Insight

Ukraine Conflict – Two Years Later: Key Legal Lessons for Businesses

March 11, 2024

It’s been two years since the escalation of the ongoing conflict in Ukraine, which has led many companies with business operations or personnel in Eastern Europe to adjust, restructure, or exit locations in Russia. Meanwhile, the global business community has adapted to trade restrictions and sanctions, settled contract disputes and force majeure issues, prepared for and responded to cybersecurity breaches, and navigated challenges to the supply chain.

As there continues to be political instability and military action in different areas around the world, we break down some of the key legal lessons learned from the Ukraine conflict.

Sanctions and Countersanctions

Although opinions are mixed as to the overall effectiveness of sanctions as a response to Russia’s actions against Ukraine, there is little doubt that sanctions will remain a key tool for many governments—including the United States, United Kingdom, and the European Union—in responding to global conflicts. Russia sanctions showed the willingness of the US government to also directly sanction persons foreign to the targeted country engaged in the conflict but abetting in circumventing the restrictions.

The Ukraine conflict saw increased coordination among US government agencies, as well as between the US government and the governments of other countries, and that experience likely created muscle memory that will make such coordination an increasingly common element of the playbook in future conflicts. While Russia sanctions have received significant recent attention, there are comprehensive sanctions programs in place for Cuba, Iran, North Korea, Syria, and the Crimea and Luhansk and Donetsk People's republics regions, and extensive sanctions in place for Venezuela and China.

The sanctions imposed by many countries and international bodies on Russia as a result of the conflict were in many ways exceptional in their coordination, breadth, and speed. Both with respect to Russia and any future conflicts that may result in sanctions, even companies without US connections should therefore be prepared for the possibility of similar sanctions imposed by other countries.

In addition, because international sanctions will likely not be identical to US sanctions, even if there is some overlap—as is the case with respect to Russia sanctions—companies need to ensure that their various transactions are evaluated against the applicable programs. Furthermore, and as discussed in more detail in the Contract Disputes section below, sanctions can lead to contract performance issues that may in turn result in arbitration or litigation.

In response to the sanctions imposed by countries around the world and to the capital flight that resulted from the Ukraine conflict, Russia introduced a set of extensive and unprecedented restrictive measures known as countersanctions. Russian countersanctions are designed to prohibit many actions and transactions with, or for the benefit of, persons from the so-called “unfriendly” countries, namely the US and others that imposed sanctions against Russia.

Countersanctions restrict or block the ability of an “unfriendly” person to exit from its Russian business or investment, contain export of capital and counter trade restrictions, and withdraw intellectual property protections. Some countersanctions have already resulted in Russia’s appointed persons taking control of several businesses or projects owned by “unfriendly” persons.

The Ukraine conflict shows that affected companies must be prepared to navigate the complex and conflicting web of sanctions and countersanctions and make difficult business decisions. In a similar vein, the potential for that sort of retaliation should be taken into account as a risk factor when companies are assessing whether and how to invest in countries that are less stable and therefore may be at higher risk for conflict that could lead to both sanctions and retaliatory responses.

While sanctions may be the regulatory response most directly tied to global conflicts, the US government has other national security tools that may be leveraged as well, and which can affect the operations of both US and non-US companies. These tools include export controls, import restrictions, and foreign direct investment review. Companies should be prepared for the possibility that transactions that might otherwise have been acceptable could get scrutinized more closely, or be subject to new and heightened restrictions, if they have a nexus to a country whose risk profile increases due to either ongoing conflict or increased likelihood of conflict.

All of these regulatory regimes involve compliance monitoring and enforcement by the government, which has been increasingly active in its enforcement activity. It is therefore important that companies have sufficient compliance programs and tools in place to avoid even inadvertent violations, which can result in both civil and criminal penalties, as well as reputational injury and other harm.

Contract Disputes

The Ukraine conflict resulted in the disruption of innumerable corporate, commercial, and financial contracts, including those that require performance by or with sanctioned entities or that were otherwise affected by sanctions. This is certainly not the first time—and won’t be the last time—that international sanctions have played a role in litigation or arbitration over contract performance issues.

In response to the geopolitical situation, Russia adopted a law allowing a Russian court to accept jurisdiction over disputes involving Russian sanctions or disputes otherwise related to sanctions, or where a matter is governed by laws of a country which introduced sanctions.

Sanctions have led parties to invoke force majeure and termination provisions, and common law doctrines like impossibility, illegality, and frustration of purpose to excuse nonperformance. The Russian court practice that emerged after the Ukraine conflict generally treats sanctions as illegal or contradictory to public policy. Complex conflict of law situations, and public policy considerations, as well as contract governing law and dispute-resolution clauses, have played an important role in clients determining their contract or defense strategies.

As a result, companies with global operations should evaluate their contractual relationships and identify any agreements or counterparties that may be impacted by sanctions. They should anticipate that counterparties may invoke sanctions in an attempt to excuse their performance under contracts, and consider if and how these sanctions may impede their own ability to perform. They should also review their contracts or model contracts to determine whether they need to be adjusted to address the global conflicts challenges.

Insurance

The scope of coverage afforded by first-party business insurance policies came into sharp focus over the past two years. Typical commercial property insurance provides all-risk coverage for loss or damage to the insured's property. The insurance may cover an agreed value for the total loss of property, costs to repair or replace property, extra expenses incurred during a period of restoration, and business income losses resulting from the loss of or damage to the insured's property. While coverage may be subject to an exclusion for loss caused by war, hostilities, confiscation, detention, or nationalization, many policies contain endorsements extending coverage for such causes of loss.

Additional coverages available under commercial property insurance policies vary. For instance, contingent business interruption coverage protects the insured from loss associated with supply chain disruptions caused, in whole or in part, by a third party’s property loss or damage. The property loss or damage must be caused by a peril covered under the policy.

While contingent business interruption coverage generally does not reach losses caused by war, political disruptions, road closures, or bankruptcy of a business partner or supplier, endorsements writing back the coverage exist. Sublimits are generally applicable to contingent business interruption or supply chain coverage, and may vary depending on whether a direct or indirect supplier suffers property loss or damage to its property.

Other specialty coverages may be available to cover business or industry-specific risks (as in the case of aviation, marine, and cargo risks, for example), either on standard or manuscripted forms.

It is important to carefully review existing insurance policies for potential coverage, including a review of the applicable policy limits and sublimits, coverage enhancements, exclusionary clauses, and interplay among all potentially applicable policies, including policies issued locally and globally.

Cybersecurity

Many companies look to increase their cyber defenses amid heightened geopolitical tensions as threats of ransomware and data breaches continue apace, particularly with respect to critical physical and digital infrastructure. With so much of the world’s daily business operations and commerce relying on a strong digital presence, data privacy and cybersecurity are critical concerns for companies across virtually every aspect of their operations.

The risk of data breaches and their adverse impact on businesses—including unwelcome publicity and brand damage—pose some of the greatest risks to modern companies. In addition, legislators and regulators, especially in the US, the EU, UK, and Asia-Pacific, are seeking to apply and enforce industry-specific cybersecurity laws (such as the EU’s robust NIS 2 laws).

A ransomware attack, like a pandemic, is not a new phenomenon. But the dramatic uptick of these types of cyberattacks and the public’s response could ignite a force majeure firestorm. In fact, as cyber criminals target critical infrastructure, companies need to worry not only about the security of an individual entity but also about widespread disruption to the broader supply chain and economy. Unfortunately, there is no one-size-fits-all solution.

However, a key preparedness strategy is to consider the cybersecurity risk profile of the company’s manufacturing and services lifecycle—not just those relating to information systems. Importantly, the company’s board and senior business and legal team—not just the information security team—should consider regularly training for a “bet the company” eventuality, including having to make difficult business and legal choices under pressure.

The Ukraine conflict has raised significant cybersecurity concerns for businesses in the United States and across the world, resulting in an increased focus on using cyber insurance to mitigate any resulting losses. The conflict has also caused insurers to turn their attention to a rarely invoked exclusion in insurance policies: the war exclusion.

Certain insurers have recently taken steps toward altering the language of such exclusions. As a result, evaluating the applicability of insurance coverage, including the specific language of any war exclusions contained in the policies, is an important first step for businesses as they seek to protect themselves from cyber threats.

Online Content Moderation

States in conflict—and their supporters—increasingly seek to proliferate misinformation (including AI-generated misinformation) on websites and online platforms and intermediaries. This, in turn, creates strategic business, legal, and reputational risks for all major companies, not just the operators of such websites, platforms, and online intermediaries.

Companies may wish to proactively consider their exposure to these risks and to implement appropriate business, communications, and legal strategies in advance of any such risks being realized (e.g., creating a “SWAT team” to respond promptly and submit appropriate “take-down” requests and implement defensive communication strategies).

In addition, many countries (notably, the European Union via the Digital Services Act and the UK via the Online Safety Act) are enacting, or have enacted, laws requiring operators of certain websites, social platforms, hosting companies, and other online intermediaries to implement policies and procedures to actively monitor and take down certain user-generated content made available, hosted, or transmitted through their platforms.

However, obligations under these laws extend to many types of content, for example both “unlawful” content and “lawful but awful” content, in turn creating potential conflicts with other laws relating to freedom of expression, data protection, and antitrust. Companies failing to comply with these new content moderation laws may be exposed to potentially significant fines.

Employees

Addressing employee expression in the workplace becomes more complicated against the backdrop of military conflict or other conflict. Employees can have an emotional response to what they see reported in the media, and the line between unacceptable hate speech and political speech—the latter of which some jurisdictions’ laws protect—begins to blur. Employers can regulate employee expression through personnel policies, but laws that protect political speech within or outside the workplace can require employers to limit the scope of those policies.

Moreover, in the social media age, a company seeking to avoid the fray may be compelled to respond to its employees’ public commentary, even when the employee makes those comments outside of their company role. If the employer is silent, then some may construe that silence as an endorsement. If the employer disciplines the employee who expressed their views, then divisions may occur among the workforce. Discipline could also create employment law risks, such as claims of discrimination based on the employee’s race or national origin.

In some circumstances, the employer may have no choice but to remain publicly silent if the employee’s controversial commentary qualifies as protected activity under applicable laws. Fortunately, many jurisdictions’ laws contain exceptions that balance the employee’s right to political expression with the employer’s interest in maintaining a safe and respectful workplace.

Immigration

The Ukraine conflict has highlighted some of the dichotomies of global conflict in the immigration space. On the one hand, borders were opened to fleeing Ukrainian nationals through refugee and asylum streams. These streams provided residence and work permissions in many countries around the world.

On the other hand, there were no special accommodations made for Russian nationals, and companies looking to move their employees out of harm’s way ran into roadblocks as global embassies and consulates either banned entry of Russian nationals, applied a higher level of scrutiny, or deprioritized the entry of Russian nationals. Additionally, when there was a call to arms and the military reserve was mobilized in Russia, global mobility teams coordinated with the local experts to evaluate the local civil and criminal laws for companies and individuals associated with the draft.

As global conflicts or crises arise, there are country-by-country assessments required to navigate the complexities of global immigration and continued work permissions for employers and their global talent.

Contacts

If you have any questions or would like more information on the issues discussed in this Insight, please contact any of the following: