EU Sanctions DD WHAT.1: Restricted Goods and Dual-Use Classification
What This Control Requires
Do any goods, software, or technologies involved fall on EU restricted lists (Annexes to Regulation 833/2014 or dual-use lists)?
In Plain Language
EU sanctions prohibit the sale, supply, transfer, or export of specific goods and technologies to sanctioned destinations. This covers two main regulatory frameworks working in parallel.
First, the country-specific sanctions: the Annexes to Regulation 833/2014 (Russia) list specific industrial equipment, electronics, and technologies that cannot be exported to Russia. Similar lists exist for other sanctioned states.
Second, the EU Dual-Use Regulation 2021/821 controls items that have both civilian and military applications - including advanced electronics, telecommunications equipment, information security products, sensors, lasers, and navigation equipment.
For software and SaaS companies, this is not just about physical goods. Software with encryption capabilities, surveillance features, or monitoring tools may be classified as dual-use items requiring export licences.
How to Implement
Cross-reference all products and technologies against the Annexes to Regulation 833/2014 and the EU Dual-Use Regulation 2021/821.
Pay special attention to: - Electronics and semiconductors - Telecommunications equipment - Information security products (encryption, cybersecurity tools) - Sensors, lasers, and navigation equipment - Marine and aerospace items and components - Software or technology for developing any of the above - Industrial machinery and manufacturing equipment - Oil and gas exploration technology
For software and SaaS companies: check if your product has encryption, surveillance, intrusion, or monitoring capabilities that could be classified as dual-use. Cloud services delivered to end-users in sanctioned territories may constitute a prohibited 'transfer of technology.'
Use the EU Dual-Use Trade Control online tool and the Annexes published in the Official Journal for classification. When in doubt, consult your national export control authority - they provide free classification guidance.
Document all classification decisions, including items determined not to be controlled, with the reasoning for each determination.
Evidence Your Auditor Will Request
- Product classification records against Regulation 833/2014 Annexes and Regulation 2021/821
- Assessment of software and technology for dual-use characteristics (encryption, surveillance)
- Classification decisions documented with regulatory references and reasoning
- Consultation records with national export control authority where classification was uncertain
- Licence applications and approvals for any controlled items identified
Common Mistakes
- Not classifying software and SaaS products against dual-use lists - treating them as 'just software'
- Using outdated Annexes rather than the current consolidated version after amendments
- Failing to consider catch-all provisions that apply even to non-listed items when the end-use is suspect
- No formal classification process - relying on informal knowledge rather than documented analysis
- Ignoring 'technology' and 'software' entries on control lists that apply beyond physical goods
Related Controls Across Frameworks
| Framework | Control ID | Relationship |
|---|---|---|
| EU Sanctions DD | EU Sanctions DD WHAT.2 (related mapping) | Related |
| EU Sanctions DD | EU Sanctions DD WHY.1 (related mapping) | Related |
| EU Sanctions DD | EU Sanctions DD GEO.1 (related mapping) | Related |
Frequently Asked Questions
Does the dual-use regulation apply to software companies?
What is the catch-all provision?
How often are the restricted goods lists updated?
Track EU Sanctions DD compliance in one place
AuditFront helps you manage every EU Sanctions DD control, collect evidence, and stay audit-ready.
Start Free Assessment