of the ledger. It is the deliberate inverse of surveillance. It carries no victim or target identities, ever; no individual personal data below the corporate-officer line; and no raw leaked material — where reporting derives from a leak, SpyLedger would cite the published analysis, never republish a dump.

Corrections & disputes

Any named entity can dispute an entry. Because every designation is sourced to a primary government record, most disputes resolve by checking the linked source. Where a status has changed — a delisting, a corrected scope, a misattributed entity — the correction is applied and the entry updated. Reach us via the contact page; substantiated corrections are reflected in the next build. SpyLedger is released under CC BY 4.0, so downstream copies should re-pull to pick up corrections.