EU Sanctions against Ukraine 2026: what companies must do

Key data

Any Spanish company operating with international counterparties must know that as of 14 March 2026 there is a new version of the EU sanctions list linked to the conflict in Ukraine. The Council Decision (CFSP) 2026/696 amends Decision 2014/145/CFSP, which is the European legal framework of reference for restrictive measures against persons and entities that threaten the territorial integrity, sovereignty and independence of Ukraine.

This is not a new regulation: it is an update of a sanctions regime that has been active since 2014. However, each modification may involve new subjects added to the list, updated data for those already included, or adjustments to applicable measures. And operating with any of them, even unknowingly, has serious legal and reputational consequences.

What does this regulation establish?

Decision 2014/145/CFSP establishes a regime of restrictive measures by the European Union against natural and legal persons identified as responsible for actions that undermine or threaten the territorial integrity, sovereignty and independence of Ukraine. The two main measures contemplated by this regime are:

• Asset freezing: the funds and economic resources of designated persons and entities are blocked. No company or entity may make funds or economic resources available to them.
• Travel ban: natural persons included on the list cannot enter or transit through the territory of EU Member States.

The amendment introduced by Council Decision (CFSP) 2026/696 may include any of these actions on the existing list:

• Incorporation of new persons or entities to the list of designees.
• Update of identifying data of persons or entities already included.
• Adjustment of measures applicable to specific subjects already listed.

To know the exact details of the changes introduced, it is essential to consult the full text of the decision on EUR-Lex, as well as the consolidated list of sanctioned persons available in the EU financial sanctions database.

Economic and operational impact

The direct impact for companies is not a fixed regulatory cost, but a risk of legal and reputational exposure that can be very high if compliance is not managed correctly.

The specific consequences of operating with a sanctioned person or entity include:

• Serious legal consequences: penalties for non-compliance with the EU restrictive measures regime may include criminal and administrative liability for the company and its directors.
• Reputational damage: association with persons or entities sanctioned by the EU can generate a severe impact on corporate image, especially in sectors with high public exposure or institutional investors.
• Operational blockade: any transaction in progress with a sanctioned party must be halted immediately, which can generate direct economic losses from interrupted contracts.

The operational cost of updating compliance systems is significantly lower than the potential cost of non-compliance. Companies that already have counterparty screening processes in place must ensure that their databases reflect the consolidated list in force as of 14 March 2026.

Who does it affect?

This regulation directly affects all companies and entities that may have commercial or financial relationships with designated persons or entities. In practice, the sectors with the greatest exposure are:

• Financial operators: banks, credit institutions, fund managers, insurance companies and any entity that processes payments or manages assets with international counterparties.
• Exporters: companies that sell goods or services to markets with the presence of persons or entities linked to the Ukrainian conflict.
• Importers: companies that acquire goods or services from suppliers that may be designated or linked to designees.
• Advisors and consultancies: law firms, business consultancies and financial advisors that provide services to clients who may be on the list.
• Companies with subsidiaries or partners in the region: any business group with presence in Russia, Belarus or territories affected by the conflict must review its corporate structures.

Practical example

A Spanish industrial machinery company has a distributor in a third country with which it has been operating for three years. Following the update of 14 March 2026, that distributor—or one of its majority partners—appears on the EU's consolidated list of sanctioned persons.

If the Spanish company has not updated its counterparty screening system and processes a payment or sends goods to that distributor after 14 March, it is in breach of the EU sanctions regime, even if it does not know it. Responsibility does not disappear due to lack of knowledge.

The correct action is: review the updated list before any transaction, block the transaction if the counterparty is designated, and notify the competent authorities according to the applicable Spanish regulations on the implementation of international sanctions.

What should companies do now?

1. Update the list of sanctioned persons in compliance systems: download the consolidated list in force as of 14 March 2026 and integrate it into counterparty screening processes. The list is available on EUR-Lex and in the EU financial sanctions database.
2. Review current counterparties: verify that no supplier, customer, partner or intermediary with whom an active relationship is maintained appears on the updated list.
3. Review pending transactions: identify payments, shipments or contracts in progress that may involve designated persons or entities and suspend them if necessary.
4. Update internal due diligence procedures: ensure that any new counterparty goes through a verification process against the sanctions list before initiating the commercial or financial relationship.
5. Train the responsible team: compliance, finance and operations personnel must be aware of the update and know how to act if a match with the list is detected.
6. Consult with specialized legal advice if there is doubt about whether a specific counterparty is affected or if operations have already been carried out with potentially designated persons.