How EU Sanctions are Evolving and Challenging Compliance?

Sanctions are no longer limited to countries in conflict. Today, the European Union uses targeted measures against individuals, companies, vessels, sectors, and even specific technologies.

Organizations that operate in or with the EU need to treat sanctions compliance as an operational discipline to protect their business from financial crime, reputational harm, and regulatory actions.

As EU enforcement tightens and the European Union sanctions list expands, compliance teams need a clear view of how EU sanctions work, who must comply, and what internal controls are required.

What Are EU Sanctions?

EU sanctions, formally known as restrictive measures, are tools used under the Common Foreign and Security Policy (CFSP) of the EU to achieve certain objectives.

These include upholding human rights, countering terrorism, responding to breaches of international law, and defending the rule of law.

EU Sanctions List, also referred to as EU Consolidated Sanctions List, aggregates all entities and individuals subjected to these restrictions. This list is continuously updated to account for updates in the political and security aspects of EU. Compliance with EU restrictive measures is mandatory for all EU-based financial institutions and entities.

Why Was There a Need For EU Sanctions?

Before harmonization, EU member states handled sanctions implementation at the national level. This created loopholes for circumvention because the implementation varied across EU member states.

A common framework was needed to ensure all 27 member states operate in harmony and have a common enforcement criteria and reporting standards. Moreover, when implemented through regulations, it removes the need for national implementing laws, reducing divergence.

This will create legal certainty for businesses operating across the EU borders and enhance the Union’s global credibility in foreign policy coordination.

Types of EU sanctions

The EU enforces several categories of sanctions:

• Targeted Financial Sanctions: Freezing assets of individuals and legal entities who are identified for being linked to terrorism or violations of human rights.
• Sectoral Sanctions: Limiting transactions in areas like defense, technology, energy, and finance.
• Trade Embargoes: Prohibiting exports or imports of specific goods and services.
• Travel Restrictions: Banning sanctioned individuals’ entry in EU territories.

These sanctions are enacted via Council Decisions and implemented as Council Regulations, which are legally binding across all 27 EU member states.

History and Evolution of EU Sanctions

EU sanctions began in the 1990s after the breakup of Yugoslavia and the conflict in the Balkans. As time passed, the scope of EU restrictive measures has spread to:

• Terrorism:
  • EU has been complying with the UN sanctions since 1999.
  • In 2016, the EU adopted resolutions to apply autonomous sanctions for terrorism against ISIL/Da’esh and Al-Qaeda.
  • Since October 2023 EU has also adopted sanctions against Hamas and Palestinian Islamic Jihad (PIJ) and their supporters.
• Nuclear proliferation and Chemical weapons:
  • Since 2018, the EU Council has adopted restrictive measures against the proliferation of nuclear weapons and the use of chemical weapons.
• Human rights violations:
  • On 7 December 2020, the Council adopted the EU Global Human Rights Sanctions Regime
  • This regime sanctions both state and non-state actors, irrespective of where they are located
  • Targets human rights violations such as genocide, crimes against humanity, and other serious violations and abuses of human rights
• Cyberattacks:
  • A new sanction regime was established in 2019 to counter cyberattacks from hackers from countries such as Russia, China, and North Korea. Asset freezes and travel bans.
• Sanctions Against Russia:
  • Introduced in 2014 after Russia annexed Crimea
  • Expanded significantly in 2022 after Russia invaded Ukraine
  • Since 2022, the EU has responded with 18 sanction packages against Russia

• Harmonized Enforcement
  • EU Directive 2024/1226 entered into force on 19 May 2024 and must be transposed into the national legislation of member states by 20 May 2025. The purpose was to harmonize minimum penalties and strengthen enforcement in all EU member states.

Who Imposes and Supervises EU Sanctions?

Any EU member state can propose the idea of sanctions, which will then be adopted as EU Council Decision and Regulations, if agreed upon by the Council.

If a Council Decision includes restrictions like financial sanctions, asset freezes, or other economic measures, it must be accompanied by a Council Regulation.

These Regulations then take direct effect across the EU, without the requirement of any additional legislation by member states for enforcement.

National competent authorities (NCAs) in each EU country enforce compliance, supported by the European Commission (DG FISMA).

“EU Sanctions adopted to implement UNSC Resolutions are open-ended, whereas EU autonomous sanctions are usually limited to 12 months after which the EU Council may decide to amend, suspend, or extend them.”

Who needs to comply with EU Sanctions?

EU sanctions apply to all natural and legal persons within the EU, as well as to any individual or organization conducting transactions that pass through EU jurisdictions or institutions.

Compliance is not limited to financial institutions. It covers:

• Travel Agencies and Airline Companies
• Exporters and importers
• Shipping and logistics firms
• Law firms and consultancies
• Tech providers involved in dual-use or encrypted technologies
• Crypto firms
• Academic Institutions
• NGOs and Charities

Companies that are incorporated outside the EU territory also face the risk of enforcement actions for violating the European Union sanctions list if they route payments through the EU, serve any customers in the EU, or have any subsidiaries in the EU.

How do EU Sanctions now Impact Third-Country Financial Operators?

Before the 18th sanction package against Russia, the EU had maintained this position that EU sanctions do not apply extraterritorially. Even though under Article 8a of Council Regulation (EU) No. 833/2014, EU companies were bound to ensure “best efforts” that their Russian subsidiaries do not engage in activities that weaken the impact of Russian sanctions.

However, things have dramatically changed since the EU’s 18th sanction package in July 2025. The EU has now simplified the criteria to designate banks, financial operators, and crypto providers of third countries (not from the EU or Russia) who circumvent or frustrate EU sanctions against Russia.

“The change introduced under Article 5ad(1a) of Council Regulation 833/2014 can be regarded as a strategic shift in the EU’s sanctions policy.”

The EU has already used Article 5ad to sanction two Chinese banks, Heihe Rural Commercial Bank and Suifenhe Rural Commercial Bank, for facilitating transactions that bypassed EU restrictions on Russia. From August 9, 2025, EU persons and entities are barred from engaging in any transactions with these banks.

What does it mean for non-EU FIs, banks, and crypto firms?

Sanctioning of two Chinese banks is a precedent that financial institutions, even those with no EU presence, may be designated if they assist in activities that circumvent or bypass the EU’s sanctions and prohibitions imposed on Russia.

This change means that banks, financial operators, and crypto firms, even if operating outside the EU jurisdiction, should evaluate their exposure to EU sanctions against Russia and carefully review and update their sanctions compliance programs accordingly.

Challenges in Sanctions Compliance for Financial Institutions

Legal and Reputational Liability

Sanctions violations do not have to be intentional to attract regulatory enforcement. Even non-intentional or systematic gaps can result in severe monetary penalties and damage to your brand.

For example, you’ve been doing business with a sanctioned entity because your screening database didn’t update on time, and this systematic error can result in severe consequences.

Compliance Complexity

The EU Sanction List is growing rapidly and is already extensive. For context of how quickly sanctions are changing, there are around 5400 designations on the EU Sanctions list as of mid-2025, of which 3400+ have been added since 2022.

Financial institutions must track frequent changes, new designations, updated aliases, and shifts in jurisdictional scope. Sanctions lists have to be monitored and implemented in real-time— mere screening at the time of onboarding is not enough. You must review all your existing customers as soon as new sanctions are updated.

Cross-Border Transaction Challenges

Multinational banks usually manage cross-border transactions and are obliged to simultaneously comply with EU, US, UK, and UN sanctions.

Overlapping regimes can result in contradictory obligations, such as the extraterritorial reach of US Sanctions and EU Blocking Statute, where compliance with one violates the other. Such conflicting obligations complicate the compliance workflow and often lead to decisions like debanking and lost business opportunities.

EU Sanctions Enforcement

Sanctions enforcement in the EU is decentralized, meaning national authorities are responsible for conducting investigations and enforcing EU sanctions. According to a report, over 4,500 investigations were conducted and €435 million in penalties were imposed for violations of EU sanctions since 2022. As a consequence of these sanctions, over €28 billion in private assets and €200 billion in Russian central bank assets were frozen in the EU related to Russia sanctions alone.

Operation Oscar

Europol launched Operation Oscar in 2022 to target assets of individuals sanctioned for Russia’s armed attack on Ukraine. The operation was aimed at supporting cross-border financial investigations, asset tracing, and intelligence sharing. Since 2022, 90 separate investigations have been carried out under the umbrella of this operation.

Enforcement Tools That Counter Circumvention Efforts

Third-Country Financial Institutions Listed for Circumvention

The EU has listed two Chinese banks for significantly frustrating the EU’s efforts and supporting Russia’s war of aggression against Ukraine. EU businesses and firms are restricted from dealing with entities designated on EU sanctions lists.

Maritime Evasion and Russian Shadow Fleet

In July 2025, the EU sanctioned 105 ships, bringing the total to 440 in Russia’s so-called “shadow fleet,”. These vessels were being used to bypass the EU’s restrictions on oil price caps. When the EU designates such vessels, EU persons are barred from providing funds or economic resources to those ships.

Financial institutions must identify and report direct or indirect links in trade finance, insurance, and payments, and adjust ongoing screening to include vessel identities and ownership changes. These designations disrupt access to EU finance and logistics and often lead to follow-on investigations.

Pro Tip:
“Screen by IMO and vessel names including former aliases, watch for Automatic Identification System (AIS) gaps and frequent flag/ownership changes, and ensure trade docs, insurers, vessel owners, and managers are screened together rather than in isolation.”

Resources for EU Sanctions List Search

The following resources are available for EU sanctions:

• EU Sanctions Map – Interactive visualisation of all EU restrictive measures.
• EU Consolidated Sanctions List – EU maintains three separate consolidated lists of travel bans, financial sanctions, and designated vessels.
• EU Sanctions Tracker – monitors the latest and active lists of travel bans and asset freezes against companies and individuals.

AML Watcher offers sanctions screening integrated with real-time updates of the sanctions list.

Final Takeaway: Reach, Scope, and Enforcement of the EU Sanctions are Growing

The EU sanctions regime has evolved from a foreign policy instrument to a powerful legal and financial tool. With harmonized enforcement across Europe and increasing extraterritorial scrutiny, compliance is no longer just the concern of banks or large exporters. Businesses operating within or from EU, whether in the financial or non-financial sector, must carefully analyze their exposure to EU sanctions and obligations it puts on them.

How AML Watcher Helps in EU Sanctions Compliance?

EU sanctions compliance is not a one-time exercise—it’s a continuous, real-time obligation. That’s where AML Watcher steps in. Businesses can reduce compliance costs, review times, and loss of potential clients due to delays by integrating AML Watcher’s context-driven screening solutions. AML Watcher helps you to:

• Monitor sanctions in real-time, with database refreshes as low as 15 minutes
• Screen Ultimate Beneficial Owners (UBOs) and uncover links to sanctioned parties
• Reduce false positives by up to 44% using context-driven, structured, and enriched data
• Instantly respond to changes in the EU Consolidated Sanctions List
• Avoid de-banking with a clearly labeled secondary sanctions database
• Structure decision-making in compliance with EU blocking statute and US Secondary Sanctions