The European Union's 20th sanctions package against Russia takes effect on May 24, banning EU persons from any transaction with Russian or Belarusian crypto-asset service providers — and, for the first time, with decentralised platforms operating from those jurisdictions.
The European Union's 20th sanctions package against Russia takes effect on May 24, and for the first time the bloc has banned an entire category of crypto infrastructure rather than naming individual operators.
The Council adopted the package on April 23 after months of internal debate, and the crypto provisions are the most consequential the EU has produced since it began folding digital assets into its sanctions toolkit in 2022. Every Russian and Belarusian crypto-asset service provider, including exchanges, custodians, transfer agents and brokerages, is barred from doing business with EU persons after the deadline. Decentralised platforms that allow Russian users to move or trade crypto are caught by the same prohibition.
The shift in approach matters more than the headline. For three years the EU named individual exchanges, watched them rebrand or migrate, and named the successors. Garantex was sanctioned and seized. Within months an almost identical platform called Grinex appeared, sharing addresses, infrastructure and personnel. Bitpapa was sanctioned. The same playbook followed. The Council's drafting note acknowledges the pattern directly: further listings would only produce new successor platforms, so the bloc switched to a sectoral ban that applies to anything established in the jurisdiction.
The digital ruble — Russia's central bank digital currency, scheduled for production launch in September — is on the prohibited list before it has gone live. RUBx, a private rouble-pegged stablecoin, joins it. A7A5, a government-backed dollar stablecoin issued out of Kyrgyzstan and used to route Russian flows around existing measures like the OFAC actions that began with Zedcex and Zedxion in Iran, was already designated. Annex LIII now contains all three.
The Kyrgyzstan angle is the most aggressive part of the package. The EU named TengriCoin, operating publicly as Meer.kg, even though the venue sits outside Russia. Substantial volumes of A7A5 had been trading there, and the Council decided that listing the platform itself was the only way to close the channel. Other jurisdictions hosting Russian-connected exchanges should read the precedent.
Member states have given themselves a one-month wind-down to settle existing contracts. After May 24, EU-domiciled custodians, payment firms and exchanges have to confirm they have no exposure to any of the banned categories — a compliance task that will be uneven, given how thinly some smaller European platforms have built their KYC stacks. Limited carve-outs exist for diplomatic missions in Russia, EU citizens who lived in Russia before February 2022, and companies winding down Russian operations under member-state authorisation.
Belarus gets parallel treatment. Belarusian crypto service providers are subject to the same sectoral ban, the Belarusian digital ruble is on the prohibited list, and the broader Belarus sanctions regime has been extended to February 28, 2027. The bloc clearly sees Minsk as the most likely waypoint for any Russian operator looking to relocate inside the Eurasian Economic Union, and the language was drafted to close that route in advance rather than after the migration had already happened.
Compliance teams have been preparing for this since the package was first floated in March, but the breadth still surprised some lawyers. The harder question for the next two months is enforcement appetite — how aggressively the European Commission and national regulators chase EU users still routing through Russian-linked platforms after May 24. A few high-profile early actions would set the tone for the rest of the year.
The decentralised-platform language is the part the industry has spent the most time arguing about. The text covers any platform that allows the transfer or exchange of crypto assets and is established in Russia or Belarus, which is straightforward where a DEX has a corporate front-end registered in Moscow but harder where the protocol is genuinely permissionless and the front-end has been forked elsewhere. Member states will end up writing the answers to those questions case by case, and the early enforcement decisions will shape how protocol developers think about jurisdictional exposure.
Russia's response has so far been quiet. The Bank of Russia has not commented on the digital ruble listing, and the Finance Ministry continues to push for limited domestic legalisation of crypto for cross-border trade. Whether that policy survives the new EU posture is another question. Russia's most useful crypto rails for moving around sanctions were the European ones it could reach into; after May 24, those rails close. What replaces them, and how quickly, is the part the next sanctions package will likely have to answer.
