Between late 2025 and early 2026, the regulations governing corporate liability under Legislative Decree 231/2001 underwent a significant strengthening, requiring companies to promptly update their organizational, management, and control models. Legislative Decree No. 211 of December 30, 2025, effective as of January 24, 2026, introduced the new Article 25-octies.2 into the list of predicate offenses, dedicated to violations of European Union restrictive measures, transposing Directive (EU) 2024/1226. Conduct such as making funds or economic resources available to sanctioned entities, failing to freeze assets, carrying out prohibited commercial transactions, the import/export of prohibited goods, the provision of restricted services, and the violation of reporting obligations related to European sanctions regimes now fall within the scope of 231 risk. As of January 2026, therefore, international sanctions, export controls, frozen assets, and counterparty checks no longer concern only commercial, banking, or customs compliance, but constitute a full-fledged 231 risk, requiring enhanced controls over customers, suppliers, beneficial owners, cross-border payments, authorizations, exports, and relations with “sensitive” countries. Of particular note is the new sanctions system: for specific violations, monetary penalties are no longer calculated using the traditional quota system, but as a percentage of the entity’s total annual revenue (generally between 1% and 5%), with fixed thresholds of up to 40 million euros when revenue cannot be determined. This makes a substantial update of the 231 Models essential, including a detailed mapping of EU sanction risks, enhanced due diligence procedures on counterparties, and continuous control mechanisms throughout the entire operational chain.