Geo-Targeted Cyber Sanctions Targeting Businesses Likely to Reshape Global Operations

• August 2024: the US sanctioned around 400 individuals and entities across 17 countries for supplying advanced technology to Russia. These actions required companies to reassess their relationships with third-party vendors, update their compliance programs to mitigate potential compliance risks, and take other similar actions.
• March 2025: the US sanctioned a Chinese cyber firm for activities affecting networks across North America, Europe, Africa, and Asia. The measure demonstrates the operational challenge of ensuring that international business activities are secure and compliant when working with partners, vendors, customers, and other relevant stakeholders.
• September 2025: China sanctioned six US defense and technology companies, citing alleged military-technical concerns with Taiwan. The measure limited their ability to trade and operate within Chinese markets.

The prevalence of geo-targeted cyber sanctions is prompting businesses to adjust their risk management strategies. Some firms have invested in modular cloud deployments in multiple jurisdictions and decentralized data storage to keep systems running. Other companies are relying on flexible contractual terms, widening supplier networks, improving compliance frameworks, and improving local partnerships to manage disparate local regulations. To secure their operations and prevent inadvertent violations of law, businesses should ensure adequate investments in basic measures, such as endpoint protection and secure communications, to secure their operations and prevent inadvertent law violations.
 

• Diversify supply chains geographically, reducing dependencies on single vendors to maintain business continuity.
• Account for updates to sanctions lists, export controls, and similar requirements from major governments.
• Proactively run realistic scenario analyses for sudden restrictions or enforcement actions when planning operations.
• Enhance employee training in compliance and cybersecurity practices.
• Conduct regular internal and third-party audits as required. 

The expanded use of geo-targeted cyber sanctions will increasingly affect how multinational businesses operate internationally, especially in the critical infrastructure sectors. Firms that approach these challenges methodically and proactively will be better able to operate effectively worldwide.

Learn more about leveraging our industry-leading regional and subject matter experts for insights that help your organization proactively mitigate risks to your people and operations.