EU Sanctions List — a Practical Guide for Businesses

The EU sanctions list — formally known as the EU Consolidated List or EU Consolidated List of Financial Sanctions — is the official register of persons, companies and organisations subject to restrictive measures issued by the European Union. This is not a matter for banks or law firms: the EU regulations underpinning this list apply to every company and every business operator on EU territory — directly, without any additional implementation by national parliaments.¹ If you run a travel agency, let property, sell goods online, or provide insurance services, this list applies to you.

Legal status as of: 2026-05-20.

TL;DR — the five key points

• What it is — the EU Consolidated List (EU Consolidated List / Financial Sanctions Files) is a single file consolidating all European sanctions regimes: Russia, Belarus, Iran, North Korea and more than thirty others. It is maintained by the European Commission through the Directorate-General DG FISMA (Directorate-General for Financial Stability, Financial Services and Capital Markets Union).²
• Legal basis — including Council Regulation (EU) No 269/2014³ and Council Regulation (EU) No 833/2014⁴; EU regulations are directly applicable without transposition.¹
• Where to look — the Financial Sanctions Files (FSD) database at webgate.ec.europa.eu/fsd/fsf (XML/CSV) and the EU Sanctions Map at sanctionsmap.eu.⁵⁶
• How often it is updated — very frequently, in practice after every sanctions package; the list is not a static document — it requires ongoing monitoring.
• The 50% rule — sanctions cover not only entities listed by name, but also companies in which a listed entity holds more than 50% of the shares or exercises control.⁷

What the EU Consolidated List is and who maintains it

The EU Consolidated Sanctions List — officially the EU Consolidated List or Financial Sanctions Files (FSF/FSD) — is a central database containing all entries from all applicable European sanctions regimes in one place. Each sanctions regime (covering Russia, Belarus, Iran, North Korea, and others) has its own regulation with an annex listing specific names of individuals and entities. The consolidated list combines these annexes into a single file, making searches straightforward.

The list is maintained and published by DG FISMA — the Directorate-General for Financial Stability, Financial Services and Capital Markets Union, a body of the European Commission.² DG FISMA is responsible for EU financial sanctions policy and updates the consolidated database whenever a new package or listing change enters into force. Decisions to add or remove entities are, however, taken by the Council of the European Union — the body composed of ministers from the member states — on the basis of regulations and decisions adopted within the framework of the Common Foreign and Security Policy.

An important distinction: DG FISMA is the administrator and publisher of the list, but it is the Council of the EU that makes the law. The practical effect: the consolidated list is published by the Commission, but its content derives from regulations adopted by the Council — and it is the regulations that are legally binding, not the list as a downloadable file in itself.

The legal basis of the EU list

The EU sanctions list does not rest on a single legal basis — it is the product of many regulations, each governing a separate sanctions regime and geographical context. The two regulations that Polish companies should know first are:

Council Regulation (EU) No 269/2014 of 17 March 2014 concerning restrictive measures in respect of actions undermining or threatening the territorial integrity, sovereignty and independence of Ukraine.³ This is a “personal” regulation — its Annex I contains the list of specific natural persons and entities subject to asset freezes and prohibitions on making funds available. It is updated with each successive sanctions package.

Council Regulation (EU) No 833/2014 of 31 July 2014 concerning restrictive measures in view of Russia’s actions destabilising the situation in Ukraine.⁴ This is a “sectoral” regulation — it restricts exports, imports and services in specified sectors, regardless of who is party to the transaction. Sectoral sanctions are not based on a list of names but on commodity codes and categories of services.

For Belarus, the equivalent instrument is Council Regulation (EU) No 765/2006 of 18 May 2006.⁸ There are also a dozen or so other sanctions regimes covering Iran, North Korea, Syria, Mali, Myanmar and others — each based on a separate regulation.

A crucial fact: EU regulations are directly applicable in every member state without the need for transposition by national parliaments.¹ This means Polish companies are subject to these rules from the moment they are published in the Official Journal of the EU — with no additional act of the Sejm, no period of grace for domestic implementation. This is the foundation of the entire system: EU law operates here faster and more broadly than domestic law.

The domestic complement is the Act of 13 April 2022 on Special Arrangements for Countering Support for Aggression against Ukraine and for the Protection of National Security (Journal of Laws 2022, item 835).⁹ This Act does not implement EU regulations — because those require no implementation — but instead creates a parallel national sanctions instrument and sets out Polish penalties for breaching EU restrictive measures (Art. 6(2): a financial penalty of up to PLN 20,000,000, imposed by the Head of KAS — the National Revenue Administration).¹⁰

The consolidated list vs the EU Sanctions Map — the difference

Many people confuse two tools: the consolidated list (Financial Sanctions Files) and the EU Sanctions Map (sanctionsmap.eu). These are two different products serving different purposes.

EU Financial Sanctions Files (FSD)⁵ — this is the actual EU consolidated sanctions list in downloadable file form. Available at webgate.ec.europa.eu/fsd/fsf, maintained by DG FISMA.² It contains the full data of all entities subject to EU sanctions: names and company names, aliases, dates of birth, identification numbers, legal grounds for listing, dates of addition. This file should form the basis of automated screening in your system.

EU Sanctions Map⁶ — this is a reference tool available at sanctionsmap.eu. It allows you to browse which sanctions regimes apply to a given country, click on a map of Europe and the world, and see connections between packages. It is useful when you want to understand the structure of EU sanctions or carry out a one-off check on a specific person without downloading an XML file. It cannot, however, replace systematic screening — it is not a tool for integration with IT systems and does not have advanced fuzzy matching that handles aliases and transliterations.

The difference is therefore fundamental: FSD is raw data for compliance systems, the EU Sanctions Map is an educational and reference interface for people. In practice, if you carry out regular sanction screening, you need FSD (or a tool that downloads FSD automatically). Treat the Sanctions Map as a starting point when you want to learn about a particular sanctions regime.

How to find and search the EU list — step by step

Checking a counterparty against the EU sanctions list is not complicated if you know where to look. Here is how to do it in practice.

Step 1: Choose your data source. You have two options: download the FSD file directly from the DG FISMA server, or use the EU Sanctions Map search tool. For a one-off check you can start with the EU Sanctions Map⁶ — go to sanctionsmap.eu, select the entity search option and enter the name. For regular screening of your customer base, download the XML or CSV file from webgate.ec.europa.eu/fsd/fsf.⁵

Step 2: Download the current version of the file. The FSD file is updated by DG FISMA² whenever the list changes. The date of the update is shown alongside the file. Make sure you are downloading the latest version — a list from a week ago may not include entries added in the most recent sanctions package.

Step 3: Search using the full name. Do not abbreviate. If you are looking for the company “Ромашка ООО”, search both the Latin transliteration (e.g. “Romashka”) and the original version. EU lists contain entries in multiple language versions and different writing systems.⁵

Step 4: Check aliases and previous names. Each entry in the FSD includes an “aliases” field — former names, transliterations, abbreviations. A person may appear as “Ivanov”, “Iwanow” and “Ivanoff” simultaneously. A company may have two names: a Polish and a Russian one. Manually checking all variants is tedious and error-prone — automated tools with fuzzy matching handle this faster and more accurately.

Step 5: Verify identifiers, not just names. A name alone is insufficient. The list contains dates of birth, passport numbers, equivalents of national tax identification numbers in the country of registration, and registered addresses. Whenever you have a positive or ambiguous name match, always compare at least two additional identifiers.

Step 6: Record the date and result of the check. Documentation is your evidence of due diligence. Note down: the date of the check, the version of the list used (e.g. “FSD downloaded 2026-05-20”), the result (no match / possible / confirmed match) and the name of the person who performed the verification. This record will be crucial during any inspection by the Head of KAS.¹¹

How to screen a counterparty against the EU list

Screening a counterparty requires more than typing a name into a search box. Here are the four elements that determine the quality of verification.

Comparing identifiers

Each entry in the EU consolidated list contains a set of identifiers allowing the unambiguous establishment of the entity’s identity: date and place of birth (for natural persons), passport or identity document number, equivalents of national identification numbers (PESEL, NIP), registered address (for companies), and registration number in the national commercial register. Good verification involves comparing at least two of these identifiers against the data you hold on the counterparty — a name alone generates too many false positives with common Russian or Ukrainian surnames.

Aliases and transliterations

Transliteration of Cyrillic into Latin script is not standardised — the same person may be written in dozens of different ways depending on the country that issued their documents. Sanctions lists include an “aliases” field covering known spelling variants, commercial pseudonyms used, and previous names. Manually checking all variants is prone to oversight. A good screening system uses fuzzy matching — an algorithm that tolerates spelling differences and compares the phonetic similarity of names. We show how to break down an individual listing in the article on how to read a sanctions list entry.

The over-50% ownership rule

EU sanctions apply the so-called ownership rule: an entity is subject to restrictive measures if a person or company on the sanctions list holds more than 50% of its shares or exercises control over it in some other way.⁷ This means you must screen not only the counterparty itself but also its ultimate beneficial owners (UBOs). A company registered in Poland may have a Russian owner on the list who holds 60% of the shares — in which case a transaction with that company is prohibited, even if the company itself does not appear on the list under its own name.

Holding structures and multi-tier ownership chains through companies registered in Cyprus, Malta, the UAE or another third country are a standard technique for concealing sanctioned owners. UBO verification goes beyond a simple list check — it requires consulting national commercial registers.

The three-state verification result

Professional screening does not produce a binary YES/NO result. It uses three states:

• MATCH — the counterparty’s data unambiguously corresponds to a listing (at least two identifiers confirmed). The transaction must be halted, funds frozen, and the matter reported to the competent authority.
• POSSIBLE — there is a similarity in the name or some data, but confirmation by identifiers is lacking. Manual verification and a documented decision are required.
• CLEAR — no match found. The transaction may proceed, but the result of the check must be retained in the register.

How often the list is updated

The EU consolidated list is not a static document published once a year. It is updated by DG FISMA² whenever the Council of the EU adopts a new regulation or introduces a change to an existing package — and this happens on a regular basis. Beyond full sanctions packages, there are also targeted decisions adding or removing individual entries.

The practical implication for your business is straightforward: downloading the list once and using it for several months is a compliance error. The list must be updated regularly — as a minimum standard once a week, and for large counterparty bases or high sector-specific risk — more frequently. It is equally important to re-screen existing counterparties after every list update: a person who was CLEAR last week may appear on the list today. We expand on this topic in the article on sanctions list updates.

For businesses that want to automate this process, DG FISMA makes the FSD available in XML and CSV formats.⁵ Downloading and processing the file can be automated — there is no need for manual checking every time.

The EU list vs the Polish MSWiA list and other lists

The EU consolidated list is not the only list a Polish company should take into account. Several other registers apply in parallel, with varying scope and binding force.

The Polish MSWiA list — maintained by the Minister of Internal Affairs and Administration (MSWiA — Ministerstwo Spraw Wewnętrznych i Administracji)¹² under the Act of 13 April 2022 (Journal of Laws 2022, item 835).⁹ This is a national sanctions instrument, independent of the EU list — it allows Poland to act faster than Brussels and to list entities that have not yet appeared on the EU list. The consequences of listing are analogous to the EU list (asset freeze, prohibition on transactions). The list is publicly available at gov.pl/web/mswia/lista-osob-i-podmiotow-objetych-sankcjami.¹²

The UN list (UN Security Council Consolidated List)¹³ — maintained by the UN Security Council Sanctions Committees, available at un.org/securitycouncil/content/un-sc-consolidated-list. The key point for a Polish company is that UN sanctions enter Polish law through EU regulations — the EU implements Security Council resolutions as its own legal acts.¹ By checking the EU consolidated list, you are indirectly also checking the UN list. Separately checking the UN list makes sense mainly for contracts with partners outside the EU.

The OFAC SDN list (USA)¹⁴ — maintained by the U.S. Office of Foreign Assets Control, available at ofac.treasury.gov. Formally it applies to “U.S. persons” — individuals and entities connected to the United States. It indirectly affects a Polish company if it settles transactions in US dollars (USD clearing goes through US banks), has counterparties or beneficial owners from the USA, exports goods with components of American origin, or has a subsidiary in the United States.

The UK OFSI list¹⁵ — maintained by the Office of Financial Sanctions Implementation (OFSI) at HM Treasury, available at gov.uk/government/publications/financial-sanctions-consolidated-list-of-targets. Relevant if your company has any point of contact with the United Kingdom — a branch, British customers, payments in sterling, or contracts with a sanctions clause governed by English law.

A detailed comparison of all four main lists — EU, UN, OFAC and MSWiA — can be found in the article EU, UN, OFAC and MSWiA sanctions lists — a guide. The question of whether your company is actually required to carry out sanction screening is addressed in the article does my company have to carry out sanction screening?.

FAQ — frequently asked questions

What exactly is the EU Consolidated List?

It is a single consolidated database containing entries from all applicable European sanctions regimes. It is maintained by DG FISMA — a Directorate-General of the European Commission — and published in XML and CSV format at webgate.ec.europa.eu/fsd/fsf.⁵ It replaced the need to browse each regulation and its annexes separately — all entries are in one place.

Does the EU sanctions list apply to my company if I am not a bank?

Yes. The EU regulations in which the sanctions list is embedded are directly applicable legal acts in every member state — with no exception for sector, industry or company size.¹ Banks and financial institutions have additional obligations under the AML Act¹⁶, but this does not mean that other companies are exempt from complying with sanctions regulations. An administrative penalty of up to PLN 20 million¹⁰ applies to any entity that breaches the obligations arising from the Act of 13 April 2022.⁹

What is the difference between the EU Consolidated List and the EU Sanctions Map?

The EU Consolidated List (FSD) is a data file — a database to download and integrate with IT systems.⁵ The EU Sanctions Map⁶ is an interactive reference search tool, useful for learning about and carrying out one-off checks. For regular counterparty screening you need FSD, not the Sanctions Map.

How often must I update the EU sanctions list?

At a minimum once a week. The list is updated by DG FISMA² after every change — a sanctions package or a targeted listing — and changes occur regularly. A regular counterparty that was clear last week may appear on the list today. Automatically downloading the current FSD file eliminates the risk of working with outdated data.

What is the 50% rule and how do I apply it?

The ownership rule means that EU sanctions automatically cover entities in which a person or company on the sanctions list holds more than 50% of the shares or exercises control over them.⁷ In practice: if your counterparty has a Russian shareholder on the list who holds 60% of the shares, that company is also subject to sanctions — even if it does not appear on the list under its own name. Verification of the ultimate beneficial owner (UBO) is essential.

What is the difference between the EU list and the Polish MSWiA list?

The EU list applies to all companies in all EU member states and is the product of decisions by the Council of the EU.² The Polish MSWiA list¹² is a national instrument operating in parallel — the minister can list an entity faster than Brussels can reach consensus. Both instruments impose analogous consequences (asset freeze, prohibition on transactions), but Polish companies must check both lists independently. A listing on the MSWiA list may precede a listing on the EU list.

What to do in practice — a step-by-step checklist

1. Establish that the obligation applies to your company. If you operate on EU territory, you are subject to sanctions regulations.¹ There is no exemption for SMEs, for sole traders or for specific non-financial sectors.

2. Download the current EU consolidated list. Go to webgate.ec.europa.eu/fsd/fsf and download the XML or CSV file.⁵ Check the file date — only the latest version counts.

3. Download the current Polish MSWiA list. Go to gov.pl/web/mswia/lista-osob-i-podmiotow-objetych-sankcjami.¹² Download the available file and record the download date.

4. Screen every new counterparty before the first transaction. Check the full name and aliases. Compare two identifiers — date of birth, passport number or tax identification number. Note the result and date.

5. Check the counterparty’s ultimate beneficial owner (UBO). If the entity has shareholders from high-risk countries (Russia, Belarus, Iran, North Korea), verify the ownership structure. The 50% rule means you cannot transact with a counterparty that has an indirect sanctions connection either.⁷

6. Establish a list update cycle. Download a new version of the FSD and the MSWiA list at least once a week. For large customer bases — more frequently. With each update, re-screen existing counterparties.

7. Maintain a screening register. For each check, record: date, version of the list, counterparty details, result (CLEAR / POSSIBLE / MATCH), and the name of the responsible person. The register of hits is your evidence of due diligence in the event of an inspection by the Head of KAS.¹¹

8. Draw up a procedure for when there is a hit. Before you receive a MATCH — establish what you will do: who decides, when you freeze funds, to whom you report the matter (Head of KAS¹¹ or GIIF — the General Inspector of Financial Information¹⁷ — depending on the context). The procedure must be written in advance, not improvised during an incident.

How Sanqto can help

Manually downloading and reviewing the EU list, the Polish MSWiA list and, where applicable, the OFAC list for every transaction is a labour-intensive and error-prone task — particularly when your counterparty base runs to hundreds or thousands of entities. Sanqto automates the entire process: the software runs on-premise, within your company’s infrastructure, so client data never leaves your network. Verification results are returned using the three-state MATCH / POSSIBLE / CLEAR model. Lists are updated automatically — including the EU consolidated list from DG FISMA² and the Polish MSWiA list.¹² The implementation package includes ready-made compliance documents: a sanctions policy, a hits register, a procedural guide and template letters — exactly what you will need during an inspection.

If you operate in industries where the sanction screening obligation is most frequently overlooked, check the pages for your sector: tourism and travel agencies or insurance. A general overview of what a sanctions list is and how the whole system works can be found in the article what is a sanctions list and why it affects your company.

Legal basis

• Council Regulation (EU) No 269/2014 of 17 March 2014 concerning restrictive measures in respect of actions undermining or threatening the territorial integrity, sovereignty and independence of Ukraine — CELEX 32014R0269
• Council Regulation (EU) No 833/2014 of 31 July 2014 concerning restrictive measures in view of Russia’s actions destabilising the situation in Ukraine — CELEX 32014R0833
• Council Regulation (EU) No 765/2006 of 18 May 2006 concerning restrictive measures in respect of Belarus — CELEX 32006R0765
• Directive (EU) 2024/1226 of the European Parliament and of the Council of 24 April 2024 on the definition of criminal offences and penalties for the violation of Union restrictive measures — CELEX 32024L1226
• Act of 13 April 2022 on Special Arrangements for Countering Support for Aggression against Ukraine and for the Protection of National Security (Journal of Laws 2022, item 835) — ISAP
• Act of 1 March 2018 on Counteracting Money Laundering and Financing of Terrorism (Journal of Laws 2018, item 723) — ISAP
• EU Financial Sanctions Database (FSD) — DG FISMA, European Commission — webgate.ec.europa.eu/fsd/fsf
• EU Sanctions Map — sanctionsmap.eu
• Polish sanctions list (MSWiA) — gov.pl/web/mswia/lista-osob-i-podmiotow-objetych-sankcjami
• UN Security Council Consolidated List — un.org/securitycouncil/content/un-sc-consolidated-list
• OFAC Specially Designated Nationals and Blocked Persons List (SDN) — ofac.treasury.gov
• UK OFSI Consolidated List of Financial Sanctions Targets — gov.uk/government/publications/financial-sanctions-consolidated-list-of-targets

Footnotes

Information, not legal advice. This article is for informational and educational purposes only. It does not constitute legal advice. Legal status as of: 20 May 2026. The specific obligations of your company depend on its business profile and require individual assessment — if in doubt, consult a lawyer or compliance adviser.