The US sanctions regime continues to evolve in line with US foreign policy and national security priorities, including a “maximum pressure” campaign on Iran and focus on counter narcotics and fentanyl trafficking. We expect authorities will continue prioritising enforcement of sanctions against Iran, expand secondary sanctions for facilitators in third countries, and impose stricter technology restrictions targeting critical hardware linked to China and advanced computing. We also expect US sanctions developments on Venezuela and Russia as these areas remain a key focus for the US.
Sanctions and compliance risks are rising for multinational companies in China and Chinese firms operating abroad, especially in fintech, TMT, defense, and aerospace. In March 2025, the Chinese State Council introduced new rules under the Anti-Foreign Sanctions Law to strengthen enforcement against foreign sanctions. With more Chinese enterprises investing overseas, authorities are focusing on compliance risks for these companies and their management, reflected in updated laws including extraterritorial provisions in the Anti-Money Laundering Law and new asset-tracking regulations.
The European Union’s sanctions regime on Russia has evolved rapidly in response to Russia’s actions in Ukraine with an uptick in enforcement. An EU Sanctions Directive adopted in 2024 defines sanctions offenses, how corporate liability is triggered, and penalties for breach. Many businesses, particularly those with existing exposure to US or UK sanctions regimes, may already have sufficient compliance measures in place. Export intensive industries such as machinery, automotive, electronics, and chemicals are under heightened review for sanctions and export control compliance, including suspected circumvention through distributors and after sales channels in third countries. Authorities are triangulating data to identify anomalies.
There has been a parallel uptick in UK sanctions enforcement with the majority relating to making funds or economic resources available to, or for the benefit of, UK asset freeze targets. Other cases concern a failure to respond to requests for information made by the UK financial sanctions enforcer (OFSI). Similar efforts have been made to strengthen enforcement of the UK’s trade sanctions regime. The Office of Trade Sanctions Implementation (OTSI) was launched on October 10, 2024, as a sister body to OFSI. OTSI’s function involves investigating suspected breaches of trade, aircraft, and shipping-related sanctions, monitoring applications for trade licenses, and uncovering and clamping down on attempts to circumvent the UK’s export controls. The signals are clear from the UK authorities. They are very focused on enforcement, both as regards sanctions and export controls. In any such cases, there are likely to also be associated money laundering considerations. The UK authorities are also showing a growing interest in activities which may be perceived as circumvention. Read more about increased UK and EU sanctions enforcement.
For enforcement authorities, advanced technologies and data analytics tools are expected to play a pivotal role in detecting and preventing sanctions violations. We expect coordination and intelligence sharing to continue (as evidenced by recent events concerning oil tankers), including with respect to sanctions targets and licensing decisions. There remains a high degree of cooperation between many enforcement authorities around the world. Mutual legal assistance treaties are being increasingly upgraded to direct access agreements for electronic data. This allows the criminal authorities in one country to obtain data directly from service providers in another country, e.g., the EU E-Evidence regulation (in force in 2026) and the UK/US Direct Access agreement (in force already).
Obstacles to moving data across borders
As national security priorities increasingly influence legislative and enforcement landscapes, some jurisdictions are expanding the reach and complexity of their compliance regimes. Recent developments highlight how changes are targeting not only traditional financial crimes, but also the handling of sensitive company data and the movement of assets. Against this backdrop, businesses must navigate a patchwork of evolving rules that present new challenges for internal investigations, cross-border operations, and exposure to personal liability for decision-makers.
For example, China’s expanding national security lens reaches “espionage-adjacent” company data such as supply chain schematics, location datasets, and technical specifications. That reality directly affects routine internal investigations, especially where counterparties are state-linked or operate in strategic sectors. The required regulatory process for producing information in a foreign litigation or law enforcement proceeding also directly intersects with competing Western sanctions regimes and mechanisms to obtain communications and logs across borders. Establishing a risk management process for both internal and external investigation concerning China has become a must to avoid getting into geopolitical crosshairs.
The UAE’s new AML law lowers evidentiary thresholds, introduces personal criminal liability for managers, empowers the authorities to freeze funds and suspend transactions and adds explicit terrorism and proliferation financing predicate offenses. In a transit hub where funds and virtual assets move at pace, these powers can immobilize transactions quickly, including in matters with sanctions or export-control dimensions.
Changes to the rules in many jurisdictions on supply chain due diligence, and approaches to enforcement, can also be viewed through a geopolitical lens, as can state-sponsored cyberattacks. The A&O Shearman white-collar crime & investigations review 2026 reveals several jurisdictions tightening rules on cybersecurity. This is an area where law and practice are evolving fast. Read more about managing cyber risk under escalating threat and enforcement pressure.
Key takeaways
- Businesses will need to consider the commercial, legal, and enforcement contexts to adopt a sensible path through these national security-driven and often conflicting requirements. Identify where sanctions, export controls, AML, and national security rules collide for critical products, datasets, and partners, and assign accountable owners and escalation thresholds at the group and subsidiary level.
- Engaging with external experts, particularly with deep local knowledge, is invaluable in managing risk and navigating a sensitive and sensible course should an issue arise.
- Adopt a proactive approach to managing geopolitical risks. This includes conducting regular risk assessments and staying abreast of regulatory and political developments across jurisdictions that are key to the organization.
- Those in compliance need to have good communication with business operations, to properly assess risk. Does compliance know, for example, where the business is planning to expand operations or invest?
- Businesses should ensure they have strong whistleblower policies in place to encourage internal reporting of sanctions issues or other potential violations of law.
- Ensure that the business is well-prepared for potential investigations. This includes maintaining accurate and comprehensive records and data maps. Anticipate investigations hygiene for sensitive geographies. Tailor document collection, interviews, and device access to local national security, data, and privilege constraints.
The white-collar crime and investigations lawyers at A&O Shearman can help navigate complex geopolitical considerations. Please contact the author(s) of this article or your normal contact.
This article is part of the A&O Shearman cross-border white-collar crime and investigations review 2026.
