EU adopts its 12th package of Sanctions against Russia: Here’s what you need to know

The European Union (EU) recently adopted its 12th package of sanctions against Russia, marking a significant development in response to Russia’s invasion of Ukraine. For companies and businesses operating in the EU, understanding the implications of these sanctions is crucial for maintaining compliance. What’s new in this package, and what does your business need to do to comply? Below are the key elements of the sanctions and some insights on what businesses need to know to comply with these new stricter measures.

Additional Listings:

The 12th package includes over 140 additional individuals and entities subject to asset freezes. This encompasses actors in the Russian military, defence, IT sector, and other economic sectors. The measures also target those responsible for recent illegal elections in occupied territories and the forced re-education of Ukrainian children. Businesses will have to take care to carefully screen their business partners and clients against these updated lists to avoid inadvertently dealing with sanctioned entities.

Trade Measures:

A major aspect of the sanctions involves import and export bans on various goods. Notably, there is an import ban on Russian diamonds, with a phased approach extending to lab-grown diamonds, jewellery, and watches. Additionally there are new export controls on dual-use and advanced technological goods, as well as bans on specific industrial goods, such as machinery and parts, processed steel, copper and aluminium goods, lasers and batteries. These controls and bans aim to weaken Russia’s military capabilities and industrial sector. 

To ensure compliance, businesses in affected industries will have to ratchet up their due diligence procedures in order to ensure that they have established the true ownership of any entity they’re doing business with.

Stricter Asset Freeze Obligations:

The 12th package introduces new asset freeze criteria, including those benefiting from forced ownership transfer of Russian subsidiaries of EU companies. Again, businesses must make sure to implement robust due diligence processes to prevent unintentional dealings with individuals or entities subject to asset freezes. Tighter obligations for member states to trace assets proactively underscore the importance of thorough compliance efforts.

Energy Measures:

Tightening the international G7+ oil price cap is a significant move to impede Russia’s ability to sustain its war efforts, requiring businesses to carry out enhanced monitoring of tanker sales and pay close attention to the detailed attestation requirements. Additionally, the new import ban on liquefied petroleum gas (LPG), which affects annual imports worth over €1 billion, further impacts Russia’s energy sector. As opposed to the previous two measures, which almost exclusively affected only businesses, the new ban on gas could likely directly impact households, as it could create a wide-scale gas shortage across the continent.

Stronger Anti-Circumvention Measures:

The sanctions include measures to broaden the scope of transit prohibitions and obligate operators to contractually prohibit the re-export of certain sensitive goods to Russia, including a new measure requiring the notification of fund transfers out of the EU from EU entities directly or indirectly owned by more than 40% by Russians or entities established in Russia. This is a departure from the usual “50% rule” and implementing the stricter measure will be a challenge for obliged entities, especially as it came into force during the holiday season when many professionals are away. The challenge will be further compounded by the fact that many data vendors don’t provide ownership information below the standard 50%, and don’t provide information about the owners’ nationality or place of establishment.

Additional Measures:

There are various additional measures, including derogations for specific cases and technical amendments, that highlight the EU’s firm support of Ukraine, its economy and its people, including its armed forces and future reconstruction. 

As the EU continues to strengthen its response to Russia’s aggression, businesses must stay vigilant and adapt to evolving sanctions. The EU’s sanctions on Russia are a crucial part of its response to Russia’s unjustified invasion and continued war on Ukraine, as they reduce Russia’s military and technological capability, cut the country off from most global markets, deprive the Kremlin from the revenues it needs to keep financing the war, and impose increasingly high costs of Russia’s economy. The sanctions aim to contribute towards an end to the conflict and towards establishing a just and lasting peace. Staying informed, conducting thorough due diligence, and proactively adjusting business practices will be essential for companies to weather the impact of these sanctions and maintain their compliance within the EU regulatory framework. Compliance will also enable businesses to work alongside the EU to eventually erode Russia’s abilities to continue the war.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.