🇪🇺 Can EU CASPs onboard Clients in Ukraine’s non-government control territories?

The concern stems from the intersection of MiCA, EU restrictive measures, and obligations imposed on CASPs under EU financial sanctions law. Under current legal provisions, providing services to entities or individuals in the “specified territories” of Ukraine - those under an occupation - can constitute a direct breach of Council Regulations such as (EU) 2022/263, 2022/1903, and 2025/398. The legal reasoning reflects the EU’s broader objective of limiting support to the occupied regions, particularly in sectors that could indirectly sustain illegal annexation efforts.

📘 Applicable Legal Standards under MiCA and Sanctions Law

Under Regulation (EU) 2022/263 and its amendments, CASPs fall within the scope of prohibited service providers when it comes to dealings involving “specified territories.” These are defined as the non-government-controlled areas of the Donetsk, Luhansk, Kherson and Zaporizhzhia oblasts of Ukraine. Article 1(d) and Article 4(1a) extend the prohibition to a wide range of services including brokering, financing, and technical support—particularly if tied to infrastructure, energy, telecommunications, or extractive industries.

Council Regulation (EU) 2025/398 further clarifies this stance by making it unlawful to provide “direct or indirect” financial services, including those enabled by virtual assets, to legal or natural persons located in these regions. This applies regardless of whether the service originates within the EU or is facilitated through third countries. In addition, the EU Sanctions Map confirms that restrictions apply not only to direct financial transactions, but also to auxiliary services such as legal advice, IT support, enterprise software, accounting, and consultancy.

From a MiCA compliance perspective, this implies that CASPs must screen not only for sanctioned individuals or entities but also for prohibited geographic regions. This involves implementing jurisdiction-based client due diligence, including IP address screening, geofencing, and enhanced KYC measures.

🔍 Analysis and Implications for CASPs Operating in the EU

Unlike general AML/CFT frameworks, the restrictions arising from EU sanctions law are absolute and do not provide exemptions for good-faith actors. Even the mere provision of remote wallet services or account opening functionality to residents of the specified territories could amount to a breach of EU regulations. The practical risk is compounded by the fact that many individuals in occupied territories are on the bridge of choosing the passports of one or another country, which complicates compliance up-to-date assessments.

Under MiCA, crypto-asset service providers are subject to stringent governance, AML, and operational resilience requirements. These include risk-based internal controls and mandatory reporting to competent authorities. However, where an EU restrictive measure applies, the latitude to accept customers based on internal risk scoring disappears. Instead, the prohibition is categorical—meaning that service provision is flatly disallowed irrespective of transaction purpose or volume.

In light of this, CASPs are advised to establish automated compliance rules to prevent onboarding of clients whose declared or detected residence falls within the blacklisted oblasts. Screening must be continuous and extend to device location, usage patterns, and transactional behaviour. The reputational and regulatory exposure for non-compliance is significant, and may result in licence suspension, monetary penalties, or criminal investigation. One key challenge arises in cases of clients who have relocated from the specified territories but retain documentary ties—such as real estate holdings or family members residing in restricted areas. Here, legal advice must be sought on a case-by-case basis to determine whether service provision is permissible.

📌 Conclusion: Navigating the Legal Complexity

In conclusion, CASPs operating under MiCA must not only comply with AML/CFT frameworks but also uphold EU-wide restrictive measures targeting occupied territories in Ukraine. The legal prohibition extends beyond sanctioned persons to entire regions, affecting both natural and legal persons. Prohibited services include wallet hosting, transaction facilitation, technical support, software provisioning, and a broad range of advisory services.

Compliance requires a multidimensional approach—enhanced KYC, sanctions screening, and geolocation-based exclusion mechanisms must all work in tandem. Service to clients with residence or activity ties to the specified territories should be avoided unless regulatory approval is explicitly obtained.

📩 For tailored legal advice and ongoing compliance support in this area, contact NUR Legal. Our firm advises EU-based CASPs and VASPs on MiCA compliance, FIU/NCA filings, and cross-border sanctions enforcement. #MiCARegulation

#EUSanctions

#CASPCompliance

#CryptoLaw

#SanctionsCompliance

#EURegulation

#UkraineSanctions

#VASP

#MiCACompliance

#GeopoliticalRisk