EU Sanctions DD WHY.1: End-User and End-Use Disclosure
What This Control Requires
Has the counterparty disclosed the final end-user and end-use for all goods, services, or technology?
In Plain Language
Refusal or reluctance to disclose end-use or end-user information is a documented EU red flag. The EU Sanctions Compliance Helpdesk identifies this pattern clearly: legitimate buyers have no reason to hide who will use the product and how.
This control requires that for all sales of controlled, dual-use, or high-value items, you know who the final user is and what they will do with the product. 'I cannot tell you' or 'that is confidential' is not an acceptable answer when sanctions compliance is at stake.
In M&A scenarios, this translates to understanding the target company's customer base: who are the end-users of the target's products, and are any of them designated persons or located in sanctioned territories?
How to Implement
For all sales of controlled, dual-use, or high-value items, require a signed End-User Statement or End-Use Certificate specifying:
1. The final end-user - full legal name, registered address, and country 2. The intended end-use - specific application, project, or purpose (not generic statements like 'general use') 3. A commitment not to re-export to restricted destinations without your prior written consent 4. An acknowledgment of the sanctions compliance obligations
If the customer refuses to provide this information or provides vague responses ('various applications', 'multiple end-users'), treat this as a strong red flag that should trigger escalation to compliance. Do not proceed with the transaction until the information is provided and verified.
For products with dual-use potential, verify that the stated end-use is consistent with the end-user's business profile. A research institute ordering communications equipment makes sense; a bakery ordering the same equipment does not.
In M&A scenarios, require the target to provide a breakdown of customers by end-use and end-user to assess inherited sanctions exposure. Classify each customer relationship by risk level based on the end-user profile and destination.
Evidence Your Auditor Will Request
- End-User Statements or End-Use Certificates for controlled and high-value transactions
- Records of end-use verification: cross-referencing stated use against end-user profile
- Escalation records for cases where end-use disclosure was refused or inadequate
- M&A due diligence records showing end-user analysis of target's customer base
- Process documentation for end-use verification as part of the sales workflow
Common Mistakes
- Not requesting end-use information for transactions outside formal export control licensing
- Accepting generic end-use statements ('general industrial use') without specifics
- Failing to verify that stated end-use is consistent with the end-user's business profile
- Not requiring end-use certificates for transactions through intermediaries and resellers
- Proceeding with transactions despite refusal to provide end-user information
Related Controls Across Frameworks
| Framework | Control ID | Relationship |
|---|---|---|
| EU Sanctions DD | EU Sanctions DD WHY.2 (related mapping) | Related |
| EU Sanctions DD | EU Sanctions DD WHAT.1 (related mapping) | Related |
| EU Sanctions DD | EU Sanctions DD WHAT.4 (related mapping) | Related |
Frequently Asked Questions
Do we need end-use certificates for every transaction?
What if the customer claims end-user information is commercially confidential?
How do we verify end-use statements?
Track EU Sanctions DD compliance in one place
AuditFront helps you manage every EU Sanctions DD control, collect evidence, and stay audit-ready.
Start Free Assessment