Up to 2% Turnover Fine: Ukraine Moves to Ban “Hostile” Software
On October 23, 2025, the Verkhovna Rada of Ukraine registered Resolution No. 13505/P, laying the groundwork for the draft law “On the Prohibition of the Use and Distribution of Hostile Software Products and Hostile Information Technology Tools”. The initiative aims not only to formalize the ban but also to create a legal framework for Ukrainian businesses and government institutions to transition to secure IT solutions.
The legislation is focused on enhancing cybersecurity and protecting Ukraine’s information space from technological influence by the aggressor state.
Why This Is Relevant Now
In the context of war and multi-layered cyber threats from the aggressor state, controlling software usage has become a strategic issue. For example, in 2022, large-scale cyberattacks targeted Ukrainian government websites.
According to the IT Ukraine Association, by 2024 over 70% of Ukrainian companies still used software originating from the aggressor state, and more than 40 such products remained active.
Business associations and the IT community support the legislative initiative, as it not only enhances security but also stimulates the development of Ukrainian and partner IT solutions.
How the Ban Mechanism Will Work
The lists of prohibited software products and IT tools will be approved by the Cabinet of Ministers of Ukraine, with maintenance of these lists assigned to the State Service for Special Communications and Information Protection of Ukraine.
Proposals will be initiated by the Security Service of Ukraine (SBU) and the National Bank of Ukraine.
A transitional period is planned until January 1, 2030, during which government agencies, critical infrastructure enterprises, financial institutions, and other entities can gradually discontinue the use of “hostile” software.
Key Provisions of Draft Law No. 13505
The draft law legally enshrines the prohibition of software products and IT tools that may operate in the interests of aggressor states or pose a threat to national security.
It defines “hostile software product” and “hostile IT tool,” as well as the criteria under which software can be classified as “hostile,” such as developer or owner origin, inclusion on sanction lists, etc.
An open registry of prohibited software and hardware will be created.
Financial support for businesses migrating to secure solutions is expected: grant programs for implementing international ERP/CRM systems are already in place.
Non-compliance will result in financial penalties: up to 2% of the annual turnover of the business entity.
Consequences for Businesses If Unprepared
Implementing the law banning “hostile” software is not just a security issue—it is a serious challenge for businesses that have not yet migrated to legal, certified solutions. Ignoring preparation may trigger a chain of consequences—from financial penalties to loss of market position.
- Financial Losses and Penalties
The primary risk is a fine of 2% of the company’s annual turnover. For a business with 100 million UAH in turnover, this equals 2 million UAH in direct losses. The actual cost can be much higher if auditing, software replacement, re-certification, and downtime are taken into account. - Disruption of Government and International Contracts
Companies continuing to use prohibited software may be excluded from public tenders, grant programs, and joint projects with international partners. Many donor and government agencies already require that partners avoid software originating from the aggressor state. - High Cyberattack and Data Loss Risks
“Hostile” software often contains hidden backdoors that allow remote interference. For manufacturing and financial companies, this may result in operational blockage, ransomware attacks, or leaks of confidential information. A cyberattack at a critical moment can paralyze operations for days or weeks, causing damage that insurance cannot cover. - Reputational and Legal Consequences
Using prohibited software may be considered a violation of national security legislation. For companies working with international partners, this could result in loss of trust, reputational damage, and banks refusing to cooperate or extend credit. Public blacklisting can be more damaging than the fines themselves. - Emergency Software Replacement Costs
Once the law takes effect, companies unprepared will be forced to urgently switch to alternatives. This can cause uncoordinated migrations, data loss, and disruptions in accounting and logistics. Replacing ERP or CRM systems in crisis mode can cost 3–5 times more than planned implementation. - Loss of Strategic Flexibility
Companies continuing to use outdated or unsafe software will be unable to integrate modern solutions: analytics, AI modules, CRM integrations, etc. This effectively limits development opportunities and puts the business in a non-competitive position.
Current Stage of the Legislative Initiative
Draft Law No. 13505 was registered in July 2025.
On October 21, the Committee on Digital Transformation recommended its adoption in the first reading “as a basis.”
The creation of the prohibited software registry is a key component of the enforcement mechanism.
Importance for Ukraine and Business
This is not just a new law—it is a strategic step toward technological sovereignty for Ukraine. The ban on “hostile” software aims not only to improve cybersecurity for state and commercial systems but also to promote the development of Ukrainian and allied IT solutions, reducing dependence on risky imports. Businesses should see this not as a regulatory burden but as an opportunity to modernize IT infrastructure, migrate to certified systems, and increase security and competitiveness.
Safe Alternative: SAP Business One
After the adoption of Draft Law No. 13505, choosing official, certified, and verified software will become critical for every company. Businesses currently relying on questionable or sanctioned software risk not only fines but also exclusion from government procurement and international partnerships.
A reliable alternative that meets national cybersecurity requirements while improving management efficiency is SAP Business One.
🔒 Certified Security and Legal Compliance
SAP Business One is a globally recognized ERP solution compliant with international information security standards (ISO/IEC 27001, GDPR, SOC 1/2/3). The system undergoes regular independent audits, features transparent code origin, and contains no risky components associated with aggressor states.
For Ukrainian companies, this ensures full compliance with Draft Law No. 13505—no sanctions, inspections, or blocking risks.
🧩 A Single Source of Truth for Your Business
SAP Business One integrates all core processes—finance, procurement, sales, inventory, production, project management, CRM—into a centralized system.
This reduces dependence on third-party tools and eliminates data fragmentation common in companies using multiple incompatible or “grey” licensed software.
☁️ Reliable Infrastructure and Flexible Deployment
SAP Business One can operate in the cloud (Microsoft Azure, Google Cloud, or SAP Cloud) or on local company servers.
All deployment options comply with security standards and provide complete data control. This is critical for companies handling sensitive or financial information. Users access the system via secure channels with multi-level authorization and role-based access control.
⚙️ Risk-Free Migration
Companies currently using prohibited or “hostile” software can smoothly migrate to SAP Business One with minimal operational risk.
DIGITAL BUSINESS SOLUTIONS, the official SAP partner in Ukraine, provides a full migration cycle:
- Audit of existing software
- Data migration from 1C, Odoo, Bitrix24, Excel, or other systems
- Process configuration tailored to business specifics
- Staff training and post-launch technical support
This enables companies to transition to an official, secure environment without interrupting operations.
💼 Benefits for Management and Business Owners
Choosing SAP Business One is not only a matter of security but an investment in business stability:
- Compliance with Ukrainian and European cybersecurity requirements
- Increased trust from banks, investors, and government agencies
- Financial transparency and real-time control of business processes
- Rapid scalability and entry into new markets
The result is a controlled, secure, and competitive business, free from political or technological risks.
🤝 Why DIGITAL BUSINESS SOLUTIONS
DIGITAL BUSINESS SOLUTIONS is a leading SAP Business One integrator in Ukraine, specializing in business automation under strict cybersecurity requirements.
We help companies not only migrate to secure software but also transform ERP into a strategic asset that ensures financial resilience, operational efficiency, and growth.
SAP Business One is your protection, efficiency, and confidence in the future. DIGITAL BUSINESS SOLUTIONS guarantees a safe transition and stable operation in full compliance with Ukrainian law.