Quickguides

Sanctions and trade control laws in Australia

21 May 2026

Share Share
Print
Tanker
Share
Print

    Introduction and overview of this quickguide

    This guide provides an overview of Australia’s sanctions and export and trade controls regimes, along with practical guidance on managing legal and compliance risks that may arise in these areas.

    This guide includes the following three sections:

    Part A: Australia’s sanctions regime

    Australia’s sanctions regime, established under Commonwealth legislation gives effect to UN and autonomous sanctions. It prohibits a broad range of dealings with designated persons, entities and within certain jurisdictions. Serious criminal penalties apply to corporations and individuals for contravening the prohibitions. This section examines the key features of the regime, including thematic sanctions, the required nexus with Australia, the permit system, administration and enforcement, proposed reforms, interaction with AML/CTF obligations, and the relevance of sanctions regimes in other jurisdictions.

    Part B: Export and trade controls

    Australia’s export and trade controls regime regulates the supply, export, and brokering of military and dual-use goods, software, and technology. Export and trade controls have become a heightened area of regulatory focus as a result of increased global conflict. This section outlines the types of prohibited conduct and the approvals process.

    Part C: Risk and compliance management

    Businesses should establish integrated compliance programs that address sanctions and trade controls, incorporating due diligence of employees, agents/intermediaries, service providers and counterparties, transaction screening, and staff communication and training. This section provides high level guidance on developing a compliance framework and the steps to take where a risk of breach has been identified.

    Download the quickguide here (PDF 5.58MB)

    Part A: Australia’s sanctions regime

    Overview of Australia’s sanctions regime

    Sanctions are legally binding restrictions imposed by the Australian Government in response to situations of international concern. They can apply to named foreign governments, individuals, and entities (including banks), as well as specified sectors, goods, services, and activities. Typical measures include asset freezes and prohibitions on dealing with assets, travel bans, export and import controls, and bans on providing certain services (such as financing, insurance, advisory or broking).

    Sanctions are imposed to protect national interests and manage national security, trade, and financial risks. Triggers to impose sanctions include armed aggression, regional destabilisation, terrorism and terrorist financing, the proliferation of weapons of mass destruction, major malicious cyber activity, significant corruption, and coups or other attacks on lawful governance. The purpose of sanctions is to constrain the resources and capabilities of targeted actors, deter and disrupt further harmful conduct, and signal Australia’s policy position.

    In practice, this means certain transactions may be prohibited or subject to controls or permit requirements. Businesses must ensure their operations comply with Australia’s sanctions regime, including by screening counterparties (and their ownership structures), and may need to adjust contracts, payment flows, and logistics arrangements to ensure ongoing compliance.

    The means of managing risk varies between entities and depends on the nature, size and scope of a business’ operations. Sanctions requirements frequently change and so it is important for businesses to monitor developments in this space to manage compliance risks.

    Australian sanctions laws

    Australia currently operates two sanctions regimes:

    • UN Sanctions: These are sanctions adopted by Australia as a member state of the United Nations Security Council. They are recommended by the UN and implemented domestically under the Charter of the United Nations Act 1945 (Cth) and its associated regulations.
    • Australian Autonomous Sanctions: The Australian Government and the Minister for Foreign Affairs are empowered to impose sanctions under the Autonomous Sanctions Act 2011 (Cth) and the Autonomous Sanctions Regulations 2011 (Cth) additional or separate to those recommended by the UN.

    (together, the Australian Sanctions Laws).

    The diagram below sets out the sanctions framework currently in effect in Australia, and the countries and groups targeted by Australian Sanctions Laws. This diagram is a modified form of the original obtained from the Department of Foreign Affairs and Trade (DFAT) website on 20 April 2026.1

    While the Australian Sanctions Laws are the primary source of Australian sanctions obligations, similar and/or related prohibitions are found in other legislation and regulations. For example, export and import prohibitions arise under the Defence Trade and Controls Act 2012 (Cth), the Customs (Prohibited Exports) Regulations 1958 (Cth), and the Customs (Prohibited Imports) Regulations 1956 (Cth). All applicable legislation and regulations should be carefully considered, in light of the relevant facts and circumstances of a business’ operations. Import and export prohibitions, as well as strategic goods and technology controls, are discussed further below in Part B.

    In addition, under revisions to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) that came into effect on 31 March 2026, businesses that provide designated services must ensure their sanctions compliance framework is aligned to their AML/CTF program. A breach of the Australian Sanctions Laws may also coincide with a breach of State or Commonwealth proceeds of crime legislation. Further information on these topics is included below under the heading “Interaction with Australia’s AML/CTF regime and proceeds of crime legislation”.

    Separately, businesses should be alert to risks associated with proliferation financing, being funds, financial services, or economic resources that are used (directly or indirectly) to support the development or delivery of weapons of mass destruction. Where a business operates in sectors with potential exposure to proliferation-related supply chains or end-users, its sanctions compliance framework should specifically account for these risks.

    What types of conduct are sanctioned by Australia?

    Australian Sanctions Laws impose a range of prohibitions on specified countries, entities and persons, and may restrict the following conduct:

    • The direct or indirect supply, sale or transfer of an export sanctioned good for use in, or for the benefit of, a country or part of a country.
    • The purchase, import or transport of any import sanctioned goods if they were exported from, or originated in, the sanctioned country.
    • Engaging in certain sanctioned commercial activity in a sanctioned country. Sanctioned commercial activities can vary significantly between sanction regimes. The relevant activities can include matters such as dealing in certain securities and financial instruments, providing a financial loan or credit, and acquiring interests in entities operating in certain industries.
    • Engaging in certain services connected with the export and import of certain goods and/or certain commercial activities.
    • Engaging in certain conduct subject to thematic sanctions. The relevant themes include the proliferation of weapons of mass destruction, significant cyber incidents, serious violations or serious abuses of human rights, and/or serious corruption.
    • The direct or indirect provision of an asset to, or for the benefit of, a designated person or entity. Refer to DFAT’s Consolidated List to confirm whether a person or entity is listed as a designated individual/entity, particularly as this list is periodically updated. A link to DFAT’s consolidated list can be accessed here.
    • Dealing with or holding a controlled asset (e.g. an asset that is owned or controlled by a designated person or entity). Confirming the designation status is important due to the wide scope of this prohibition.

    Each of the terms and concepts relevant to sanctioned conduct carries a specific meaning and requires careful consideration. For example, "asset" is broadly defined to include an asset or property of any kind, whether tangible or intangible, moveable or immovable.

    Dealing with controlled assets

    In relation to the prohibition on dealing with “controlled assets”, the Australian Sanctions Laws do not define “control” or “ownership”. There is no “bright-line” test for assessing borderline cases. This differs from sanctions regimes in other jurisdictions, such as the United States and the United Kingdom, where the position is clearer and sanctions regulators have published guidance on ownership and control. In Australia, whether an asset is “owned” or “controlled” by a designated person or entity needs to be assessed on a case-by-case basis.

    Guidance from the Australian Sanctions Office (ASO) (the Australian sanctions regulator, within DFAT) titled Dealing with Assets Owned or Controlled by Designated Persons and Entities, notes that "ownership" and "control" of an asset is determined according to the factual circumstances, including the kind of asset and the laws of the jurisdiction in which it was created. The guidelines state that "control" of an asset can be indicated by the person’s command or direction over the asset, and that "ownership" can be established through legal title or the person’s rights to exclusively enjoy, destroy, alter, alienate or dispose of, or maintain and recover possession of the asset. Further, the Australian courts have indicated that relevant considerations may include, by way of example, whether the designated person or entity can determine the outcome of the entity’s financial and operating policies, taking into account the practical influence the designated person/entity can exert, and any practice or pattern of behaviour affecting the entity’s financial or operating policies.

    By comparison, in an AML/CTF context, a beneficial owner is a person who ultimately owns, either directly or indirectly, 25% or more of entity, or who controls, either directly or indirectly, the entity. Control is defined in the AML/CTF legislation as holding 50% or more of the direct voting interests in an entity, holding 15% or more of the direct control interests in an entity, sufficiently influencing the entity, or being in a position to exercise control over it. Whether an entity controls or owns another entity therefore requires careful assessment.

    Making an asset available for the direct or indirect benefit of a designated person

    There is also uncertainty as to whether an asset is made available for the direct or indirect benefit of a designated person. "Benefit" is not defined under the Australian Sanctions Laws, but has been broadly construed in case law in other contexts. As with the test for ownership and control, there is no clear-cut test to ascertain whether an asset has been made available for the benefit of a designated person. It is therefore necessary to consider each scenario on a case-by-case basis. Factors that may be relevant include the nature of the asset, its financial value, and the designated person’s position in the corporate chain.

    While there is limited judicial consideration of Australian Sanctions Laws, the courts have clarified that the phrase “directly or indirectly” in the context of the sanctions regime requires the benefit to be the object, effect, or likely effect of the transfer of export-sanctioned goods.

    Thematic sanctions

    In December 2021, Australia incorporated what are commonly known as thematic or "Magnitsky" sanctions into the Australian Sanctions Laws, as part of Australia’s autonomous sanctions.
    Thematic sanctions were introduced to expand Australia’s sanctions regime beyond its geographic focus, targeting certain categories of conduct by individuals or entities irrespective of where in the world that conduct occurs. Thematic sanctions enable the Minister to sanction individuals or entities that:

    • participate in the proliferation of weapons of mass destruction;
    • contribute to significant cyber incidents;
    • participate in serious violations or serious abuses of human rights; or
    • participate in serious corruption.

    Nexus with Australia

    Australian Sanctions Laws are far-reaching and apply to conduct that occurs:

    • wholly or partly in Australia, or wholly or partly on board an Australian aircraft or ship;
    • produces a result wholly or partly in Australia (or on an Australian aircraft or ship);
    • wholly outside Australia, where the conduct involves an Australian citizen and/or an Australian registered body corporate; or
    • in circumstances where the alleged offence is an ancillary offence and the primary offence occurs, or is intended to occur, wholly or partly in Australia or on board an Australian aircraft or ship.

    We discuss the broad application of Australia’s Sanctions Laws in more detail in our article on Tigers Realm Coal Limited v Commonwealth of Australia [2024] FCA 340. This decision shows that the regime can apply to Australian companies even where the contravening conduct occurred wholly outside of Australia by its wholly owned subsidiary companies.

    When a potential sanctions issue is identified, consideration should be given to whether the conduct may also violate sanctions laws in other jurisdictions in which a business operates or transacts, particularly those with far-reaching regimes such as the United States, the United Kingdom, and the European Union. An overview of certain foreign sanctions regimes is covered at a high level below.
    Businesses should also consider any sanctions laws they have agreed to comply with under commercial agreements or financing arrangements with financial service providers. A contravention of such laws may give rise to liability for breach of contract, even where the contravention is not directly enforceable by the relevant government authorities.

    Permits

    A permit may be sought to authorise an activity that would otherwise contravene Australian Sanctions Laws. Permits cannot be applied retrospectively in Australia.

    Whilst the application process for a sanctions permit is consistent across the Australian Sanctions Laws, different sanctions regimes impose different criteria for the grant of permits.

    The Minister may grant a permit authorising sanctioned commercial activity and other forms of conduct if it is satisfied that doing so would be in the national interest. Although "national interest" is not defined in the legislation, regulations or instruments, DFAT has indicated that what constitutes national interest will depend on the particular circumstances. Relevant factors include:

    • the broader objectives of the particular sanctions regime;
    • whether the activity is in the interest of, or would be advantageous to, Australia as a whole, which may include economic, security, and other relevant foreign policy considerations; and
    • any effect on Australia’s international reputation, standing, or external relations.

    In the case of making an asset available to or for the benefit of designated persons and entities, the Autonomous Sanctions Regulations 2011 (Cth) require that the permit application must be for: (1) a basic expense dealing; (2) a legally required dealing; or (3) a contractual dealing. A similar requirement exists in relation to seeking a permit authorising a use of or dealing with a controlled asset. Applications for sanctions permits are submitted through an online system called ‘PAX’.

    Offences and liability of corporations and individuals

    Unlike sanctions regimes such as those in the European Union, United Kingdom and the United States (discussed below), the Australian Sanctions Laws do not impose civil liability. Enforcement is exclusively criminal in nature.

    Under the Australian Sanctions Laws, it is an offence to:

    • engage in conduct that contravenes an Australian Sanctions Law;
    • engage in conduct that contravenes a condition of a permit or authorisation under an Australian Sanctions Law; or
    • provide false or misleading information in connection with the administration of an Australian Sanctions Law (for example, in the context of an investigation conducted by the ASO).

    A breach of Australian Sanctions Laws is a criminal offence. The maximum penalties for contravening an Australian Sanctions Law are:

    • for an individual, up to 10 years’ imprisonment, a fine not exceeding three times the value of the relevant transaction(s), or 2,500 penalty units (currently A$825,000), or both; or
    • for a body corporate, a fine not exceeding three times the value of the relevant transaction(s) or 10,000 penalty units (currently A$3,300,000), whichever is higher.2

    A breach of an Australian Sanctions Law by a body corporate is a strict liability offence. This means that a body corporate may be held liable for a sanctions offence regardless of whether there was any fault or intent. Strict liability does not apply to individuals.

    A defence is available to a body corporate if it can demonstrate it took reasonable precautions and exercised due diligence to avoid the sanctions offence.

    This defence has not been the subject of judicial consideration in Australia. However, the ASO has issued several guidance notes, including the Sanctions Toolkit and Sanctions Risk Assessment Tool, which provide insight into and examples of what may be considered reasonable precautions and diligence. The guidance indicates that what is "reasonable" will vary depending on a range of factors, including the size and nature of the business, the complexity of transactions, the geographic areas involved, and the specific sanctions regulations in place. Accordingly, what is sufficient for one entity may not be for another.

    Administration and enforcement of Australian Sanctions Laws

    The ASO, which sits within DFAT, is responsible for administering and enforcing the Australian Sanctions Laws. The ASO’s functions include:

    • providing guidance to entities on the Australian Sanctions Laws;
    • processing applications for and issuing sanctions permits;
    • promoting and monitoring compliance and assisting in the prevention of breaches; and
    • providing support to enforcement agencies in cases of suspected non-compliance.

    The ASO works closely with other federal regulators, including the Australian Defence Department (Defence), the Australian Transaction Reports and Analysis Centre (AUSTRAC), the Department of Home Affairs, the Australian Border Force (ABF), and the Australian Federal Police (AFP).

    These entities may conduct an investigation to determine whether a sanctions law has been, or is being, complied with. In the course of such an investigation, these entities have the power to issue a written notice, requiring a person to provide:

    • specified information by a specified time; and/or
    • specified documents by a specified time.

    The recipient must respond to the notice within the specified timeframe, unless an extension has been granted. Compliance with the notice is required notwithstanding any other law of the Commonwealth, a State or a Territory. Failure to comply with a notice is a sanctions offence, punishable by up to 12 months’ imprisonment.

    Where an investigation identifies a potential contravention of an Australian Sanctions Law, this may be referred to the Commonwealth Director of Public Prosecutions (CDPP) for criminal prosecution. In practice, where federal agencies form a view that a criminal breach may have occurred, there is likely to be significant pre-brief engagement between those agencies and the CDPP before any formal referral or prosecution decision is made.

    Historically, there have been very few investigations and prosecutions for sanctions breaches in Australia. This may be partly attributable to the difficulty for regulators identifying and subsequently investigating misconduct in the absence of a formalised reporting regime, although sanctions breaches may be identified through other reporting regimes, such as those under AML/CTF legislation. However, the prospect of greater enforcement action may increase as regulators focus more closely on sanctions compliance, particularly in light of potential reforms to the Australian Sanctions Laws (discussed below).

    Cases in Australia in which a court has ordered penalties for breaches of Australian Sanctions Laws include:

    • In 2019 and 2021, two individuals were sentenced to two years’ imprisonment by the Supreme Court of NSW for breaches of UN Sanctions involving the export of approximately 90 tonnes of nickel alloys to Iran.
    • In 2021, an individual was sentenced to three and half years’ imprisonment by the Supreme Court of NSW for breaches of UN Sanctions and the Australian Autonomous Sanctions. The offences involved providing brokering services to North Korea for the sale of arms and military equipment in the form of inertial measurement units, coal and pig iron, as well as facilitating North Korea’s purchase of refined petroleum products.

    Sunsetting of the Autonomous Sanctions Regulations and potential areas of reform

    In October 2024, DFAT conducted a review of Australia’s sanctions laws and issued a report titled ‘Review of Australia’s Sanctions Laws’, which formed the basis of DFAT’s advice to the government on recommended areas of reform. Whilst the reforms have not yet been finalised, the issues identified during public consultation provide insight into potential changes. Key issues identified during the process include streamlining the legal framework, clarifying terminology, increasing transparency around permits, introducing a humanitarian exemption, introducing civil penalties, establishing a new review mechanism for sanctions designations and declarations, and increasing the regulatory function of the ASO.

    In 2025, two separate Parliamentary Committees reported on Australia’s autonomous sanctions regime: the Senate Foreign Affairs, Defence and Trade References Committee (February 2025) and the Joint Standing Committee on Foreign Affairs, Defence and Trade (March 2025). The recommendations of both Committees highlighted a need for a sharpened focus on enforcement, including coordinated action with partners, continued designations for serious human rights abuses, and the development of methodologies to assess the effectiveness of Australia’s sanctions regime. These recommendations build upon themes identified in DFAT’s review.

    The government has indicated its intention to make the sanctions regime clearer and more workable, to reduce unnecessary or duplicated regulatory costs, and to work with international partners to identify opportunities to improve regulation.

    The Autonomous Sanctions Regulations 2011 (Cth) will sunset on 1 October 2027, presenting a significant opportunity for substantial changes to the current regime, which continues to pose unique compliance challenges for businesses operating within Australia.

    Interaction with Australia’s AML/CTF regime and proceeds of crime legislation

    Reporting entities who provide designated services must undertake sanctions screenings under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and Anti-Money Laundering and Counter-Terrorism Financing Rules 2025 (Cth).

    On 31 March 2026, new laws under Australia’s AML/CTF regime came into effect that interact with the sanctions regime. Among the key changes, reporting entities regulated by AUSTRAC are required to develop, maintain, and comply with policies designed to ensure they do not contravene sanctions obligations in the provision of their designated services. Failure to develop and maintain these policies and procedures when providing a designated service may attract a civil penalty. AUSTRAC is also empowered under AML/CTF legislation to monitor reporting entities’ compliance with their obligations. These changes are intended to ensure that entities regulated by AUSTRAC have the necessary measures in place to implement targeted policies.

    In addition, Commonwealth and State proceeds of crime legislation prohibits receiving or dealing with money or property which is the proceeds of domestic or foreign crime. If a business has breached Australian Sanctions Laws, there is a risk that any proceeds obtained are considered proceeds of crime and that receiving and/or dealing with those proceeds in Australia constitutes a separate offence.

    Australian proceeds of crime legislation does not impose any obligation to report suspected or actual offences to the authorities, but consideration should be given to whether any other reporting obligations apply (e.g. under AML/CTF legislation or foreign laws).

    Sanctions regimes in other jurisdictions

    As flagged above, it is important for businesses – particularly those operating in multiple jurisdictions or entering into cross-border transactions – to consider potential sanctions risks arising under the laws of other jurisdictions. Sanctions advice should be sought from local counsel on a case-by-case basis to determine whether any such risks exist and, if so, how they can be appropriately managed. A high-level snapshot of the sanctions regimes in the United States, the United Kingdom, and the European Union is set out below.

    Jurisdiction: USA

    Prohibited conduct

    US sanctions broadly comprise primary sanctions and secondary sanctions.

    Primary sanctions prohibit US persons from engaging in transactions with, or providing goods or services to or for the benefit of, targeted countries, entities or individuals (collectively, sanctions targets). The sanctioned individuals are designated in the Department of the Treasury’s Office of Foreign Assets Control’s (OFAC) List of Specially Designated Nations and Blocked Persons (SDN List). In addition, under OFAC’s “50 Percent Rule”, the same restrictions apply to any entity that is owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more SDNs (blocked entities).

    US sanctions law may also require a US person to “block” (ie, freeze) any assets/property interests owned, controlled, or held for the benefit of a sanctioned target or blocked entity when such assets/property interests are in the US or within the possession or control of a US person and to report each blocked asset to the OFAC within ten business days of the blocking. Blocking means that the property may not be transferred, withdrawn, or otherwise dealt in, in the absence of OFAC authorisation. Although there is no general definition of “possession or control”, the concept is interpreted broadly and is generally understood to capture any situation in which a US person has the ability to exercise custody, authority, or decision-making power over the property, whether directly or indirectly. In practice, this includes circumstances in which US persons act as trustees, custodians, intermediaries, or clearing banks.

    Primary sanctions may also prohibit certain types of activities or transactions involving sanctioned targets and sanctioned countries, such as prohibiting new investment, new debt, or services related to certain sectors. In addition, US persons are prohibited from approving, financing, facilitating, or otherwise supporting transactions by non-US persons that would be prohibited if undertaken by a US person.

    Secondary sanctions authorise the US government to impose sanctions on non-US persons located anywhere who engage in certain prohibited transactions (e.g., “significant transactions with” or “providing material assistance to” sanctioned targets or blocked entities), or who participate in specified activities deemed contrary to US foreign policy and national security interests (for example, activities supporting military or strategic capabilities in sanctioned jurisdictions).

    Extraterritorial reach

     US primary sanctions restrict any “US person”, which is defined to include:

    • entities organised under US law (such as US companies and their US subsidiaries);
    • any US company’s domestic and foreign branches;
    • any individual who is a US citizen or permanent resident alien (“green card” holder), regardless of their location in the world;
    • any individual, regardless of their nationality, who is physically present in the US at the time of the relevant conduct; and
    • US branches or US subsidiaries of non-US companies.

    Secondary sanctions can apply to non-US persons in relation to their activities outside of the US even without any US nexus.

    Penalty

     Violations of primary sanctions can result in civil and/or criminal penalties. The nature of the penalty will vary depending on the sanctions program implicated.

    Secondary sanctions are imposed in circumstances where civil or criminal penalties are not available because US sanctions regulators lack jurisdiction over the targeted entities or individuals. In lieu of bringing a civil or criminal enforcement action, US regulators impose secondary sanctions, the possible consequences of which could include: (i) limited access to, or even exclusion from, the US financial system and marketplace, and (ii) being placed on the SDN list.

     

    Jurisdiction: UK

    Prohibited conduct

    The UK implements UNSC sanctions alongside its own autonomous sanctions regime.

    The nature and scope of the prohibitions depends on the particular regime, which can be geographical (e.g. Russia or Iran) or thematic (e.g. terrorism or human rights). However, the UK can impose the following types of sanctions measures:

    • financial sanctions, including asset freezes and restrictions on access to financial markets;
    • trade sanctions, including arms embargoes and other trade restrictions (e.g. import and export restrictions, and service restrictions);
    • director disqualification sanctions;
    • transport sanctions, including aircraft and shipping sanctions; and
    • immigration sanctions, often referred to as travel bans.

    The most common restrictions are asset freezes, which are a feature of most UK sanctions regimes. If a person (natural or legal) is ‘designated’ as the target of an asset freeze, it is prohibited to directly or indirectly:

    • deal with funds or economic resources held, owned or controlled by the designated person; or
    • make funds or economic resources to or for the benefit of the designated person.

    The effect of an asset freeze extends to entities owned or controlled by a designated person. ‘owned’ means holding more than 50% of shares or voting rights in another entity. ‘controlled’ has a much broader definition, which involves considering the extent to which the designated person could influence the affairs of another entity.

    The UK Sanctions List contains details of all persons subject to an asset freeze, as well as vessels which are subject to shipping sanctions.

    Extraterritorial reach

    The UK sanctions regime applies to:

    • any person (natural or legal) in respect of conduct in the UK; and
    • any UK person (ie a natural or legal person) anywhere in the world.

    It is government policy for UK sanctions measures to be given effect in the British Overseas Territories (e.g. Cayman Islands) and Crown Dependencies (e.g. Jersey). However, the means by which this is effected depends on the relevant jurisdiction.

    As an additional point, businesses outside the UK and the EU are becoming more attentive to the risk of being designated under UK or EU sanctions regimes for conduct that may be perceived as frustrating or undermining those regimes, even where the relevant activity has no direct territorial nexus to either jurisdiction.

    The UK sanctions regimes, notably in relation to Russia and Belarus, give the UK government broad powers to target parties with sanctions. In the context of Russia sanctions, the UK has used these powers to target parties in third countries that ordinarily are not subject to UK sanctions, and which the UK government deems form part of Russia’s military supply chain.

    Penalty

    Breaches of UK sanctions can result in criminal or civil penalties.

    A range of UK Government departments, agencies and regulators are responsible for enforcing UK sanctions, depending on the nature of the enforcement (civil or criminal) and the type of sanctions measure which has been breached (e.g. financial or trade).

    For civil enforcement, financial, transport and certain trade sanctions carry strict liability. This means the relevant enforcement body does not have to prove that a person had knowledge or reasonable cause to suspect they were in breach.

    Criminal investigations of trade sanctions may result in a compound settlement rather than criminal enforcement. Criminal enforcement action is used for the most serious or deliberate sanctions breaches. The maximum sentence on indictment is:

    • 7 years’ imprisonment, a fine or both for financial and transport sanctions breaches; and
    • 10 years for trade sanctions breaches.

     

    Jurisdiction: EU 

    Prohibited conduct

    Sanctions in the EU are often called ‘restrictive measures’ and are a tool of the EU’s Common Foreign and Security Policy (CFSP). The EU has the competence under the CFSP to adopt sanctions with direct and binding effect on all Member States.

    EU sanctions can generally target governments of non-EU countries, as well as companies, groups, organisations or individuals through the following measures:

    • arms embargoes;
    • restrictions on admission (travel bans);
    • asset freezes; and
    • other economic measures, such as restrictions on imports and exports.

    Since the start of Russia’s act of aggression against Ukraine in 2014 and the full scale invasion in 2022, the EU has implemented an extensive sanctions framework against Russia. Key measures include:

    • Asset freeze sanctions: targeting individuals and entities, including imposing asset freezes on goods held, owned, or controlled by them and a prohibition against making funds and economic resources available to listed persons; and
    • Trade related sanctions: targeting trade (export/import bans) and certain services, particularly in the energy and finance sectors.

    Extraterritorial reach

     The EU sanctions frameworks apply to:

    • any EU national, wherever they are in the world;
    • any company incorporated in or constituted under the laws of the EU or a Member State of the EU, irrespective of where their activities take place; and
    • any company in respect of any business done in the EU.

    The frameworks apply within any territory of the EU, including on board any aircraft or vessel under jurisdiction of a Member State.

    While the frameworks do not apply extraterritorially, recent measures have imposed extensive obligations on third country dealings, including:

    • oversight obligations over third country subsidiaries (on a ‘best efforts’ basis); and
    • contractual obligations (‘No-Russia clauses’) with respect to certain high risk goods.

    The EU-Russia and -Belarus sanctions regimes give the EU certain powers to target parties in third countries with sanctions if they are deemed to significantly frustrate, or facilitate the circumvention of, EU sanctions measures. The EU has used these powers to target suppliers, financial institutions, and other parties in third countries that are not bound by EU sanctions, and which the EU deems undermine the purpose and effectiveness of its sanctions on Russia.

    Penalty

    Standard of liability: intent or negligence for both compliance with prohibitions and anti-circumvention measures.

    General due diligence standard: For each operator to develop, implement, and routinely update an EU sanctions compliance program that reflects their individual business models, geographic areas of operations, and specificities and related risk-assessment regarding customers and staff.

    Enforcement: Member States are responsible for the implementation and enforcement of sanctions, leading to significant enforcement discrepancies.

    Recent harmonisation efforts by the EU seek to harmonise criminal penalty standards and enforcement coordination.

    Part B: Export and Trade Controls

    Australia's export/trade controls regime

    Australia’s export control laws restrict the export, supply, and transfer of defence and dual-use goods and technology consistent with Australia’s national interests and international obligations. Defence Export Controls (DEC), which sits within Defence, is the Commonwealth regulator for imports and exports of military and dual-use goods and technology within Australia and internationally.

    The DEC is responsible for assessing applications for, and issuing permits or licenses for, the export, supply, publication, or brokering of military and dual-use goods and technology listed on the Defence and Strategic Goods List (DSGL).

    The DSGL specifies the goods, software and technology controlled under Australian export control laws. It is divided into two parts:

    • Part 1 – Munitions List: Items specifically designed or modified for military use, including certain firearms, ammunition, commercial explosives, initiators, and other goods for military purposes, together with their parts and accessories.
    • Part 2 – Dual-Use List: Items generally used for commercial purposes but with potential military and weapons of mass destruction (WMD) application. Categories in the Dual-Use List include nuclear materials, electronics, computers, sensors and lasers, marine, and aerospace and propulsion.

    What types of conduct are prohibited?

    The principal legislation regulating export and trade controls in Australia includes the Customs Act 1901 (Cth), the Defence Trade Controls Act 2012 (Cth) and the Weapons of Mass Destruction (Prevention of Proliferation) Act 1995 (Cth). The types of conduct prohibited under these Acts include:

    • exporting, supplying, or arranging for others to supply DSGL goods;
    • supplying or arranging for others to supply DSGL technology;
    • providing DSGL services outside of Australia;
    • exporting goods not listed in the DSGL but which are otherwise subject to a prohibition notice; and
    • supplying goods or providing services which may assist or be used in a WMD program.

    Engaging in prohibited conduct can attract significant penalties. Careful consideration should be given to the potential application of the export controls regime when dealing with goods listed on the DSGL.

    Permits

    A permit application must be lodged with Defence to export, supply, publish, or broker goods listed under the DSGL. Reporting and compliance obligations must be observed. Applications for permits are submitted through an online portal called ‘My Australian Defence Export’.

    Under section 136.1 of the Criminal Code Act 1995 (Cth), any person who makes a false or misleading statement in an application for a permit or certificate commits an offence, punishable by a maximum penalty of 12 months’ imprisonment.

    Licence-free environment

    On 1 September 2024, a licence-free environment was established to promote defence collaboration between Australia, the United Kingdom, and the United States. This arrangement waives permit requirements for most DSGL goods, provided the following criteria are met:

    • the supply or provision is to an Australian, UK, or US citizen or permanent resident, corporation, or government or government authority;
    • the supply is to, or the services are received at, a place in Australia, the UK, or the US;
    • the DSGL goods/technology are not on the Australian Military Sales Program exclusion list;
    • the exporter or supplier is registered as an authorised user; and
    • Defence has been notified of the export or supply before the activity occurs.

    Part C: Risk and compliance management

    Tips for complying with sanctions and export/trade controls

    Businesses should ensure they have appropriate systems and controls in place to prevent, monitor, and detect potential breaches of the Australian Sanctions Laws and export and trade controls. This includes staying abreast of legal developments and any guidance issued by regulatory authorities on the application of these regimes.

    What constitutes a defensible compliance program will vary between businesses, depending on factors such as size, jurisdiction, and industry. It is therefore important that each business assesses its own risk profile and adopts a compliance program that is fit for purpose and adaptable having regard to that specific risk profile. Businesses should reconsider their systems and processes where there is a reconfiguration of business lines and/or M&A activity leads to the introduction of new businesses with differing risk profiles.

    Where the history or ownership of an asset is uncertain, due diligence should be conducted to identify the ownership structure. A person who holds an asset that they suspect may be a controlled asset may also request assistance from the AFP in determining whether the asset is owned or controlled by a designated person or entity. Any such request must be accompanied with the details of the asset and as much information as possible as at the time of the request.

    Alternatively, where the ownership structure is less complex, it may not be necessary to seek a determination from the AFP. However, if a view is formed that an asset is a controlled asset, or if an asset is subsequently no longer considered to be a controlled asset, the AFP must be informed accordingly.

    When considering designated persons or entities, it should be noted that the Minister may also designate immediate family members of a designated person.

    We provide further insights as to what a compliance program may include in the following table.

    Compliance tip

    Description

    Have a process for rapidly identifying and responding to changes to Australian sanctions regimes and export control regimes

    The detailed prohibitions under the Australian sanctions regimes change frequently and sometimes at short notice. Changes may include bans on new types of goods, services, or commercial activities, as well as the designation of new persons and entities under existing sanctions regimes. In more significant cases, an entirely new sanction regime may be introduced (for example, in response to the outbreak of a conflict between nations). Similarly, the DSGL is subject to frequent amendment.

    It is important that compliance systems include processes for rapidly identifying and responding to changes to obligations under the Australian Sanctions Laws and export and trade controls. These processes should operate in addition to regular reviews and updates of internal policies and standards.

    Monitor information provided by DFAT, the ASO and Defence

    DFAT maintains a mailing list for receiving updates on Australian sanctions laws, including updates to the Consolidated List. Subscribe to the mailing list here. The DSGL should also be monitored for any changes.

    Undertake upfront due diligence checks

    Businesses should undertake thorough due diligence checks on customers, suppliers, and other third parties to determine whether a proposed transaction, activity, or operation has a connection to a country, person, or entity subject to an Australian sanctions regime (or sanctions regime of other relevant jurisdictions), and/or whether any goods involved are captured by the DSGL (where applicable).

    The due diligence process should include cross-checking the parties involved in a proposed transaction, activity, or operation against the Consolidated List, as well as the sanctions lists of other potentially relevant jurisdictions, such as the United States, the United Kingdom, and the European Union. Goods should also be cross-checked against the DSGL. In addition, contractual terms should be reviewed when engaging third parties to minimise liability and risk exposure. Where the history or ownership of an asset is uncertain, the due diligence process should also include identifying the ownership structure.

    Undertake ongoing due diligence checks

    It is also important for businesses to undertake ongoing due diligence in relation to transactions, activities, or operations they are already conducting. Ongoing due diligence checks should include monitoring and auditing transactions to identify the source and beneficiaries of any funds. This is because a country, person, or entity that was not previously subject to an Australian sanctions regime may become so, and businesses may need to cease undertaking the relevant activity (or apply for a permit).

    In addition, assets held by a company on behalf of another person or entity may become subject to an “asset freeze” if that person or entity is sanctioned. In such circumstances, the assets may not be dealt with, including by the business holding them.

    Conduct regular audits

    Businesses should conduct regular audits of their activities to assess compliance with the Australian Sanctions Laws and export and trade controls. This may include random audits of different transactions and/or areas of the business’ activities or operations. Businesses should also be mindful of restrictions that may affect marketing or other pre-transaction activity.

    Conduct risk assessments

    Businesses should conduct risk assessments in relation to the jurisdictions and sectors in which they operate. Risk assessments should also extend to the business’ corporate structure, to enable an understanding of potential liabilities that may arise from the conduct of a parent company or subsidiary. Further risk assessments should be conducted where there has been business reorganisation or M&A activity leading to the introduction of differing risk profiles. Risk assessment results should be used to inform the design of policies, procedures and controls to ensure compliance.

    Exercise particular caution when undertaking permitted activities in relation to sanctioned countries, persons or entities

    Certain types of activities may be permitted under an Australian sanctions regime notwithstanding their involvement of a sanctioned country, person, or entity. For example, certain commercial activities in sanctioned countries may not be prohibited.

    When undertaking such activities, it is important to carefully and continuously monitor any changes to the applicable sanctions regime and to ensure the business can rapidly respond to any changes, including by ceasing the relevant activity. Contracts should include appropriate provisions to address this possibility.

    Ensure compliance of officers and employees

    New officers and employees should be screened during the onboarding process. Sanctions and export and trade controls compliance training should be provided to officers and employees on an ongoing basis to ensure they understand their role in complying with the Australian Sanctions Laws and export and trade controls. Ensure officers and employees are aware of clear escalation pathways for queries that arise across the organisation.

    What to do if you encounter a problem

    If officers or employees identify a potential issue, it is important they act promptly and seek legal advice. Subject to that advice and the particular circumstances, one or more of the following steps may be appropriate:

    • investigate and scope the issue;
    • rectify the issue and develop a solution to prevent recurrence;
    • address the conduct of any employees and cease the relevant activity;
    • consider whether the issue needs to be reported to relevant authorities;
    • formulate a strategy for internal and external communications, managing regulators, and mitigating litigation risk;
    • implement, strengthen, and integrate compliance policies and programmes to reduce the risk of recurrence; and
    • ensure accurate records are maintained of the steps taken in response to the issue.

    1. This diagram is a modified form of the original obtained from https://www.dfat.gov.au/international-relations/security/sanctions/about-sanctions by the Department of Foreign Affairs and Trade website - www.dfat.gov.au and is provided under a Creative Commons Attribution 4.0 International licence (https://creativecommons.org/licenses/by/4.0/), with the relevant licence terms available at: https://creativecommons.org/licenses/by/4.0/legalcode.
    2. These figures are accurate as at the date of this quickguide. The penalty unit amount is expected to increase from 1 July 2026.

    Other authors: Alexander Dmitrenko, Partner; Vicki Tang, Senior Associate; Claus Zimmermann, Partner; Tom Cummins, Senior Counsel; Sophie Law, Counsel; Nina Schwartz, Associate; Sean Lee, Trainee Solicitor; Caitlin Terrey, Associate; Laura Le, Associate; Jade Rice, Associate; Jasmine Xu, Associate and Jacqui Turner, Associate.

    Ashurst is a global law firm. The Ashurst Group comprises Ashurst LLP, Ashurst Australia and their respective affiliates (including independent local partnerships, companies or other entities) which are authorised to use the name "Ashurst" or describe themselves as being affiliated with Ashurst. Some members of the Ashurst Group are limited liability entities.

    Ashurst Risk Advisory Pty Ltd is a proprietary company registered in Australia and trading under ABN 74 996 309 133. The services provided by Ashurst Risk Advisory Pty Ltd do not constitute legal services or legal advice, and are not provided by Australian legal practitioners in that capacity. The laws and regulations which govern the provision of legal services in the relevant jurisdiction do not apply to the provision of non-legal services.For more information about the Ashurst Group, which Ashurst Group entity operates in a particular country and the services offered, please visit www.ashurst.com.

    This material is current as at 21 May 2026 but does not take into account any developments after that date. It is not intended to be a comprehensive review of all developments in the law or in practice, or to cover all aspects of those referred to, and does not constitute professional advice.

    The information provided is general in nature, and does not take into account and is not intended to apply to any specific issues or circumstances. Readers should take independent advice.No part of this publication may be reproduced by any process without prior written permission from Ashurst. While we use reasonable skill and care in the preparation of this material, we accept no liability for use of and reliance upon it by any person.

    Key Contacts