Economic sanctions against Russia have been among the hot topics for business. At the end of 2023, the EU published the 12th sanctions package aimed at Russian companies and state authorities. There are major changes concerning the provision of software to Russian companies.

1.     BAN ON SALE, SUPPLY, TRANSFER AND EXPORT OF SOFTWARE

Amendments are made to Article 5n of EU Council Regulation No 833/2014; the new edition is supplemented with paragraph 2b.

The new provisions establish a ban on sale, supply, transfer, export or other provision (whether direct or indirect through intermediaries) of software used in enterprise management, industrial design and production.

This concerns mostly specialized software for architectural and engineering research, design and production, for mass media work, in education institutions and in the entertainment industry, but also affects the more universal CRM programs.

The specific list of software impacted by the EU sanctions is given in an appendix to the Regulation:

• Enterprise resource planning (ERP), customer relationship management (CRM), business intelligence (BI), supply chain management (SCM), enterprise data warehouse (EDW), computerized maintenance management system (CMMS), project management software, product lifecycle management (PLM), and typical components of the above-mentioned suites, including software for accounting, fleet management, logistics and human resource;
• Building information modelling (BIM), computer aided design (CAD), computer-aided manufacturing (CAM), engineer to order (ETO), and typical components of above-mentioned suites.

The ban affects the provision of software by European countries to any Russian legal entities, as well as to authorities and state bodies of the Russian Federation. The 12th sanctions package stipulates that this concerns any type of provision, whether alienation of rights, license or simple transfer of a copy of the software.

It is also forbidden to provide technical support, financial aid or any services for the transfer of such software to Russia.

2.     TRANSITION PERIOD AND EXCEPTIONS

The amendments contain various provisions for the transition period, as well as exceptions:

• If a European company signed a contract with a Russian party in respect to forbidden software prior to December 19, 2023 (the effective date of the sanctions), then it can temporarily sell, supply, export and otherwise transfer the software to Russia, but only until March 20, 2024 and only if provision of the software to the Russian company is strictly necessary. The EU does not clarify how to determine such “strict necessity.”
• There is also a transition period for Russian companies owned or controlled by legal entities registered under the laws of EU member states, countries being members of the European Economic Area, as well as Switzerland, USA, Japan, UK, South Korea, Australia, Canada, New Zealand and Norway (so-called EU partner countries).

The ban on providing software to such controlled Russian companies does not set in until June 20, 2024.

• Sale, supply, export and transfer of software to Russia is allowed if it is for purely public purposes. For example, if it is needed for reacting to public health emergencies (such as COVID), for emergency prevention of natural disasters or other events that can have a significant impact on human health and safety or the environment

3.     AUTHORIZATION OF COMPETENT AUTHORITIES TO PROVIDE SOFTWARE

Another exception from the sanctions is the provision of software to Russian companies and state bodies with the authorization of EU competent authorities if this is necessary for:

• contribution of Russian specialists to international open source projects;
• humanitarian aid;
• activity of civil society aimed at developing democracy and protection of human rights in Russia;
• functioning in Russia of diplomatic and consular representative offices of the EU, EU member states and partner countries and international organizations with immunity;
• ensuring supply of power and ores and metals to the EU;
• ensuring uninterrupted functioning of infrastructures critical for human health, safely and the environment;
• civil nuclear cooperation;
• provision of electronic communication services.

We should separately note new grounds for such exceptions: the competent authority can authorize the use of software if such software is used solely by a “controlled” Russian company, meaning a Russian legal entity owned or controlled by companies from the EU or an EU partner state.

The 12th sanctions package does not contain clarifications as to the form of such authorization from the competent authority or the procedure for examining an application and issue of the authorization. We presume these details will be decided by the competent authority in each EU country at their own discretion.

4.     LIABILITY FOR VIOLATING SANCTIONS

As of today, there is no liability at the EU level for not complying with the restrictions imposed by sanctions. Therefore, each specific case would be governed by the local laws of the relevant EU member state.

For example, in Germany there is administrative liability for non-intentional breach of EU sanctions, with the maximum amount of the administrative fine being EUR 500,000. In certain cases, criminal liability can also be imposed.

We hope this material helped you to get an initial understanding of the EU sanctions imposed in respect to sale, supply, transfer, export or other provision of software to Russian companies.

The CLS team will be glad to consult you on the issue of whether the 12th sanctions package applies to your company's business and to assess any existing risks.

This review was prepared by the Head of the CLS Intellectual Property practice Antonina Shishanova and Associate Marina Prygunova.