On 23 April 2026, the European Council adopted its 20th package of sanctions against Russia. The headline number was 46 newly designated vessels, bringing the running total of shadow-fleet ships barred from EU ports and services past 632. That is a substantial figure, but it is not the most consequential line in the package.
Buried in the same listing is something the maritime compliance community has not yet absorbed: a single oil terminal in the Karimun Islands of Indonesia, designated for facilitating shadow-fleet transfers of Russian crude. It is the first time the European Union has sanctioned a port located in a third country — not Russian, not Belarusian, not on any aligned territory — for sanctions-related conduct.
Four days later, the operator of the terminal publicly denied any involvement.
The denial is the part that should make every charterer, insurer, and P&I underwriter sit up.
What was actually listed
The 20th package, published in the Official Journal on 23 April, expands restrictive measures across several fronts. The vessel list grew by 46 entries, most of them tankers operating under flags of convenience and ownership chains that lead through shell jurisdictions. Two Russian ports — Murmansk and Tuapse — were designated for the role they have played as origination points for the shadow trade.
The unprecedented entry is Karimun Oil Terminal in Indonesia’s Riau Islands province. The Council’s justification cites the terminal’s role in facilitating ship-to-ship transfers of Russian-origin crude that subsequently enter international markets with their origin obscured. The terminal itself is operated by a private Indonesian entity that, on 27 April, issued a public statement rejecting the basis for the listing.
Whether the operator’s denial holds up under scrutiny is, for compliance purposes, almost beside the point. The Council has already demonstrated that it is willing and able to follow shadow-fleet activity into jurisdictions outside the sanctions coalition, that it considers ports themselves to be designable touchpoints, and that it will rely on STS-pairing intelligence and terminal-call data to make those designations stick.
Why this changes the screening problem
For most of the post-2022 sanctions cycle, the operating model for vessel-level compliance has been straightforward. Take an IMO number. Run it against the OFAC SDN list, the EU Consolidated list, and the UN Security Council list. If there is no hit, proceed with the engagement. If there is a hit, decline. The lists were updated on a known cadence, and most screening tools refreshed quarterly because that was sufficient to catch the meaningful changes.
That model is now broken, and the Karimun listing is the proof.
If your screening logic ends at “is the vessel IMO on a list,” you have just been told by the EU that the vessel can be perfectly clean while every other element of its voyage is contaminated — the terminal it loaded at, the vessel it transferred cargo to, the corporate parent of the entity that arranged the cargo, the flag state administration that registered it. None of those used to matter for compliance purposes if the vessel name itself was clean. After 23 April, all of them do.
The 20th package effectively redefines the unit of compliance from the vessel to the voyage. A clean IMO that has called at a designated terminal in the previous twelve months is no longer a clean IMO from a counterparty-risk perspective. A clean IMO that has appeared in the AIS history of a designated vessel during a plausible STS window is no longer a clean IMO either. The screening question is not “is this ship sanctioned” but “has this ship’s recent operational history touched any sanctioned node” — and that is a fundamentally different query.
The quarterly-refresh trap
Most commercial vessel screening products refresh their sanctions databases on a quarterly cadence. Some do monthly. A small number do weekly. Almost none do daily, and effectively none do live.
In the pre-shadow-fleet era, quarterly was defensible. The OFAC SDN list grew slowly. New designations were rare and well-publicised. A compliance officer who reviewed counterparty exposure at the start of each quarter and again at engagement was operating well within industry standard.
The maths has changed. OFAC’s SDN list grew by more than 300 vessels in 2025 alone, a 46% expansion. The EU has now added another 46 in a single package, bringing its shadow-fleet roster to 632. New designations are not rare. They are arriving in waves, and each wave includes ownership chains, terminals, and jurisdictions that the previous quarter’s screening would have certified as clean.
Quarterly refresh in this environment is not a methodology. It is a backlog. A counterparty cleared in February against a January-snapshot list is not cleared at all if their corporate parent was designated in March and added to the screening database in May. The exposure exists; the compliance system is simply not seeing it.
What the Karimun precedent enables
The most useful way to read the 20th package is forward, not backward. Brussels has now established three procedural precedents that will outlive the specific designations attached to them.
Third-country port designations are on the table. The Karimun listing is the proof of concept. The Council has demonstrated that there is no jurisdictional ceiling on its sanctions reach when the activity in question facilitates evasion. Other regional terminals in Southeast Asia, the Gulf, and West Africa that have appeared in shadow-fleet STS analyses are now plausible future designations.
Terminal-call history is now a compliance signal. If the EU is prepared to designate a port for the activity it has hosted, then a vessel’s call history at that port is part of its risk profile. Any screening workflow that does not surface terminal calls against a list of designated facilities is incomplete.
STS pairing data is being used as enforcement evidence. The mechanism by which the Council can credibly designate a third-country terminal is by demonstrating which vessels offloaded which cargoes there and where those cargoes originated. That intelligence pipeline is operational. It is being used. And it can be used against any vessel that participates in the same operational pattern.
What compliance teams should do this quarter
Three changes are now overdue for any organisation with vessel-level counterparty exposure: charterers, insurers, P&I clubs, banks, brokers, and classification societies.
Move screening cadence from quarterly to at-engagement-and-weekly. The screening database should refresh continuously. Counterparty risk should be re-evaluated at every engagement, and every active counterparty should be re-screened at least weekly. The cost of a weekly re-screen is trivial compared to the cost of writing exposure on a counterparty whose parent was designated three weeks ago.
Add terminal-call history and STS-pairing checks to vessel vetting. Static IMO screening is no longer sufficient. A vetting workflow should ingest the vessel’s recent port-call sequence, cross-reference it against designated facilities, and flag any STS rendezvous events visible in AIS that pair the candidate with a designated vessel. This is technically achievable today using publicly available AIS feeds and the EU and OFAC vessel lists.
Treat ownership opacity as a sanctions risk factor in its own right. When a vessel’s registered owner has no LEI, no verifiable parent chain, and is domiciled in a known shell-company jurisdiction, that pattern is not just a due-diligence gap. After Karimun, it is a leading indicator that the vessel is operating in a structure designed to obscure the kind of activity Brussels has now demonstrated it will sanction. The opacity score belongs alongside detention history and flag-state performance in any serious vetting model.
The line that matters
The 20th package contains 46 newly designated vessels, two Russian ports, and one Indonesian terminal. The vessels will be replaced. The Russian ports were already priced in. The Indonesian terminal is the line that matters, because it tells every other terminal operator, charterer, insurer, and screening vendor that the perimeter has moved — and that the next listing will not necessarily be in Russia either.
If your vessel-vetting workflow still ends at “is the IMO on a list,” you are scoring a risk that was true last quarter. The EU is now operating at a cadence and a depth that quarterly screening cannot match. Closing that gap is no longer a project for next year.
ArcNautical’s vessel dossier runs live OFAC, EU and UN sanctions screening on the vessel, its registered owner, and its full GLEIF-traceable parent chain — including ownership-opacity scoring against shell-company jurisdictions. Open Vessel Check and paste any IMO. No signup, no card.