Work from Prohibited or High-Risk Jurisdictions

The subject performs work-related activities from a jurisdiction explicitly prohibited or classified as high-risk by the organization, in violation of policy, regulatory obligations, or contractual restrictions.

These jurisdictions are typically defined based on legal, regulatory, geopolitical, or security considerations. This includes sanctioned countries, regions subject to export control restrictions, locations with elevated cyber threat activity, or jurisdictions where data access is restricted due to sovereignty or client requirements.

Unlike general undeclared international remote work, this behavior involves access from locations where work is explicitly disallowed, regardless of disclosure. Even where the subject has notified the organization of travel, performing work from these jurisdictions constitutes a direct infringement due to the inherent risk profile.

Operating from prohibited or high-risk jurisdictions introduces severe exposure, including:

• Breach of international sanctions or export control laws
• Unauthorized cross-border transfer or access to regulated data
• Increased likelihood of interception, monitoring, or compromise by hostile entities
• Violation of contractual obligations with clients, governments, or partners

In some cases, subjects may knowingly disregard restrictions due to convenience or personal circumstances. In more serious scenarios, this behavior may indicate coercion exposure, or deliberate or inadvertent data exfiltration to a third-party.

This sub-section represents a high-severity infringement category, as the risk is intrinsic to the location itself, not just the lack of approval.