Used Services and Cookies

Our website uses cookies to enhance your user experience. Some cookies are essential for the operation and management of the site, while others are used for anonymous statistics or personalized content. Please note that limiting cookie use may impair certain functions of the website.

More information: Imprint, Data protection

Essential cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website or, for example, saving your cookie settings. The website cannot function properly without these cookies. This category cannot be deactivated.
  • Name:
    ukie_a_cookie_consent_manager
  • Domain:
    blomstein.com
  • Purpose:
    Stores the cookie preferences of website visitors.
  • Name:
    blomstein_session
  • Domain:
    blomstein.com
  • Purpose:
    The session cookie is essential for the basic functioning of the website. It allows users to navigate through the site and use its basic features.
  • Name:
    XSRF-TOKEN
  • Domain:
    blomstein.com
  • Purpose:
    This cookie serves security purposes and aids in preventing Cross-Site Request Forgery (CSRF) attacks. It is a technical necessity.
These cookies collect information about how you use a website, e.g. which pages you have visited and which links you have clicked on.
  • Name:
    _ga
  • Domain:
    blomstein.com
  • Purpose:
    The Google Analytics cookie _ga is used to distinguish users by assigning a unique identification number to each visitor. This number is sent to Google Analytics each time a page is accessed in order to collect user, session and campaign data and to statistically evaluate the use of the website. The cookie helps website operators to understand how visitors interact with the website by collecting information anonymously and generating reports.
  • Name:
    _ga_*
  • Domain:
    blomstein.com
  • Purpose:
    The _ga_[container_id] cookie, specific to Google Analytics 4 (GA4), is used to distinguish website visitors by assigning a unique ID for each session and each user. It enables the collection and analysis of data on user behavior on the website in anonymized form. This includes tracking page views, interactions and the path users take on the website to give website operators deeper insights into the use of their site and improve the user experience.
  • Name:
    _gid
  • Domain:
    blomstein.com
  • Purpose:
    The _gid cookie is a cookie set by Google Analytics that is used to distinguish users. It assigns a unique identification number to each visitor to the website, which is sent to Google Analytics each time the page is accessed. This makes it possible to track and analyze user behavior on the website over a period of 24 hours.
  • Name:
    _gat_gtag_UA_77241503_1
  • Domain:
    blomstein.com
  • Purpose:
    The _gat_gtag_UA_77241503_1 cookie is part of Google Analytics and Google Tag Manager and is used to throttle the request rate, i.e. it limits data collection on high traffic websites. This cookie is linked to a specific Google Analytics property ID (in this case UA-77241503-1), which means that it is used for performance monitoring and control of data collection for that specific website property.

Sanctions 101

A Survival Guide for IT and Software Companies

Over the summer, not only the EU has tightened its sanctions against Russia and Belarus (see our previous briefings here and here). The US has also imposed additional restrictions with a particular focus on certain hardware, software, and services (see, e.g., here and here). However, many of these new US restrictions have been part of the EU sanctions in one form or another for some time now. Still, it is often overlooked that these restrictions have a significant impact on IT and software products and can affect business relationships with customers outside of Russia and Belarus.

It is important that companies, not just those based in the EU, assess whether they are affected by EU sanctions. While any EU person or company must comply with EU restrictive measures wherever they operate, non-EU companies may also be subject to EU restrictive measures. This is the case if they operate from within the EU or if individual transactions are at least partly done in the EU (see Article 13 of Regulation (EU) No 833/2014, as amended (Regulation 833/2014) and Article 10 of Regulation (EC) No 765/2006, as amended (Regulation 765/2006)). The mere existence of servers located in the EU may not be sufficient to trigger the application of EU sanctions law. But if there are other connecting elements, third-country companies should be wary of the application of EU sanctions law and closely analyse the following restrictions in particular:

  • Prohibitions apply to the sale, supply, transfer and export of a wide range of hardware to anyone or for use in Russia and Belarus. This includes, e.g., encryption equipment, servers, computers, laptops, and electronic components (see Articles 2, 2a, and 3k Regulation 833/2014 and Articles 1e, 1f, and 1bb Regulation 765/2006).

  • Trade restrictions also apply to specific software. Importantly, these restrictions concern not only the export of such software, but also other forms of provisioning, including the granting of access through cloud platforms. These restrictions concern:

    Dual-use software under Dual-use Regulation (EU) 2021/821, as amended, such as software with encryption functionality controlled as 5D002 (which correlates with ECCN 5D002 under US export control law) (see Article 2 Regulation 833/2014 and Article 1e Regulation 765/2006),

    mass-market encryption software, classified under US law as ECCN 5D992, which encompasses several off-the-shelf software products (see Article 2a of Regulation 833/2014 and Article 1f Regulation 765/2006),

    enterprise management software and industrial design and manufacture software, which covers a wide range of software products, such as enterprise resource planning, customer relationship management, supply chain management or enterprise data warehouse software as well as, for example, computer-aided design or engineer-to-order software (see Article 5n (2b) Regulation 833/2014 and Article 1jc (4) Regulation 765/2006).

  • Restrictions are also imposed on the provision of IT services, namely

    technical assistance and other services related to sanctioned software or hardware (which may include after-sales services for software provided to Russian or Belarussian customers prior to the Russian aggression) and

    IT consultancy services, covering a wide array of activities, such as consultancy related to the installation of computer hardware or to the development and implementation of software (see Article 5n (2) Regulation 833/2014 and Article 1jc (2) Regulation 765/2006).

The scope of these prohibitions is not uniform and requires close legal analysis. For example, the prohibitions on hardware and encryption software concern transactions with anyone or for use in Russia or Belarus. In contrast, the prohibitions on enterprise management software and IT consulting services apply only with respect to the Russian government and Russian companies, whereas, in case of Belarus, the scope is primarily limited to Belarussian public entities as well as to persons acting on behalf of or at the direction of such entities. The relevant exemptions and the ability to obtain an authorisation from the relevant authorities also differ depending on the prohibition in question.

An important element common to all prohibitions is that they cover not only direct but also indirect constellations. Thus, the supply of software to non-Russian and non-Belarussian third-country or even EU customers may be restricted if the hardware, software or service is subsequently made available to restricted recipients in Russia or Belarus. Companies should therefore ensure that their direct customers do not provide access to their products and services from these countries. They should be particularly sensitive if their direct customers have customers or subsidiaries in Russia or Belarus, or are themselves subsidiaries of a Russian or Belarusian parent. In such a case, operators should make sure that their products or services do not (also) benefit a company based in Russia or Belarus. It is advisable to address this issue contractually and, depending on the risk profile of each case, to put in place technical safeguards such as geofencing.

At BLOMSTEIN, we have extensive experience in assisting EU and non-EU IT and software companies navigate the EU restrictions. Please do not hesitate to contact Florian Wolf or Tobias Ackermann, who will be happy to assist you with your questions.