Dispute Resolution
Cyprus Steps Up Sanctions Enforcement: From Compliance Obligations to Criminal Consequences
On the 25th of July, 2025, the Republic of Cyprus (“Cyprus”) enacted Law 149(I)/2025, formally titled The Criminalization of the Violation of the Restrictive Measures of the European Union Law of 2025 (the “Law”). The Law transposes EU Directive 2024/1226 of the European Parliament and Council of the 24th of April, 2024, which harmonises the definition of criminal offences and penalties for the violation of EU restrictive measures. In effect, the Law replaces earlier legislation on the implementation of international and European sanctions, carving a uniform framework for criminal enforcement in line with European standards.
Purpose and scope
The Law aims to ensure that breaches of restrictive measures of the European Union (“EU”), established pursuant to Article 29 of the Treaty on European Union and Article 215 of the Treaty on the Functioning of the European Union (collectively referred to as “EU Sanctions”), constitute clearly defined criminal offences under national law, punishable by proportionate and dissuasive penalties. The Law applies to both natural and legal persons, and covers a wide range of conduct related to the breach or circumvention of the EU Sanctions, among which are the transfer, disposal, and/or concealment of economic resources, capital and/or assets belonging to a natural or legal person, entity or body subject to EU Sanctions (a “Designated Person”).
Among the definitions set out in Article 2 of the Law, those of “capital” and “economic resources” are particularly noteworthy.
“capital” covers financial assets and economic benefits of any kind, and is drafted broadly to include, inter alia, cash, cheques, monetary claims, deposits, negotiable instruments and other payment means; securities, both publicly and privately traded (including shares, bonds, notes, warrants and derivatives); credits, guarantees, letters of credit and other financial commitments; income or gains derived from such assets; documents evidencing participation in funds or financial resources; and crypto-assets as defined in Article 3(1)(5) of Regulation (EU) 2023/1114.
“economic resources” covers assets, whether tangible or intangible, movable or immovable, which are not funds but may be used to obtain funds, goods or services.
Article 4 of the Law defines its territorial scope of application, extending the reach of the offences under Article 5 beyond the territory of Cyprus. Specifically, the Law applies to conduct committed wholly or partly within Cyprus, on ships or aircraft registered in Cyprus or flying the Cypriot flag, and to offences committed by Cypriot nationals or by legal persons incorporated in Cyprus. It also extends to acts or omissions occurring outside Cyprus where the offender is habitually resident in Cyprus, is an officer or employee of the Republic of Cyprus acting in an official capacity, or where the offence is committed for the benefit of a legal person established in Cyprus or in connection with business activities conducted wholly or partly within Cyprus. Where the commission of an offence falls within the jurisdiction of more than one EU Member State, Cyprus is required to cooperate with the other Member States to determine which will undertake the prosecution, with the matter being referred to Eurojust where appropriate, in line with Framework Decision 2009/948/JHA. Notably, prosecution of offences committed by Cypriot nationals or by legal persons incorporated in Cyprus may be brought irrespective of whether the state in whose territory the offence occurred has submitted a complaint.
Criminal offences
Article 5 of the Law sets out the core offences criminalised under Cypriot law in alignment with the EU Sanctions framework. It provides that any intentional act or omission resulting in a breach of an EU Sanction constitutes a criminal offence.
In particular, the Law criminalises:
the direct or indirect provision of funds or economic resources to, or for the benefit of, a Designated Person;
the failure to freeze funds or economic resources owned, held or controlled by such Designated Person;
the facilitation of the entry into or transit through the territory of an EU Member State by a Designated Person in breach of a travel ban;
the execution or continuation of transactions with a third country, its entities, or entities owned or controlled (directly or indirectly) by it, including the award or continuation of public contracts or concessions, where such conduct is prohibited or restricted under EU Sanctions;
the execution of commercial transactions involving the import, export, sale, purchase, transfer, transit or brokering of goods, or the provision of intermediary, technical assistance or related services, contrary to EU Sanctions;
the provision of financial services or financial activities, or any other type of service prohibited or restricted under EU Sanctions;
the circumvention of EU Sanctions, including through:
– the use or transfer of funds or resources to conceal ownership or control;
– the provision of false or misleading information to obscure the involvement of Designated Persons; or
– the failure to report or disclose to the competent authorities frozen or controlled assets as required by law; and
– the violation or non-compliance with licence conditions granted by the competent authorities where the underlying activity would otherwise be prohibited by EU Sanctions.
Importantly, an offence involving the trade, export or provision of technical assistance in relation to items on the EU Common Military List or dual-use items (as listed in Annexes I and IV to Regulation (EU) 2021/821) may be committed even through gross negligence, thereby extending criminal liability beyond intentional conduct.
The Law further clarifies that its provisions do not criminalise humanitarian aid to persons in need or activities supporting basic human needs, provided such actions are carried out in accordance with the principles of impartiality, humanity, neutrality and independence, and, where applicable, with international humanitarian law. It also reaffirms that persons providing legal services in accordance with the Advocates Law, Cap. 2, are not required to report information obtained from or about their clients which is protected by legal professional privilege.
Article 6 extends criminal liability to persons who incite, conspire or attempt to commit the offences under Article 5. Anyone who induces another to participate in such conduct is guilty of the same offence, subject to the same penalties, and may be prosecuted as if they had committed the act themselves. Where two or more persons act with a common intention to pursue an unlawful purpose and, in doing so, commit any of the offences under Article 5, each is likewise deemed guilty and liable to the same penalty. The Law also provides that a person who attempts to commit any of the specified offences in Article 5 is guilty of an offence and may be prosecuted and punished as if the act had been completed. A person is regarded as having attempted an offence where they begin to carry out their intention by suitable means and clearly manifest that intention, even if the act ultimately remains incomplete.
Penalties and liability
Articles 7 and 8 of the Law introduce a framework of differentiated penalties depending on the gravity of the offence and whether it is committed by a natural or legal person.
For natural persons, penalties range from imprisonment of up to five years and/or fines of up to EUR 100,000, depending on the type and value of the offence. Lesser breaches may attract shorter terms or lower fines, while offences involving dual-use or military goods incur the maximum penalties irrespective of monetary value. In addition, the Courts may impose supplementary measures, such as the revocation of licences, exclusion from holding managerial positions, temporary disqualification from public office, or, where public interest so requires, the publication of the judgment in accordance with data-protection rules.
For legal persons, the Law establishes corporate criminal liability where an offence is committed for the benefit of the entity by a person in a leading position, or as a result of insufficient supervision or control. Fines may reach up to 5% of the entity’s total worldwide turnover for the preceding financial year, or, where such turnover cannot be determined, up to EUR 40 million. Additional sanctions may include exclusion from public funding or procurement, suspension or withdrawal of authorisations, temporary or permanent business restrictions, or even judicial dissolution. Courts may also order the publication of their decisions in cases of public interest.
The liability of a legal person does not preclude the prosecution of natural persons involved in the same conduct.
Article 9 further defines the basis of corporate liability, providing that a legal person incurs responsibility for offences committed for its benefit by individuals exercising representational, decision-making, or control powers within it. Liability also arises where a lack of supervision or control by such persons enables the commission of an offence by subordinates. The corporate liability provisions do not preclude the criminal prosecution of natural persons who act as perpetrators, instigators, or accomplices.
Finally, Article 10 introduces aggravating and mitigating circumstances relevant to sentencing. Aggravating factors include, among others, the commission of an offence within a criminal organisation, the use of forged or falsified documents, violations by professional service providers acting contrary to their duties, the involvement of public officials, the derivation of significant financial benefits, obstruction of justice, or prior convictions for similar offences. Mitigating factors include situations where the offender cooperates with authorities, providing information or assistance that would not otherwise be obtainable, and which facilitates the identification or prosecution of other offenders or the gathering of evidence.
Enforcement and cooperation
Part III of the Law strengthens enforcement by providing for the freezing and confiscation of assets linked to EU Sanctions breaches, the investigative powers of the police, customs, and other authorities, and cooperation with EU bodies such as Europol, Eurojust, and the European Public Prosecutor’s Office, particularly in cross-border cases. It also requires the collection of anonymised enforcement data and its reporting to the European Commission through the Unit for the Implementation of EU Restrictive Measures (EMEK).
Complementary legislative measures have also been introduced to ensure consistency and effective implementation. Law 150(I)/2025 establishes the National Sanctions Implementation Unit within the Ministry of Finance, responsible for coordinating national enforcement of both EU and UN sanctions, issuing guidance, managing licensing procedures, and imposing administrative fines. In parallel, Law 148(I)/2025 amends the existing whistleblowing framework to extend protection to persons reporting breaches of EU Sanctions, including acts of incitement, aiding and abetting, or attempted violations.
Significance
The Law positions Cyprus firmly within the EU’s collective effort to strengthen the enforcement of restrictive measures amid a shifting geopolitical environment. At the national level, it signifies that compliance with EU Sanctions is no longer merely a matter of regulatory diligence but now carries potential criminal liability for both individuals and corporate entities; not only those who commit breach, but also those attempt, facilitate, or conspire to do so. Its adoption marks an important step in reinforcing Cyprus’ commitment to transparency, accountability, and effective alignment with the EU Sanctions regime.
Authors
Kyriaki Stinga, Adonis Zachariou, Maria Vyronos
Elias Neoleous & Co LLC
17 November 2025