The EU 19th Sanction Package Explained: What Companies Need to Know and How to Prepare

The EU’s 19th Sanction Package introduces stricter measures targeting Russia’s access to technology, financial flows, transport capabilities, and sanctions circumvention channels. Companies operating in or near high-risk trade flows must strengthen screening, enhance supplier due diligence, and adopt real-time monitoring that captures indirect exposure. This article explains the key components of the package, outlines who is affected, and provides practical preparation steps for SaaS providers, fintechs, and cross-border businesses.

{{snippets-guide}}

What is the EU 19th Sanction Package?

The EU adopted the 19th Sanction Package against Russia in early 2025 and passed in October 2025 as part of its wider strategy to restrict support for Russia’s military capabilities and reduce the country’s ability to access sensitive technologies. This package builds on earlier measures and expands the scope of restrictions in several critical areas such as dual-use goods, industrial machinery, aviation components, financial services, and sanctions circumvention controls. 

According to the European Commission, these measures are designed to reduce Russia’s access to materials and infrastructure that directly or indirectly sustain its military operations in Ukraine. The package also introduces new listings of individuals and entities involved in procurement networks, logistics chains, and financial structures that enable sanctions evasion.

Key Measures Introduced in the 19th Package

Expanded Export Restrictions

A major component of the 19th package is a significant extension of export bans. The EU added new categories of dual-use and high-priority items, including electronic components, industrial sensors, specialized chemicals, precision machine parts, and manufacturing tools that have been identified in Russian weapons systems. For example, the European Commission has published multiple technical assessments showing that EU-origin chips and semiconductors have been recovered from Russian drones and missile fragments.

For companies in technology, engineering, chemicals, logistics, and electronics manufacturing, this means a need for deeper scrutiny of product classifications. Businesses should review CN codes and HS codes closely and verify whether newly listed items apply to their products. Even SaaS businesses may be impacted if their software is used in engineering design, production automation, or analytics for high-risk industries.

Stricter Financial and Banking Controls

The financial provisions in the package focus on limiting Russia’s access to financial infrastructure and professional support services. The EU has widened the prohibition on offering financial, accounting, auditing, and trust-related services to Russian entities connected to the defence sector. For fintechs and banks, this increases the need for enhanced due diligence and refined transaction monitoring.

Regulators expect firms to identify suspicious patterns linked to high-risk correspondent banks, intermediaries with sudden spikes in trade value, or payments tied to jurisdictions known for sanctions evasion. FATF reports indicate that several of these jurisdictions have become transit hubs for restricted goods. As a result, financial institutions must integrate new risk indicators into their AML and sanctions programs and improve real-time monitoring to detect indirect exposure.

Circumvention Prevention Measures

Circumvention remains one of the EU’s biggest concerns. The 19th package includes enhanced due-diligence requirements for prohibiting the re-export of goods to Russia through third countries. Since 2022, Eurostat data has shown that exports of EU-origin goods to countries such as Türkiye, Kazakhstan, Armenia, and the UAE have increased sharply, often matching categories restricted for Russia.

The EU is targeting this by requiring companies to obtain clearer end-use statements, proof of customer identity, and documentation showing that goods will not be resold to Russia. Exporters are expected to verify supply chain integrity, assess routing patterns, and monitor for red flags such as inconsistent shipping documentation or the use of intermediaries with limited business histories. Companies must also conduct more regular audits of distributors in high-risk jurisdictions.

Aviation, Transport, and Shipping Restrictions

The 19th package also expands restrictions on aviation and maritime industries. The EU has added new prohibitions covering aircraft parts, jet fuels, and maintenance services used in civil or military aviation. It also expanded its shipping restrictions to vessels suspected of participating in illicit ship-to-ship transfers or operating within the so-called “shadow fleet”, which supports oil and goods transportation that helps Russia generate revenue.

‍

Compliance teams in logistics, shipping, or aviation services need to ensure that no support is provided to blacklisted vessels and that partners are screened thoroughly. The European Maritime Safety Agency has created a working group to focus on AIS signal manipulation and fraudulent ownership structures.

New Listings of Individuals and Entities

The EU has added dozens of individuals and entities linked to logistics companies, defence suppliers, trading houses, financial intermediaries, and technology manufacturers. Some operate outside Russia, including in the Middle East and Central Asia, which means companies must strengthen screening of beneficial ownership and subsidiaries.

Compliance tools must be updated to reflect fresh listings, including complex ownership structures that may involve shell companies or trusts. Companies should enhance their rulesets for matching indirect exposure such as majority ownership, minority stakes with control rights, or shared directorships.

{{snippets-case}}

Who is Most Affected?

Fintech and Financial Institutions 

Fintech companies, banks, and payment processors face increased regulatory expectations around customer screening, transaction monitoring, and correspondent banking relationships. The 19th package creates greater pressure to detect trade-based money laundering, false invoicing schemes, and routing of payments through high-risk third countries. Financial institutions need to ensure that risk indicators are updated to capture shifts in sanctions evasion tactics.

Regulators expect institutions to demonstrate real-time monitoring, stronger case management, and a reduction in false positives without compromising risk coverage. For compliance teams, the challenge involves balancing business agility with strict oversight, especially as fintech products expand into new markets.

SaaS, Cloud, and Technology Providers 

SaaS businesses are affected through export controls, supply chain verification, and data handling obligations. Software used in engineering, industrial production, analytics, or cloud services may fall under new licensing requirements if used by restricted entities.

Compliance officers must ensure compliance frameworks account for the possibility that software or infrastructure could be indirectly supporting sanctioned industries. SaaS businesses must confirm that Russian clients, subsidiaries, and users in connected markets are not accessing restricted features or data. Vendor risk management becomes even more important, especially when cloud infrastructure is shared across regions.

How Companies Can Prepare for the 19th Package

Strengthen Supply Chain and Distributor Due Diligence

Companies must reinforce their documentation processes by verifying end-use certificates, customer declarations, and origin-destination records. Distributors in high-risk regions should be assessed more frequently, especially if they handle products listed in the new export control categories.

Red flags include: unusual payment routing; inconsistent business information; sudden increases in order volumes; or the use of freight routes associated with circumvention hubs. Companies should maintain detailed due-diligence archives for regulator audits.

Enhance Transaction Monitoring and Risk Scoring

Financial institutions and payment processors should update their AML rulesets to reflect new typologies such as indirect Russian exposure, third-country diversion, and product-based sanctions. Companies should integrate sanctions and AML workflows so screening results influence transaction risk scoring.

Real-time monitoring allows compliance teams to detect anomalies early. For fintechs that operate cross-border, the ability to trace trade flows, identify behavioural changes, and detect suspicious routing is essential.

Internal Controls, Recordkeeping, and Staff Training

Policies and procedures must be updated to reflect the 19th package. Staff training should include practical case examples, risk indicators for circumvention, and guidance on handling complex ownership structures. Internal controls must incorporate a sanctions risk assessment that is revisited regularly.

Accurate recordkeeping is needed for regulatory inquiries or audits. Companies should maintain logs of decisions, screening results, and escalation processes.

Use Technology to Automate Compliance

Automation helps reduce manual workload and increases accuracy across compliance processes. Tools that support sanctions screening, AML monitoring, adverse media scanning, and case management can improve regulatory alignment.

SaaS organisations benefit from automated audit trails and data governance features, while fintech teams gain real-time visibility into customer and transaction risk. Together, these tools help ensure organisations stay ahead of EU regulatory changes while keeping compliance scalable and cost efficient.

Conclusion

The EU’s 19th Sanction Package significantly increases expectations around export compliance, financial controls, and sanctions circumvention prevention. Companies must update screening systems, enhance their supply chain due diligence, refine transaction monitoring, and invest in automation that supports regulatory readiness. 

Businesses that adapt early will be better positioned to avoid penalties, maintain customer trust, and expand safely across borders while meeting evolving EU requirements.

sanctions.io is a highly reliable and cost-effective solution for real-time screening. AI-powered and with an enterprise-grade API with 99.99% uptime are reasons why customers globally trust us with their compliance efforts and sanctions screening needs.

To learn more about how our sanctions, PEP, and criminal watchlist screening service can support your organisation's compliance program: Book a free Discovery Call.

We also encourage you to take advantage of our free 7-day trial to get started with your sanctions and AML screening (no credit card is required).

‍