EU AI Act and EU Sanctions Intensify Pressure on Russian SaaS Companies in Europe

European and Russian approaches to AI regulation almost synchronously reached a new stage. For Russian SaaS and B2B companies selling products in the EU, this means not one set of rules, but two simultaneously—on top of already-existing sanctions.

Dates and context

On March 13, 2026, the EU Council agreed on its position regarding the Digital Omnibus on AI—a package designed to simplify the application of EU AI Act rules. Just five days later, on March 18, Russia saw a draft federal law "On the Fundamentals of State Regulation of the Application of Artificial Intelligence Technologies." The gap between these dates is only five days, but for the market, this is more important than symbolism: in both the EU and Russia, AI regulation is moving from the stage of general declarations to a more applied legal framework.

For companies operating across both jurisdictions, the problem extends beyond reading new documents. European regulation already overlaps with the EU's sanctions regime against Russia. According to the description, since December 2023, there has been a ban on supplying corporate software to Russia, and since November 2025—a ban on providing AI services.

As a result, businesses must consider not only what the AI law allows or forbids, but also whether it is legally possible at all to maintain the required business model, infrastructure access, and service chain.

Where the barrier lies for business

The EU AI Act is important not only for European developers. Its logic is extraterritorial: if a product reaches the EU market or affects users and customers in Europe, requirements may apply to a company outside the union. This means a mandatory assessment of how exactly AI components are embedded in the product, whether they fall into risk categories, and what documents, control processes, and internal policies need to be prepared in advance.

It is difficult to ignore this because the maximum fines are stated at the level of 35 million euros. For Russian SaaS and B2B exporters, this becomes a separate product and sales management circuit. This is no longer about a formal checkmark on a checklist, but a series of decisions that affect the roadmap, deal structure, and customer support.

It is at this stage that many companies realize that the usual export scheme no longer works.

The minimum set of questions that business will need to address before actively engaging with the EU market looks like this:

• verify whether the service falls under the scope of the EU AI Act
• determine the risk class of AI functions and usage scenarios
• match regulatory requirements with existing EU sanctions
• separate contracts, infrastructure, and service delivery by jurisdiction
• include ongoing compliance costs in the budget, not just a one-time audit

In practice, this is no longer a task for lawyers alone. Decisions will need to be made by product teams, sales departments, architects, and those responsible for model selection, hosting, and customer contracts. The same function can look commercially attractive but turn out to be too expensive or risky to maintain if it requires separate classification procedures, additional documents, or suppliers with which it is no longer possible to work from Russia.

Two legal logics

The main difficulty is that the EU and Russia approach the AI topic with different philosophies. The European model is built around risk assessment, extraterritorial application, and strict liability for rule violations. The Russian draft law, judging by its wording, sets basic principles for state regulation of AI application within the country.

For business, this means that one cannot prepare a single universal package of documents and consider the task closed: requirements, regulatory language, and practical consequences will differ. Because of this, companies operating at the intersection of two regimes face not just more paperwork. They confront the question of whether it is possible at all to maintain a unified product, legal, and operational scheme for all markets.

If sanctions restrict access to AI services, and the EU AI Act requires additional classification and control, then the decision to enter Europe becomes not only commercial but also structural. Sometimes it is cheaper and safer to separate the circuits in advance than to try to service everything from a single point.

What this means

For Russian AI companies and SaaS exporters, the EU stops being simply a market with strict rules. It becomes a space where one must simultaneously pass through the sanctions filter, meet EU AI Act requirements, and adjust to future Russian regulation. Therefore, the question of exporting an AI product to Europe now begins not with sales and marketing, but with checking what delivery scenarios remain legally and operationally viable for the business.