The European Commission is done playing whack-a-mole with Russian crypto exchanges. In its 20th sanctions package, presented by Commission President Ursula von der Leyen on February 6, the EU has proposed a blanket prohibition on all cryptocurrency transactions between EU residents and any Russia-based counterparty. As of February 16, 2026, the proposal awaits unanimous approval from all 27 member states, with adoption targeted for February 24, the fourth anniversary of Russia's full-scale invasion of Ukraine.
The shift from targeted listings to a total ban marks one of the most aggressive regulatory moves against crypto in the bloc's history, and it was triggered by a single ruble-backed stablecoin that regulators could not shut down.
The A7A5 Problem That Broke the Old Playbook
For three years, the EU's approach to Russian crypto sanctions followed a familiar pattern: identify a sanctioned exchange, freeze its assets, and move on. Garantex, once Russia's largest exchange, was seized in March 2025, with roughly $26 million confiscated. Within weeks, successor platforms emerged. Grinex, A7, A71, and A7 Agent all sprang up to fill the void, rendering the enforcement action a speed bump rather than a roadblock.
Then came A7A5. Launched in January 2025, this ruble-backed stablecoin was purpose-built for the sanctions-evasion economy. By January 2026, it had processed over $100 billion in cumulative transaction volume. At its peak, daily volume reached $1.5 billion. The A7 platform behind it operated cash access hubs in Dubai and Istanbul serving Russian tourists, and facilitated business payments reaching into China.
The EU sanctioned A7A5 in October 2025. The United States designated it in August 2025. Daily volume did drop, falling to roughly $500 million by early 2026. But the user base told a different story: it grew from 14,000 to 35,500 accounts during the same period. The sanctions were making A7A5 harder to use at scale, not impossible.
TRM Labs' Ari Redbord described the ecosystem as "purpose-built for sanctions evasion, operating as bespoke financial plumbing for Russia-aligned actors."
Why the Commission Abandoned Surgical Strikes
An internal Commission document obtained by the Financial Times explains the logic behind the shift: "Each further listing of individual crypto-asset service providers would likely lead to the creation of new providers to circumvent these sanctions."
The old approach was structural futility. Spin up an exchange, get sanctioned, rebrand, repeat. The 20th package addresses this by prohibiting "contact with any crypto-asset service provider established in Russia," regardless of whether that specific provider has been individually sanctioned. It also extends the ban to Russia's planned central bank digital currency, the digital ruble, which is scheduled for mass rollout beginning September 2026.
The approach is not surgical. It is a wall. And it relies on the EU's existing regulatory infrastructure to make that wall enforceable.
MiCA, DAC8, and DORA Form the Enforcement Backbone
Three regulatory frameworks that went live between 2024 and 2026 give this blanket ban teeth that previous sanctions lacked.
MiCA (Markets in Crypto-Assets), fully applicable since December 2024, already requires all licensed crypto-asset service providers in the EU to screen transactions against sanctions lists. A blanket Russia ban simplifies this: instead of checking individual entities, providers must block any transaction where the counterparty is Russia-based.
DAC8, the EU's crypto tax transparency directive effective January 2026, mandates that crypto service providers report user transaction data to tax authorities. This creates an audit trail that makes post-hoc enforcement possible even if a transaction slips through initial screening.
DORA (Digital Operational Resilience Act), effective since January 2025, imposes IT security and operational standards on regulated firms that handle digital assets. Together, these three frameworks create the compliance plumbing that the 2022 and 2023 sanctions packages lacked.
For crypto card issuers operating in the EU, the practical impact is clear: any card transaction that routes through a Russia-based service provider, even indirectly, could trigger a compliance violation. Crypto card providers in the EU will need to verify their entire settlement chain.
The Kyrgyzstan Connection and the Circumvention Arms Race
The 20th package does not stop at crypto. For the first time, the EU deployed its anti-circumvention instrument against Kyrgyzstan, banning exports of CNC machines and radio equipment to the Central Asian country after evidence emerged that it had become a key transit point for sanctioned goods.
The numbers are stark. EU exports of dual-use goods to Kyrgyzstan surged 800% since the invasion began. Kyrgyz exports to Russia jumped 1,200% over the same period. A Kyrgyz company called TengriCoin, which traded in A7A5, faces blacklisting.
This geographic expansion signals that the EU is not just going after the crypto rails. It is targeting the physical infrastructure of sanctions evasion, from blockchain networks to shipping routes to machine tool supply chains.
What This Means for EU Crypto Users and Card Holders
For the roughly 30 million Europeans who hold or transact in crypto, the ban introduces new compliance friction at every regulated touchpoint.
Exchange users will likely see enhanced KYC screening for any transaction flagged as potentially Russia-linked. Exchanges like Binance, OKX, and Kraken operating in the EU already screen against sanctions lists under MiCA, but a blanket ban expands the scope from known sanctioned entities to any Russia-based counterparty.
Crypto card holders face a more nuanced impact. Cards issued by EU-regulated providers, including those from Crypto.com and Bitpanda, should see minimal disruption since their transaction flows do not route through Russian infrastructure. But users who fund their self-custody cards from wallets that have interacted with sanctioned addresses could face frozen transactions or compliance holds.
DeFi users present the hardest enforcement question. Decentralized protocols do not have a compliance department. The ban targets "crypto-asset service providers," which under MiCA's definitions means centralized, licensed entities. Pure smart contract interactions without an intermediary may fall outside the ban's direct scope, though any on-ramp or off-ramp back to fiat, including stablecoin spending cards, would trigger the screening obligation.
Three Holdouts Could Derail the February 24 Deadline
The package requires unanimous approval from all 27 EU member states. Three countries have already raised concerns, though their identities have not been publicly confirmed. The diplomatic timeline is tight: adoption is scheduled for February 24 to coincide with the invasion anniversary, a politically symbolic deadline that Brussels has used for previous sanctions packages.
If the three holdouts extract concessions, the crypto provisions could be watered down, delayed, or carved out from the broader package. But the momentum is clearly toward adoption. The European Parliament has been vocal about closing crypto loopholes, and the Commission's internal assessment suggests that a blanket approach is the only viable strategy.
Enforcement will remain imperfect. Experts across the industry acknowledge that intermediaries, shell companies, and third-country brokers will continue to facilitate some flows. But the goal is not elimination. It is friction. Every compliance layer that raises the cost and complexity of sanctions evasion makes the alternative, legitimate financial channels, relatively more attractive.
FAQ
Does this ban affect all crypto users in the EU? Only transactions involving a Russia-based counterparty. EU-to-EU transactions and transactions with non-Russian entities are unaffected. However, enhanced screening may cause brief delays at regulated chokepoints.
What happens to Nexo and other Eastern European crypto firms? Nexo is based in Bulgaria and is an EU member state. Being Eastern European does not make a firm Russian. Nexo and similar firms will need to demonstrate their compliance screening meets the new blanket ban requirements, but they are not targets of the ban itself.
Can DeFi transactions bypass this ban? Pure on-chain transactions between non-custodial wallets are difficult to enforce against directly. However, any interaction with a licensed EU service provider (exchanges, card issuers, fiat on/off-ramps) triggers the screening obligation.
When does this take effect? Adoption is targeted for February 24, 2026. Implementation timelines for specific provisions may vary, but the crypto ban is expected to be effective immediately upon adoption.
Overview
The EU's 20th sanctions package proposes the most aggressive crypto restriction in European history: a blanket ban on all cryptocurrency transactions with Russia-based entities. Triggered by the A7A5 stablecoin's $100 billion in sanctions-evasion flows, the ban abandons the old approach of targeting individual exchanges (which simply rebrand) in favor of cutting off the entire country. Backed by MiCA, DAC8, and DORA enforcement infrastructure, the ban targets February 24 for adoption but faces pushback from three unnamed member states. EU crypto card holders and exchange users will face enhanced screening, while DeFi transactions present an unresolved enforcement gap.
Recommended Reading
- OKX Secures EU Payments Institution License in Malta, Clearing the Path for Stablecoin Card Expansion Across 28 Countries
- Crypto Funds Bleed for a Fourth Straight Week as $3.7 Billion Exits, but Europe and Altcoins Tell a Different Story
- The UK FCA Drags HTX to High Court in Its First-Ever Crypto Promotions Enforcement Action
