Sanqto
home blog the eu sanctions list by the numbers (2026): 5,901 people and entities, 41 regimes
Article

The EU Sanctions List by the Numbers (2026): 5,901 People and Entities, 41 Regimes

EU sanctions list: 5,901 people and entities, 41 regimes. The Doğru case, 19 Russia packages, and fines up to PLN 200 million — what this means for your business.

Published: · Sanqto Team · 17 min read
sankcje lista-sankcyjna-ue compliance dyrektywa-2024-1226 polska wizualizacja doğru
Dashboard showing key figures from the EU sanctions list: 5,901 people and entities, 41 regimes, 114 countries (as of 14 May 2026)
The EU sanctions list at a glance — as of 14 May 2026 (source: EU Sanctions Tracker, European Commission).

On 20 May 2025, Hüseyin Doğru — a Berlin resident, German citizen, journalist and father of three — woke up to find his bank accounts frozen and a ban on taking any form of employment. The reason? An entry on the European Union sanctions list. He was not the first Russian, Belarusian, or Syrian to find himself there. He was the first EU citizen, living in the EU, who had become a toxic client for every European business — you cannot sell him a phone, rent him a flat, or invite him for a coffee. How did this happen, and what does it mean for companies operating in Poland?

TL;DR — the essentials in 30 seconds

  • The EU sanctions list, according to the official EU Sanctions Tracker (European Commission), covers 5,901 people and entities — of whom approximately 4,357 are natural persons and 1,542 are organisations (as of 14 May 2026).1
  • Those listed come from 114 countries — this is not only Russians. The list includes nationals of Iran, Syria, Myanmar, Ukraine, and since May 2025, EU citizens living within the EU.1
  • The EU maintains 41 separate sanctions regimes — checking a client against “Russia” alone satisfies perhaps 1/10 of the obligation.1
  • Against Russia, the EU has adopted 19 packages (February 2022 → October 2025); the 20th is under negotiation.2
  • Directive (EU) 2024/1226 harmonised minimum penalties — at least EUR 40 million or 5% of global turnover for a company, and 1–5 years’ imprisonment for a manager.3
  • The Polish draft bill UD96 provides for fines of up to 200 million PLN or 5% of turnover for corporate entities.4
  • The de minimis threshold is EUR 10,000 — most B2B transactions and real-estate deals exceed this limit.3

1. Let’s start with the scale

The European Union sanctions list — technically known as the Consolidated List of Financial Sanctions (EU FSF) — is not a single PDF document. It is a living, daily-updated database of identifiers that every company in the EU is required to check against its clients and counterparties. How to download and search this database in practice is covered in our practical guide to the EU sanctions list.

As of 14 May 2026, it contained 5,901 sanctioned persons and entities — according to the official EU Sanctions Tracker maintained by the European Commission. The proportions are more telling:1

  • 4,357 natural persons — real individuals identified by name,
  • 1,542 organisations and companies — ranging from banks and defence conglomerates to small transport firms,
  • 2 vessels registered as sanctioned units.

Technical note: the raw EU FSF (Consolidated List of Financial Sanctions) dataset distributed by OpenSanctions contains 15,165 records. The difference is not an error — it reflects additional identifiers linked to each entity: 1,915 addresses (offices and residences), aliases, IBANs, wallet identifiers (cryptocurrency), registration numbers, and BIC codes. The relationship graph of “who and through what” is dense, but the actual number of sanctioned persons and companies is around 6,000.

What does this mean in practice? The majority of entries are real, named individuals. Not abstract companies “somewhere in Russia”. Specific people — who may appear in your online shop, travel agency, estate agency, or CRM system.

Chart of entity types on the EU sanctions list: natural persons, organisations, addresses, vessels — proportions of EU FSF entries

This structure has a practical consequence. Checking only company names (as most accounting systems do) will catch fewer than 20% of potential hits. The remaining 80% are natural persons, addresses, and banking identifiers. A complete sanctions screening must cover all of these fields — exactly what a single record contains is explained in our article on how to read an entry on the sanctions list.

2. Is it all Russians?

This is where it gets interesting. True — more than 2,700 people and entities have been added to the list in connection with Russia’s aggression against Ukraine since February 2022.2 But that is far from the whole picture.

EU sanctions cover nationals of 114 countries.1 Including:

  • Iran (~290) — the sanctions regime for human rights and nuclear programme,
  • Syria (~280) — in place for over a decade, targeting the Assad regime,
  • Myanmar (~170) — the military junta,
  • North Korea (~130) — weapons of mass destruction,
  • Ukraine (~125) — these are not war victims, but rather:
    • individuals with dual nationality (UA + RU),
    • collaborators from the occupation administration,
    • judges involved in the deportation of Ukrainian children,
    • persons implicated in the misappropriation of state funds (the 2014 regime, post-Yanukovych),5
  • Moldova (~30) — hybrid regime,
  • EU member states (~a dozen or so) — nationals of Germany, Poland, and the Baltic states.

Chart showing the distribution of nationalities of persons on the EU sanctions list: Russia, Iran, Syria, Myanmar, North Korea, Ukraine, EU member states, and others

The conclusion for any business: a strategy of “I don’t sell to Russians” is no longer sufficient. A client with a Polish passport may be on the list. A client with a Ukrainian passport may be on the list. A client living 200 metres from your office in Berlin, Warsaw, or Wrocław — may be on the list.

In practice, the only sensible strategy is to screen every new client against the current EU FSF list — regardless of their passport, country of residence, or a sales representative’s intuition.

3. The Doğru case — a precedent that changes everything

Hüseyin Doğru. A name worth remembering — regardless of one’s political assessment of his journalism. From a business-compliance standpoint, his case is purely operational in significance.

Infographic on the Doğru case: German citizen, journalist from Berlin, added to the EU sanctions list on 20 May 2025 under the 17th Russia package

What we know about him:67

  1. He is an EU citizen. Born and raised in Germany. German passport.
  2. He lives in the EU. Berlin — capital of the Union’s largest economy.
  3. He works as a journalist. He founded the Red Media platform and the company AFA Medya A.Ş.
  4. He was added to the list under the 17th Russia sanctions package — 20 May 2025.
  5. Without a court verdict. Without a hearing. Without a specific criminal charge.

The official reason given is “systematic dissemination of false information” and “supporting Russia’s destabilising activities” under the EU-RUSDA regime (Council Decision (CFSP) 2024/2643 and subsequent acts).6

Practical consequences — from the perspective of any potential service provider:78

  • bank accounts frozen (Comdirect) — including even EUR 506 in social benefits,
  • ban on accepting employment and conducting business activity,
  • ban on travel within the EU,
  • in March 2026, the accounts of his wife were also frozen — justification: “economic and family ties”,
  • Doğru’s lawyer notes that even a neighbour who brings him bread could theoretically be accused of breaching sanctions.

Imagine Hüseyin Doğru buys a hosting service from you. Or rents a flat through your agency. Or books a ticket at your travel agency. In any of those scenarios, you are breaking EU law — and you face not a civil lawsuit but criminal proceedings under the Polish Act of 13 April 2022 and Council Regulation (EU) No 269/2014.

The Doğru precedent is the first known case in which an EU citizen, living in the EU, was added to the EU FSF list under the anti-Russia regime. From a compliance officer’s perspective, this marks the end of the last “safe assumption” — that a client holding a German, Polish, or French passport requires no screening.

4. It is NOT just Russia — 41 separate regimes

When people say “EU sanctions” they often mean exclusively the packages targeting Russia. That simplification costs businesses significant money in practice. The EU sanctions list comprises 41 separate programmes — each with its own legal basis, its own list of designated persons, and its own set of prohibitions.1

Chart categorising the 41 EU sanctions regimes: sub-Saharan Africa, Middle East, thematic regimes, Balkans, Latin America, Russia and Belarus, Asia, other

A brief overview (author’s categorisation based on OpenSanctions EU FSF):1

  • 9 programmes — sub-Saharan Africa (Sudan, Mali, CAR, Somalia, DRC, Guinea, Guinea-Bissau, Burundi, Zimbabwe),
  • 8 programmes — thematic regimes (terrorism, human rights, chemical weapons, cyber-attacks, ISIL/Al-Qaeda, Hamas and PIJ),
  • 7 programmes — Middle East and North Africa (Syria, Iran, Iraq, Libya, Lebanon, Yemen, Tunisia),
  • 4 programmes — Balkans and Eastern Europe (BiH, Moldova, Turkey, Russia’s hybrid regime),
  • 4 programmes — Latin America (Venezuela, Nicaragua, Haiti, Guatemala),
  • 4 programmes — Russia and Belarus (EU-RUS, EU-RUSDA, EU-BLR, EU-UKR),
  • 3 programmes — Asia (North Korea, Myanmar, Afghanistan),
  • 2 programmes — other (protection against extraterritorial US law, Zimbabwe).

Each of these programmes creates a separate catalogue of designated persons. Client screening requires a cross-cutting comparison — no single filter (e.g. “Russia”) satisfies the obligation. If your procurement team only checks the anti-Russia list, you have a zero-coverage gap across 40 regimes — no client appearing on the Syrian, Iranian, or Myanmar sanctions lists will be caught.

The full browsable list is maintained at EU Sanctions Map — a Council of the EU tool displaying all 41 regimes geographically and thematically.

5. The scale is growing — 19 packages in 4 years

From the first sanctions package (February 2022) to the nineteenth (October 2025), the EU has added more than 2,700 people and entities to the Russian list alone.2 The pace is steady — a new package every 3–4 months.

Chart showing the chronology of 19 EU sanctions packages against Russia from February 2022 to October 2025 — number of new entries per package

Each package brings:

  • new entries — typically 50–200 persons and companies,
  • new sectoral restrictions — such as a ban on transactions in a given industry, or an embargo on specific goods,
  • sometimes an extension of the hybrid regime — the category under which Doğru was listed.

The 20th package is currently under negotiation. Each successive package also increases the risk that a client your company has known for years will suddenly appear on the list — without your knowledge. This is why checking a client once, at the point of signing a contract, is not enough. The lists change literally every week; a business providing recurring services (hosting, leasing, insurance, a travel agency with a loyal customer base) should re-screen its database with every list update. We cover the rhythm of these changes in our article on sanctions list updates.

A detailed chronology of the 20 Russia packages is discussed in a separate article: “What do EU sanctions against Russia mean for businesses?”.

6. What are the consequences if you miss an entry?

Until recently, penalties varied drastically between EU member states. In Germany, they reached up to 10 years’ imprisonment; in Poland — up to PLN 20 million in administrative fines (under the Act of 13 April 2022).9 On 24 April 2024, the EU adopted Directive 2024/1226, which harmonises minimum penalties for sanctions violations across the entire Union.3

Chart showing a company’s financial exposure: minimum fine of EUR 40 million or 5% of global turnover, 1–5 years’ imprisonment for a manager, Polish draft bill: PLN 200 million

  • Upper limit of fines: at least EUR 40 million or 5% of global turnover (whichever is higher).3
  • Exclusion from public procurement, EU funding, and grants.
  • Revocation of licences and permits (e.g. a tour operator licence, a concession).
  • In extreme cases — court-ordered dissolution of the company.

For a manager (natural person)

  • From 1 to 5 years’ imprisonment for an intentional act.
  • Liability also for gross negligence — such as the complete absence of any screening system.3
  • Asset confiscation.
  • Disqualification from serving on company boards.

Polish draft bill UD96 (March 2025)

The draft Act on Restrictive Measures, prepared by the Ministry of Foreign Affairs, provides for:4

  • a maximum penalty of PLN 200 million or 5% of annual turnover for a corporate entity,
  • independent liability of legal persons — a company is liable even without a prior conviction of a specific manager,
  • a monitoring role for the Head of the National Revenue Administration (KAS — Krajowa Administracja Skarbowa) and a role for the Ministry of Foreign Affairs (MSZ — Ministerstwo Spraw Zagranicznych) in proposing designations.

The transposition deadline for Directive 2024/1226 was 20 May 2025. On 24 July 2025, the European Commission launched infringement proceedings against 18 of the 27 member states — including Poland.10 The absence of national legislation does not, however, exempt a company from its obligations: EU regulations (269/2014, 833/2014, 765/2006, and the rest) apply directly, without the need for transposition.

More on the three types of liability (criminal, administrative, civil) — “What are the penalties for breaching sanctions?”.

7. Exactly who must you screen?

The list of entities subject to a screening obligation does not reduce to “banks and payment intermediaries”. Under the literal wording of Council Regulation (EU) No 269/2014 (Article 2):

“It shall be prohibited to make funds or economic resources available, directly or indirectly, to or for the benefit of the natural or legal persons, entities or bodies listed in Annex I, or to persons associated with them.”11

Chart of industries subject to sanctions screening obligations: e-commerce, travel agencies, estate agencies, hosting/SaaS, law firms, export/logistics, banks

“Economic resources” means in practice anything that can be monetised — goods, services, software, access to a platform, rental of property. The obligation therefore applies to each of the following sectors:

  • E-commerce — for sales above the de minimis threshold (EUR 10,000), though in practice most shops apply screening to every B2B transaction,
  • Travel agencies — airline tickets, hotels, package holidays,
  • Estate agencies — long-term rentals and property sales,
  • Hosting, SaaS, IT companies — providing infrastructure, accounts, and domains,
  • Law firms, tax advisers, accountants — particular risk, as they also provide “advisory services” covered by the 10th sanctions package,
  • Insurance — broker, agent, multi-agency: verification of the policyholder, the insured, and the beneficiary,
  • Export, freight, logistics — the classic area of embargoes and dual-use goods.

From the perspective of KAS (National Revenue Administration) and law enforcement, it makes no difference whether you provided the service in good faith. It is sufficient that you failed to take due-diligence measures — i.e. that you did not screen the client. Directive 2024/1226 explicitly introduces criminal liability not only for intentional acts but also for gross negligence.3

In practice, “gross negligence” in 2026 means the absence of a sanctions procedure and the absence of documented client verification.

8. Myths that cost money

Myths circulating in the SME business community — worth dispelling immediately:

MythFact
“Sanctions are a bank obligation”EU regulations apply to every economic operator, regardless of sector or size.11
“Checking a name is enough”The list contains addresses, IBANs, tax numbers, IP addresses, vessels — multi-field screening is required.1
“Only nationals of third countries are sanctioned”The Doğru case proved otherwise — an EU citizen residing in the EU has been on the list since May 2025.6
“Sanctions require a court verdict”No. They are an administrative act of the EU Council, effective from the date of publication in the Official Journal of the EU.
“I have no clients from Russia”A client with a Polish passport may have dual nationality, may be the ultimate beneficial owner (UBO — the person who ultimately controls a company) of a sanctioned entity, or may be listed under their own name.
“Small businesses are safe”The de minimis threshold is EUR 10,000 — most B2B transactions and real-estate deals exceed this amount.3
“Fines are symbolic”At least EUR 40 million or 5% of turnover — with no upper ceiling. In Poland, draft bill UD96: up to PLN 200 million.34

9. What to do this week

A short action list for a business owner or the person responsible for compliance:

  1. Designate someone responsible for sanctions screening. In an SME, this does not need to be a full-time compliance officer — a member of the management board or the legal team with a clearly defined, written scope of responsibilities will suffice.

  2. Choose a screening tool:

    • manual checking via EU Sanctions Map or the EU consolidated list — feasible only for a handful of clients per month,
    • commercial SaaS or on-premise systems (e.g. Sanqto, Refinitiv World-Check, Dow Jones Risk Center),
    • built-in integrations in CRM/ERP — increasingly available natively.

  3. Introduce a simplified KYC (Know Your Customer — client verification) procedure for new clients: name, date of birth, country of residence, IBAN / company registration number.

  4. Re-screen existing clients. Lists change every week; a client who was safe in 2024 may be sanctioned in 2026 — for example following an entry in the 17th or 19th Russia package.

  5. Document everything. In the event of proceedings by KAS (National Revenue Administration), your only defence will be documentation: “I screened client X on date Y, result: no hit, tool Z, list snapshot from date ABC”.

  6. Consult a lawyer — particularly if you run a travel agency, estate agency, hosting business, export operation outside the EU, or provide advisory services (law firm, accounting office, tax adviser).

10. Conclusions

EU sanctions in 2026 are not an abstract geopolitical topic. They are an operational risk for every business, regardless of sector or size. The Hüseyin Doğru case has shown that the concept of a “sanctioned person” now extends to EU citizens living within the EU — in other words, to clients you may encounter in everyday life.

The penalties are not theoretical. Infringement proceedings launched by the European Commission against 18 EU member states show that Brussels is treating this with deadly seriousness. The Polish draft Act on Restrictive Measures, once enacted, will introduce fines of up to PLN 200 million per breach.

The question is no longer “does my business need to screen clients”. It is: “how long before an oversight costs me 5% of my turnover”.

How Sanqto can help

If your business does not yet have a procedure for verifying clients against the EU sanctions lists, you are carrying real risk. Sanqto is a Polish sanctions-screening product designed for companies outside the financial sector: installed within your own network (on-premise, data never leaves your infrastructure), compliant with GDPR and Polish law, with a sub-30ms response time and a three-state decision model (MATCH / POSSIBLE / CLEAR).

Included in the package are implementation documents — a sanctions policy, a role-specific instruction, a hits register, and a risk-assessment template — as well as training and certification for your compliance officer.

See how it works at sanqto.com.

Statistical data (snapshot 14 May 2026)

Policy and sanctions packages

The Hüseyin Doğru case

Basis for the prohibition on making funds available

Further reading — bibliography

Information, not legal advice. This article is informational and educational in nature. It does not constitute legal advice. Legal status as of: 19 May 2026. Statistical data are drawn from the OpenSanctions EU FSF snapshot of 14 May 2026 — sanctions lists are updated continuously, and actual figures may differ by the time you read this. Your company’s specific obligations depend on your business profile and require individual assessment — if in doubt, consult a lawyer or compliance adviser.

  1. EU Sanctions Tracker (European Commission / Publications Office of the EU): https://data.europa.eu/apps/eusanctionstracker/ — figures for persons and entities (5,901; 4,357 natural persons; 1,542 organisations). The raw EU FSF (EU Financial Sanctions Files) dataset with auxiliary identifiers (addresses, IBANs, aliases, vessels — 15,165 records in total) is distributed by OpenSanctions, snapshot 2026-05-14: https://www.opensanctions.org/datasets/eu_fsf/ ↩︎ ↩︎ ↩︎ ↩︎ ↩︎ ↩︎ ↩︎ ↩︎

  2. Council of the EU — Timeline: EU sanctions against Russia following the invasion of Ukraine: https://www.consilium.europa.eu/en/policies/sanctions-against-russia/timeline-sanctions-against-russia/ ↩︎ ↩︎ ↩︎

  3. Directive (EU) 2024/1226 of the European Parliament and of the Council of 24 April 2024 on the definition of criminal offences and penalties for the violation of Union restrictive measures — full text on EUR-Lex: https://eur-lex.europa.eu/eli/dir/2024/1226/oj/eng ↩︎ ↩︎ ↩︎ ↩︎ ↩︎ ↩︎ ↩︎ ↩︎

  4. Squire Patton Boggs — analysis of the Polish draft bill (Act on Restrictive Measures, UD96, March 2025): https://www.squirepattonboggs.com/insights/publications/poland-introduces-draft-law-on-restrictive-measures-to-expand-sanctions-framework-and-align-with-eu-enforcement-directive/ ↩︎ ↩︎ ↩︎

  5. OpenSanctions — Recent additions, EU Consolidated Travel Bans dataset (entries from the EU-RUSDA regime, February 2025): https://www.opensanctions.org/datasets/eu_travel_bans/ ↩︎

  6. Wikipedia — Hüseyin Doğru: https://en.wikipedia.org/wiki/H%C3%BCseyin_Do%C4%9Fru ↩︎ ↩︎ ↩︎

  7. Bianet (April 2026) — EU strips journalist Hüseyin Doğru of livelihood over pro-Palestine reporting: https://bianet.org/haber/eu-strips-journalist-huseyin-dogru-of-livelihood-over-pro-palestine-reporting-318266 ↩︎ ↩︎

  8. Matthias Monroy (March 2026) — German journalists’ union applauds financial repression against Hüseyin Doğru; customs now extends them to his family: https://digit.site36.net/2026/03/30/german-journalists-union-applauds-financial-repression-against-huseyin-dogru-customs-now-extends-them-to-his-family/ ↩︎

  9. Act of 13 April 2022 on special solutions in the field of counteracting support for aggression against Ukraine and serving the protection of national security (Articles 6 and 7 — administrative fine of up to PLN 20 million). Text in ISAP (Polish legislative database): https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20220000835 ↩︎

  10. National Law Review (July 2025) — Lost in transposition: Commission targets 18 Member States over sanctions enforcement directive: https://natlawreview.com/article/lost-transposition-commission-targets-18-member-states-over-sanctions-enforcement ↩︎

  11. Council Regulation (EU) No 269/2014 of 17 March 2014 concerning restrictive measures in respect of actions undermining or threatening the territorial integrity, sovereignty and independence of Ukraine (Article 2): https://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX:32014R0269 ↩︎ ↩︎

All articles See demo