Italy -- Sanctions Compliance Regulatory Overview

Italy, as an EU member state, applies EU sanctions regimes to cryptocurrencies, with VASPs (soon transitioning to CASPs under MiCA) required to comply with OFAC, EU, and UN sanctions through AML obligations, including screening for sanctioned entities. There are no Italy-specific sanctions lists for crypto; compliance relies on EU, UN, and relevant international lists like OFAC's SDN.[1][2][3][5]

OFAC/EU/UN Sanctions Compliance for VASPs/CASPs

VASPs in Italy must implement sanctions screening as core compliance, covering OFAC, EU, and UN lists, since virtual assets do not exempt sanctions obligations—transactions in crypto are treated like fiat.[2][4][5][6]

• OFAC: Applies to all U.S. persons and has extraterritorial reach; VASPs must block cryptoassets linked to SDN-listed persons/entities (including wallet addresses) and report to OFAC. Strict liability applies, with no crypto exceptions.[4][6]
• EU/UN: Integrated into MiCA and Italian AML rules; screening prevents dealings with sanctioned parties, with Travel Rule enhancing controls for crypto transfers.[2][5]
  Under MiCA (effective via Legislative Decree no. 129/2024, the "MiCA Decree"), registered VASPs transition to CASPs by December 30, 2025, maintaining AML/sanctions duties during the period (applications allowed until June 30, 2026).[1][3]

Sanctioned Entity Screening Obligations

VASPs/CASPs must conduct risk-based sanctions screening beyond simple wallet matching, covering SDN lists, digital addresses, and 50% ownership rules. This includes continuous monitoring for EU/UN/OFAC exposure, integrated with Travel Rule for crypto-to-crypto transfers.[2][4][5][6]
OAM-registered VASPs currently report quarterly on AML compliance, which encompasses sanctions.[3]

Geographic Restrictions

No crypto-specific geographic bans beyond EU sanctions (e.g., Russia-related post-2022 Ukraine invasion). VASPs cannot serve clients or process transactions involving sanctioned jurisdictions/entities under EU/OFAC/UN rules.[2][5]
Post-December 30, 2025, only MiCA-authorized CASPs (including EU-passported) can operate in Italy.[1]

Penalties for Violations

Under the MiCA Decree (Legislative Decree no. 129/2024), unauthorized crypto services, or breaches involving ARTs/EMTs, are criminal offenses: imprisonment of 6 months to 4 years, plus fines of €2,066–€10,329.[3]
OFAC violations carry strict liability for U.S.-nexus activities; EU/UN breaches risk additional national penalties.[4][5]

Country-Specific Sanctions Lists for Crypto

Italy has no independent crypto sanctions lists; VASPs/CASPs screen against:

• EU Consolidated Financial Sanctions List
• UN Sanctions Lists
• OFAC SDN List (including crypto addresses)
• UK HMT, Canadian OSFI (for global compliance)[2][5][6]
  Check OAM VASP list or ESMA CASP register for authorized providers.[1]

Key Legal References (official sources; verify for updates):

• MiCA Regulation: EU Regulation 2023/1114 – https://eur-lex.europa.eu/eli/reg/2023/1114/oj
• Italian MiCA Decree: Legislative Decree no. 129/2024 – https://www.gazzettaufficiale.it/ (search decree) [3]
• OAM VASP Register: https://www.organismo-am.it/
• EU Sanctions: https://data.europa.eu/data/datasets/consolidated-list-of-persons-groups-and-entities-subject-to-eu-financial-sanctions?locale=en
• OFAC SDN: https://sanctionssearch.ofac.treasury.gov/ [4][6]
• UN Lists: https://www.un.org/securitycouncil/content/un-sc-consolidated-list