The European Union has continued to refine its approach to sanctions compliance by publishing new guidance on the critical issues of “ownership” and “control” through its Sanctions Helpdesk platform. The guidance—released in late August 2025—offers much-needed clarity on how companies operating within the Union should identify, evaluate, and manage the risks posed by indirect links to sanctioned parties. In particular, the document provides detailed direction on the criteria that trigger the application of restrictive measures to non-listed entities and stresses the importance of enhanced diligence where there is a credible risk that an ostensibly legitimate counterparty may, in fact, be subject to the influence of a sanctioned person or entity.

At the heart of the guidance is the recognition that ownership and control analysis extends well beyond the formal designation of individuals or legal persons on EU sanctions lists. An entity may be legally separate and not appear on any published annexes, but still fall within the scope of asset-freezing obligations if it is owned or controlled, directly or indirectly, by a listed person. The EU reiterates that “ownership” typically refers to holding 50 percent or more of proprietary rights or shares, while “control” may exist in a much broader range of circumstances—including the ability to appoint management, exert decisive influence through shareholder agreements, or otherwise dictate the economic and operational direction of the enterprise. Companies that fail to appreciate the breadth of these concepts run the risk of facilitating prohibited transactions under EU law, even where the counterparty itself is not specifically named in sanctions legislation.

The guidance further emphasizes the need for EU companies to implement robust due diligence processes designed to test the integrity of their counterparties’ ownership and governance structures. The Commission encourages the collection of reliable documentation that verifies shareholding patterns, as well as inquiries into potential “red flags” such as opaque offshore arrangements, unexplained changes in beneficial ownership, or evidence of undue influence exercised by listed persons. Where ambiguities remain, the expectation is that companies will seek additional clarifications and, where necessary, approach their respective national competent authorities to resolve outstanding concerns. In this way, the EU underscores that compliance is not merely a box-ticking exercise but a proactive obligation to detect and mitigate risk.

Importantly, the guidance seeks to strike a balance between vigilance and practicality. The Commission makes clear that companies are not expected to approach every new counterparty from a position of suspicion. Most business partners will be precisely who and what they represent themselves to be. Rather, the objective is to identify and focus investigative resources on those transactions or relationships that exhibit higher-risk characteristics. By calibrating compliance efforts in this manner, companies can ensure that their controls are both risk-based and proportionate, without unduly impeding legitimate commerce.

The issuance of this guidance is especially significant in light of recent enforcement activity highlighting the use of complex corporate structures to evade EU restrictive measures. By providing a consolidated explanation of ownership and control principles, the Sanctions Helpdesk has given EU companies—particularly small and medium-sized enterprises without dedicated compliance departments—a truly practical resource for avoiding inadvertent breaches. At the same time, the guidance sends a strong message that ignorance of indirect ties to sanctioned parties will not serve as a defense where companies have failed to exercise reasonable diligence.

In sum, the European Union’s publication reinforces the centrality of ownership and control analysis to sanctions compliance. By articulating how these concepts are to be applied in practice, and by offering practical steps for rebutting presumptions of control through the establishment of effective firewalls, the Commission has advanced both legal clarity and operational guidance. For compliance officers, the message is clear: understanding who ultimately owns or controls your counterparties is not optional but a fundamental component of lawful business within the territory of the EU.