I’ve been closely tracking the EU’s sanctions activity over the summer, and it’s been one of the most active periods I’ve observed in recent memory. Between July and August alone, eight separate regulations were issued - spanning everything from hybrid warfare and civil conflict to sanctions against organised crime groups. Each update forms part of a broader narrative: one where global risk is becoming more diffuse, and the EU is increasingly using financial levers as instruments of stability and influence.
From where I sit, working with financial institutions and compliance teams every day, these updates aren’t just basic housekeeping. They are policy signals, and in some cases, early indicators of where geopolitical tensions are arising. In this article, I’ll discuss the EU sanctions events of the past few months, explore what they tell us about the changing nature of global risk, and reflect on what financial institutions should be doing in response.
South Sudan: When Words Become Weapons
EU 2025/1347, July 8th
The EU reaffirmed sanctions against Michael Makuei Lueth, South Sudan's Information Minister, following their periodic review. What's interesting here is not just that he stayed on the list, it’s why he stayed on the list.
Makuei's been blocking peace processes through inflammatory rhetoric and suppressing free speech. His public defence of politically motivated arrests earlier this year further reinforced concerns. The EU's message is clear: obstruction doesn't have to involve guns to warrant sanctions.
The case highlights something we're seeing more of: sanctions targeting information warfare and democratic interference, not just traditional military threat.
Takeaway: Even if Makuei himself isn’t banking in Europe, the listing still applies to any entities he controls or benefits from. It’s worth checking for any indirect exposure to Makuei through business relationships or investments.
Russia's Information War Gets Expensive
EU 2025/1444, July 15th
This one's significant. The EU added 9 individuals and 6 entities tied to Russia's hybrid warfare operations: disinformation campaigns, electronic warfare, GPS jamming, and beyond. The targets include state broadcaster RTRS, GRU cyber operators, and the infamous 841st Electronic Warfare Centre.
What caught my attention is how specific these designations are. The level of precision in these entries certainly indicates the EU’s attention to Russia’s hybrid warfare playbook. The entities have undermined political instability in different ways: RTRS replaced legitimate Ukrainian media with Kremlin propaganda, GRU jammed GPS signals to disrupt aviation, and 841st Electronic Wargare Centre spread conspiracy theories blaming Western forces for atrocities.
The connection to Prigozhin and Aleksandr Dugin networks shows how the EU is mapping these influence operations with granular detail. The focus is not solely on military support anymore; it’s about the entire information ecosystem supporting the war effort.
Takeaway: Banks need to watch for shell companies or affiliates connected to these entities. Media infrastructure, tech supply chains, digital services, particularly in high-risk regions, all require enhanced scrutiny as a result of these sanctions.
Sudan: Following the Money Trail
EU 2025/1480, July 18th
As Sudan's civil war intensifies, the EU targeted key financial enablers on both sides. Two commanders got listed, Abu Aqla Mohamed Ahmed Kaikal (RSF-linked) and Hussein Barsham (RSF field commander), along with two companies: Alkhaleej Bank and Red Rock Mining.
The corporate targets are particularly telling. Alkhaleej Bank is identified as a key RSF financier, while Red Rock Mining has ties to the SAF's military-industrial complex. The EU is essentially saying: we don't care which side you're on, if you're profiting from violence while civilians suffer, you're a target.
This shift toward financial accountability in these conflict areas mirrors what I see more broadly in sanctions policy: the standard expectation of naming the individuals directly responsible for the violence has evolved. The EU, more and more, is equally prioritising its efforts toward choking off the supply lines that enable these conflicts.
Takeaway: Institutions with past or present ties to these entities need immediate review. Trade finance involving Sudan, particularly gold exporting, requires extra attention given Red Rock Mining’s listing.
Russia Package 18: Closing the Gaps
EU 2025/1494, July 18th
The 18th Russia sanctions package focused on circumvention, plugging holes that have allowed continued trade despite existing restrictions. Key changes include:
26 new companies (some outside Russia) banned from receiving EU exports
Expanded controls on CNC tools and industrial chemicals
New anti-circumvention rules letting Member States halt suspicious third-country exports
Complete end to Czechia's pipeline oil exemption
Ban on refined products made from Russian crude, regardless of where they're processed
What stands out to me is the breadth of the package. Unlike previous sanctions, this one acknowledges that the problem extends beyond Russia’s border.
The anti-circumvention mechanism is particularly clever. It gives Member States power to stop exports to third countries if they suspect Russia is the final destination. That's going to make trade routing much more complicated for anyone trying to evade sanctions.
Form a practical viewpoint, this introduces a massive compliance burden for exporters and logistics firms, especially those dealing with distributors or intermediaries in Asia or the Middle East. The ‘reasonable suspicion’ clause could trigger over-cautious behaviour or delays across entire supply chains.
Takeaway: Companies in tech, energy, and machinery sectors need to revisit their entire risk assessment framework. The new rules require much better documentation to prove non-Russian origin for oil products.
We’re entering an era in which sanctions are not just simply about list screening – it’s shifting toward behavioural and transactional analysis as well. This shift will drive new demand for data providers, AI-based compliance technology, and tighter internal governance protocols.
Iran: Technical Precision, Same Policy
EU 2025/1559, July 25th
Standard administrative update here. One person removed (likely the IRGC general killed in that Israeli airstrike), 45 entries updated with new aliases and passport numbers. Nothing groundbreaking, but it demonstrates the EU's commitment to keeping records current.
This update might seem relatively mundane, but to me this shows how seriously the EU takes data hygiene in sanctions. You cannot enforce what you cannot accurately identify.
The broader Iran sanctions framework remains unchanged, which tells you everything about where nuclear negotiations and regional tensions stand. The lack of policy movement signals how frozen the diplomatic channels with Iran still remain. Sanctions are no longer a negotiation lever; they’ve become the baseline.
Takeaway: These technical updates matter more than they might seem. New aliases can trigger alerts that didn't exist before, so watchlist updates are essential for maintaining compliance accuracy. From a compliance angle, I think updates like these are underrated. They don’t grab headlines, but they can certainly trip up unprepared teams.
Terrorism: Routine Maintenance
EU 2025/1578, July 29th
One individual removed (deceased), everyone else stays on the list.
This update quietly confirms that EU continues to treat terrorism as a long-term threat and not just something that comes up occasionally. This is standard list maintenance, but it reinforces that the EU's counter-terrorism framework remains fully operational.
The fact that only one person came off while 35+ entries remain shows the persistent nature of terrorism-related risks. These lists don't shrink much over time.
In fact, the enduring length of these lists tells its own story. The threat landscape may evolve, but these legacy risks remain firmly embedded in the system.
Haiti: When Street Gangs Become Geopolitical Threats
EU 2025/1576, July 29th
This update stands out in particular. The EU sanctioned two Haitian gang networks: Gran Grif and Viv Ansanm (the "G9 Family and Allies").
Gran Grif, under Luckson Elan's leadership, has been responsible for massacres, systematic r***, and targeted killings. Viv Ansanm, led by Jimmy "Barbecue" Chérizier, launched coordinated attacks on prisons, airports, and government buildings, essentially paralyzing the Haitian state.
What makes this remarkable is that the EU is applying the same sanctions framework typically used against terrorist organizations to street gangs. These groups have become so powerful they're threatening state stability, so they're getting the state-level response to equate. Gang violence in this instance is not just a domestic issue; it warrants global attention.
Takeaway: These groups may not have obvious European banking relationships, but money moves in unexpected ways. Remittance channels, shell companies, and diaspora networks are all potential vectors that require monitoring.
Iraq: Still Updating After All These Years
EU 2025/1751, August 12th
This update was a simple alias addition for Bashar Sabawi Ibrahim Hasan Al-Tikriti, adding "Bashar Al-Nasiri" to his entry. He's connected to Saddam's regime through family ties and has been supporting insurgent activities since 2003.
Sanctions enforcement has become more systematic and persistent over time. This record is a clear example: over 20 years old, and yet still the EU is still choosing to refine its identification parameters.
Reflected in this listing is an important truth: precision in sanctions enforcement isn’t static. Even legacy entries require active oversight to remain compliant with evolving compliance standards.
Takeaway: Even small changes like alias additions can prevent screening mishaps, so database updates are non-negotiable.
The Bigger Picture: Sanctions Are Evolving
Looking across these eight regulations, several trends become clear:
1. Expanded scope: We're seeing sanctions applied to information warfare, street gangs, and hybrid threats, not just traditional state actors and terrorists.
2. Following the money trail: The emphasis on banks, mining companies, and financial enablers shows recognition that following the money is often more effective than targeting individuals alone.
3. Anti-circumvention: New mechanisms to prevent sanctions evasion through third countries or shell companies are getting more sophisticated.
4. Administrative precision: Regular updates to aliases, identifiers, and corporate details reflect a more systematic approach to enforcement. Credit where credit is due. Looking through the July and August updates, one observation is clear: the EU is expanding the role of sanctions. It’s not just about wars anymore, it’s about tackling instability in all its forms. Street gangs in Haiti are now on par with state-backed threats, Russian propaganda efforts are being sanctioned just like oil exports, and those funding violence in Sudan are facing consequences on both sides of the conflict.
So what should compliance professionals take away from this?
Shift from reactive to proactive screening: Waiting for official list updates isn’t enough. Teams should actively monitor geopolitical developments and pre-emptively review exposure to high-risk jurisdictions, sectors, or networks (e.g. Russian energy supply chains, Sudanese gold, Haitian remittances).
Review risk models for emerging categories: Most screening configurations are designed around traditional threats - terrorists, drug traffickers, sanctioned officials. With sanctions now targeting cyber units, media channels, and gang networks, rulebooks may need updating.
Cross-functional collaboration is key: Trade finance, sanctions, onboarding, investigations - all these departments need better alignment. With circumvention risks rising, internal data-sharing on suspicious routing, shell companies, and third-country intermediaries is crucial.
Prioritise screening agility, not just volume: Screening millions of names a day means little if your system can’t detect alias changes, false positives, or nested control structures. It’s time to evaluate if your tools are built to adapt.
Challenge the assumption of low-risk sectors: The Haiti sanctions show how even seemingly “non-financial” domains (like street crime) can cross into financial crime territory. Compliance frameworks should reflect that the scope of risk is expanding.
The EU isn't just throwing sanctions around randomly; they're building a comprehensive financial defence system that spans across the world, targeting a wide range of conflict types. Now financial institutions need an equally comprehensive compliance response. This summer’s updates are a shift in posture. One that’s redefining the role of sanctions in global stability.
