A recent SVT investigation has shone a spotlight on how wealthy Russian clients continue to access European luxury destinations on chartered private flights despite sweeping sanctions and closed airspace. At the centre of the reporting is Avinode, a Swedish booking platform used widely across the private aviation industry. SVT’s findings and ensuing comments from EU sanctions officials have renewed debate about the responsibilities and legal exposure of intermediary tech platforms in sanctions enforcement.
What SVT reported
SVT’s investigation found that customer companies linked to Russian interests were able to use Avinode’s platform to book private flights to Europe. Avinode told SVT in writing that it has implemented measures to comply with sanctions and that it operates only as a booking platform; it said it has no visibility over individual passengers, which it regards as the responsibility of operators and authorities. Avinode declined an on-camera interview.
EU sanctions envoy David O’Sullivan told SVT he takes the reporting seriously and suggested Swedish authorities should investigate and, if warranted, prosecute. Sanctions lawyer Alexandre Prezanti told SVT it may amount to systematic circumvention of EU Regulation 833/2014, noting that “control” of an aircraft — rather than the plane’s registration — is the determining factor in applying the prohibition.
Why this matters to Nordic business
The controversy is not just about one company. It raises compliance, reputational and operational risks for a cluster of Nordic firms: software/platform providers, charter operators, brokers, insurers and fintech firms that provide payments to or for high-net-worth clients.
Legal and enforcement risk: EU Regulation 833/2014 and related national measures prohibit flights controlled by sanctioned persons, regardless of aircraft registry. Regulators are increasingly focused on substance over form — i.e., who controls a service or asset, not just corporate paperwork. Platforms used to facilitate transactions that enable circumvention may therefore attract scrutiny.
Reputational risk: Nordic companies pride themselves on rule of law and transparency. Allegations that technology made in the region is helping sanctioned actors reach European destinations can damage brand trust domestically and across clients and partners.
Financial risk: Insurers and payment providers may reassess exposure; operators found to facilitate sanctions evasion could lose insurance cover or face contract terminations and fines.
Competitive risk: Platforms that implement credible compliance measures may gain market share as clients and operators prefer lower-risk partners.
Legal and compliance analysis
Regulation 833/2014 contains provisions aimed at restricting services and goods to certain Russian-linked persons and entities, and it specifies that “control” by a listed person is a key test for restrictions on aircraft operations. EU practice since 2022 has trended toward broader interpretation of “control” to capture indirect and de facto influence. Criminal and administrative enforcement sits primarily with member states, creating a mix of regulatory approaches across the bloc.
Key legal questions for platforms and brokers:
Are booking platforms merely passive intermediaries, or do they “facilitate” flights in a way that makes them subject to obligations similar to regulated service providers? Courts and regulators will look at the degree of active involvement and knowledge.
What constitutes adequate due diligence? Traditional KYC at the operator level may not be sufficient if opaque ownership structures or third-party agents mask beneficial control.
Can platforms reasonably claim ignorance of passenger identity if the booking, route planning and payment flows reveal patterns of circumvention?
Operational and technological responses
Operators and platforms can and should upgrade controls without stifling legitimate business. Practical measures include:
- Sanctions screening at multiple points: not just at account creation but at booking, pre-flight confirmation and payment settlement, using up-to-date consolidated sanctions lists and custom watchlists.
- Enhanced due diligence on corporate clients and booking intermediaries: collection of beneficial ownership, source-of-funds checks, and red flags for shell companies or frequent itinerary changes.
- Data sharing and industry consortia: a sector-wide, privacy-compliant repository of flagged clients and suspicious booking patterns would reduce fragmentation and duplicate risk. This requires clear legal frameworks to reconcile GDPR and public interest needs.
- Technical pattern detection: use of machine learning to identify anomalous booking patterns (last-minute repositioning flights, frequent one-way trips to sanctioned jurisdictions, repeat use of the same operator but different corporate veneers).
- Immutable audit logs: tamper-evident records of who booked, approved and operated each flight can be crucial in demonstrating compliance to authorities.
Policy and enforcement implications
The Avinode episode illustrates a regulatory gap: digital intermediaries operating across borders but outside the licensing frameworks that bind financial institutions and transport operators. Policy responses that would reduce ambiguity and strengthen deterrence include:
- Clear supervisory guidance: national authorities should issue guidance clarifying the circumstances under which booking platforms and digital intermediaries are expected to conduct sanctions checks and what constitutes adequate due diligence.
- Harmonised EU rules for digital aviation intermediaries: a light-touch regulatory layer that requires platforms used in aircraft charters to register and perform minimum sanctions screening, similar to obligations for high-value goods trade platforms.
- Greater cross-border enforcement cooperation: member states should coordinate investigations and share intelligence on suspicious aviation activity to prevent regulatory arbitrage.
- Targeted legislative updates: consider amending aviation and sanctions legislation to explicitly address the role of platforms that enable the booking, financing or routing of flights.
Recommendations for Nordic companies
Conduct a legal audit: map your platform’s exposure to sanctioned persons, evaluate current screening and logging practices, and document remediation steps.
Strengthen contracts with operators: include compliance warranties, audit rights and termination clauses for sanctions breaches.
Invest in compliance tech: screening and monitoring tools pay off when regulators demand demonstrable controls.
Engage with regulators: proactively seeking guidance reduces enforcement surprise and can shape realistic expectations.
SVT’s reporting and the EU envoy’s response should serve as a wake-up call. The core issue is not technology per se, but the governance gap around how digital platforms are integrated into high-value services that are sensitive to sanctions. Nordic companies and authorities have an opportunity to lead: by creating clear standards for platforms and by deploying practical technical and legal measures, the region can protect its reputation while keeping legitimate business flows open.
Next steps and how to connect
Follow-up direction: In our next article we will examine practical technological solutions — from consortium watchlists to machine-learning flagging and blockchain-based audit trails — that private aviation platforms and regulators can deploy to close the sanctions-enforcement gap. We will interview compliance officers, aviation operators, and regulatory experts to assess cost, effectiveness and privacy trade-offs.
Connect with us: Nordic Business Journal welcomes tips, data sources and reader perspectives.
To contribute or receive updates, email editorial@nordicbusinessjournal.com follow us on LinkedIn, or subscribe to our newsletter at nordicbusinessjournal.com/newsletter.