The proposed rule would give the Commission authority to designate whole crypto sectors by geography rather than by individual firm or platform. Under the framework, any country that habitually provides infrastructure for Russian sanctions evasion could face a blanket ban covering every crypto service operating from its territory. European Commission President Ursula von der Leyen described the move as a deterrent aimed squarely at countries hosting platforms that help Russia evade sanctions: "For the first time, we will introduce the possibility of a full third-country ban for crypto-asset services. It will act as a strong deterrent for the countries hosting platforms that help Russia evade our sanctions."

The broader 21st package also targets 31 additional Russian banks, 20 third-country financial entities, crypto firms, and oil traders, and more than 170 entities in total, including drone component suppliers based in China, India, and Turkey.

From Entity Lists to Geographic Exclusion

The proposal marks a deliberate shift in strategy. The EU's previous approach, adding individual exchanges and wallets to designation lists, proved ineffective because new platforms kept appearing to replace banned ones. The Commission itself acknowledged the problem in the documentation accompanying the 20th package, adopted in April 2026: "Further listing of individual crypto asset service providers is likely to result in the set-up of new ones to circumvent those listings."

The 20th package, which took effect on May 24, 2026, already represented the most aggressive crypto enforcement the bloc had undertaken. It imposed a total sectoral ban on transactions with any crypto-asset service provider established in Russia or Belarus, and it banned three specific instruments: the RUBx stablecoin, the Russian central bank digital currency known as the digital ruble, and the Belarusian digital ruble. The digital ruble ban was explicitly preemptive; Russia had planned a mass rollout of the CBDC in September 2026.

That enforcement architecture rests on the foundation of MiCA, the EU's Markets in Crypto-Assets regulation, which reached full applicability in December 2024 and already requires EU-licensed crypto-asset service providers to meet ongoing compliance obligations. The 21st package and the Anti-Money Laundering Regulation discussed below both build on that baseline.

A7A5 and the Evasion Architecture

The clearest example of what the EU is trying to dismantle is the A7A5 stablecoin, a ruble-backed token registered under Kyrgyz law and designed to connect sanctioned Russian businesses to the global financial system. On-chain data shows A7A5 has processed more than $119.7 billion in cumulative transactions, reaching peak daily volumes of $1.5 billion before sanctions pressure brought that figure down to roughly $500 million per day. Russia is estimated to have moved approximately $11 billion in international crypto trade over the past year through corridors like this one.

The pattern of platform replacement is well documented. After US authorities seized Garantex in March 2025 and froze $26 million in assets, funds shifted rapidly to Grinex, a successor exchange that used A7A5 as a bridging mechanism. Grinex was sanctioned by OFAC in March 2025, by the UK in August 2025, and by the EU in October 2025, before finally halting operations in April 2026. Other platforms analysts have flagged include Bitpapa, ABCeX, Rapira, Aifory Pro, and the broader A7 group ecosystem, which issues PSB cards, virtual debit cards, and promissory notes and is architecturally linked to A7A5 by name and function.

Kyrgyzstan as the Template Case

Kyrgyzstan became the first country to draw targeted EU action under the anti-circumvention framework through a sequence of escalating designations. A7A5 was designated under the 19th sanctions package in November 2025. Five months later, under the 20th package adopted in April 2026, the exchange TengriCoin (Meer.kg) was individually sanctioned, extending the EU's reach to cover the broader Kyrgyz infrastructure facilitating Russian evasion.

A7A5 had appeared as a platinum sponsor at TOKEN2049 Singapore in October 2025, just weeks before the EU formally designated it under the 19th sanctions package in November 2025, underscoring how openly the platform was operating even as its role in sanctions evasion was drawing regulatory attention.

Elliptic analysts noted the significance in May 2026: "The Kyrgyzstani exchange designation is a landmark moment: it demonstrates that third-country VASPs facilitating Russian state-adjacent crypto instruments are firmly in scope of European sanctions, regardless of where they are incorporated."

The signal extends across the region. Exchanges operating in Kazakhstan, Uzbekistan, Armenia, and Georgia that facilitate Russian capital flows now face direct designation exposure under EU rules. Turkey, named in the 21st package entity list as a source of drone component suppliers, also faces elevated scrutiny given its documented role as a major transit corridor for Russian trade, a position that sits in tension with both its EU candidacy and its NATO membership. In Africa, Russia has built crypto payment channels across Niger, Nigeria, and Zimbabwe to move funds outside dollar-based systems. For Nigerian and Zimbabwean crypto businesses with European exposure, compliance risk is now structurally elevated. In South Asia and Southeast Africa, the 21st package entity list names suppliers in India and China directly, and A7A5-linked addresses have been traced to firms procuring electronics and shipping services for Russian use.

What Comes Next

The 21st package still requires unanimous approval from all 27 EU member states before it takes force, a threshold that has historically been complicated by Hungary's resistance to Russia-related measures. If it passes, it will sit alongside the EU's Anti-Money Laundering Regulation for crypto-asset service providers, which takes effect on July 10, 2027, and will impose harmonized screening obligations on any exchange serving European users regardless of where that exchange is domiciled. For exchanges from Lagos to Karachi with any European exposure, the window to assess and restructure compliance programs is narrowing.