1. Application and Scope.

This compliance addendum (“this CA”) applies to your use of Cribl’s Products under Cribl’s Standard Terms of Service or other written agreements between you and Cribl that incorporate this CA by reference (“Applicable Agreements”).

This CA supplements Applicable Agreements. In the event of a conflict between this CA and an Applicable Agreement, the terms and conditions of this CA shall control unless specifically superseded by the terms and conditions provided in an Applicable Agreement.

2. Sanctions and Export Controls.

You and Cribl shall comply with, and cannot be a business subject to, sanctions, embargos, or export controls that prohibit the transfer or possession of technology exchanged between you and Cribl through Applicable Agreements under any applicable sanction, embargo, or export control laws or regulations, as well as other enabling legislation and executive orders (“Sanctions”), including without limitation:

• Trade and economic sanctions maintained by the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”);
• Export Administration Regulations maintained by the U.S. Department of Commerce, Bureau of Industry and Security (15 C.F.R. 730.1 to 730.10 and supplements, including without limitation 15 C.F.R. 740.17), including the Denied Persons List, Entity List, and Unverified List;
• International Traffic in Arms Regulations maintained by the U.S. Department of State (22 C.F.R. 120.1 to 130.17); and
• Comparable laws or regulations in Canada, the European Union, the United Kingdom, and the United Nations such as the European Union’s Consolidated Financial Sanctions List, the United Kingdom’s Sanctions List and Consolidated List of Financial Sanctions Targets, and the United Nations Consolidated List.

You and Cribl cannot be owned, controlled, or acting on behalf of any person, entity, or party that is subject to Sanctions, directly or indirectly, or located in a country subject to Sanctions. You, Cribl, and our respective owners, officers, or directors, cannot be listed on the U.S. Treasury Department’s list of Specially Designated Nationals and Blocked Persons, the U.S. Commerce Department’s Denied Persons List, or similar lists of sanctioned, blocked, or denied parties.

You and Cribl cannot provide, sell, ship, or otherwise transfer Cribl Products persons or entities subject to Sanctions or appearing on Sanctions lists, or to persons or entities owned or controlled by persons or entities subject to Sanctions or appearing on Sanctions lists.

Cribl Products contain exported-controlled technologies. Specifically, Cribl Products are controlled with the following applicable Export Control Classification Numbers: 5D002 (encryption) and 5D991 (data routing). As a result, you cannot directly or indirectly provide, sell, export, re-export, ship, transfer, or divert Cribl Products in violation of export control requirements, including without limitation the Export Administration Regulations and the International Traffic in Arms Regulations. License exceptions may be available for 5D002 (encryption) under ENC Unrestricted as described in 15 U.S.C. 740.17(b)(1).

If prior authorization is required from the U.S. government for export of Cribl Products, you may apply for that authorization by submitting a license application to the applicable government agency. The Export Administration Regulations and OFAC regulations are available at:

• https://www.bis.doc.gov/index.php/regulations/export-administration-regulations-ear=
• https://www.treasury.gov/about/organizational-structure/offices/Pages/Office-of-Foreign-Assets-Control.aspx

3. Debarments.

You, Cribl, and our respective owners, officers, or directors cannot be suspended, debarred, excluded, or otherwise ineligible to participate in U.S. federal procurement or non-procurement programs, including under 21 U.S.C. 335a, identified in the U.S. Department of Health and Human Services, Office of Inspector General List of Excluded Individuals / Entities or the U.S. or the U.S. General Services Administration’s list of Parties Excluded from Federal Programs, or be convicted of any of the felonies identified among the exclusion authorities listed by the U.S. Department of Health and Human Services, Office of Inspector General (OIG) or other applicable legal requirements, including 42 U.S.C. 1320a-7(a), 21 U.S.C. 335a, and other applicable law.

4. Foreign Corrupt Practices

You and Cribl cannot corruptly make or receive any payments or other transfers of anything of value in connection with an Applicable Agreement that has the purpose or effect of public or commercial bribery or improperly influencing official action of any government employee, is in exchange for action in the recipient’s official capacity as a government employee, constitutes “facilitating” or “grease” payments to government employees to provide goods or services to which the payor is already entitled to receive, or the acceptance of, or acquiescence in, extortion, kickbacks, or other unlawful or improper means of obtaining or retaining business.

You and Cribl, and our respective owners, partners, officers, directors, employees, agents, representatives, subcontractors, subsidiaries, and affiliates are aware of and comply with the requirements of the United States Foreign Corrupt Practices Act (“FCPA”), 15 U.S.C. 77dd-1 et seq., as amended, and all applicable federal, state, local, and international laws and regulations concerning bribery or corruption.

5. Government Contracts.

Cribl is an equal opportunity employer. In contracts with the United States government and in other applicable circumstances, you and Cribl, and our respective subcontractors, shall abide by the requirements of (1) 41 CFR 60-1.4(a), which is a regulation that prohibits discrimination of race, color, religion, sexual orientation, gender identity, or national origin, and requires employers to employ persons, and treat such persons during employment, without regard to their race, color, religion, sex, sexual orientation, gender identity, or national origin; (2) 41 CFR 60-300.5(a), which is a regulation that prohibits discrimination against qualified protected veterans, and requires affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified protected veterans; and (3) 41 CFR 60-741.5(a), which is a regulation that prohibits discrimination against qualified individuals on the basis of disability, and requires affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified individuals with disabilities.

6. Federal Acquisition Regulations.

The following regulations will apply to Applicable Agreements FAR 52.203-6, Prohibition on Restriction of Government Subcontracting, FAR 52.204-23, Prohibition on Use of Hardware or Software Developed by Kaspersky Labs, FAR 52.204-25, Prohibition on Use of Telecommunications Equipment Furnished by Huawei or ZTE, FAR 52.219-8, Preference for Small Businesses, FAR 52.222.-35, Prohibition of Discrimination Against Veterans, FAR 52.222-36, Prohibition of Discrimination Against Individuals with Disabilities, FAR 52.222-37, Mandatory Filing of Federal Contractor Veteran’s Employment Report No Later than September 30, FAR 52.222-40, Mandatory Posting of Labor Rights Notice, 52.224-3, Requirement for Privacy Training for Individuals with Access to Records, and 352.222-70, Requirement of Cooperation with EEO.

7. Cooperation with Legal Processes.

Cribl will cooperate with all lawful court orders and requests from law enforcement. For example, your use of certain Cribl Products may be governed by the Stored Wire and Electronic Communications Act contained at 18 U.S.C. Chapter 121 and the Electronic Communication Privacy Act at 18 U.S.C. 2510 to -2523. Cribl will cooperate with all lawful court orders issued pursuant to those statutes. Law enforcement inquires can be sent to notice@cribl.io.

8. Reporting.

You and Cribl must immediately notify the other party if it knows or has reason to believe that a violation of any requirement in this CA has occurred or will occur, including without limitation reporting to the other party if you or Cribl appear on a Sanctions list.

You may report any violation or suspected violations of this CA by Cribl or its owners, partners, officers, directors, employees, agents, representatives, subcontractors, subsidiaries, or affiliates at https://cribl.ethicspoint.com or https://criblmobile.ethicspoint.com on a mobile device. You may report such violations or suspected violations anonymously.