HomeAnalyticsAlertsDigital Services Regulation in Ukraine: New Requirements for Technology Companies

Digital Services Regulation in Ukraine: New Requirements for Technology Companies

Technology companies operating in or distributing digital services into Ukraine face a material shift in their compliance obligations. Ukraine has adopted new legislative measures under its developing digital services regulatory regime, placing structured obligations on a broad range of platform operators, software providers, and AI-enabled service businesses. Companies that miss the compliance window risk losing market access, facing administrative liability, and exposing their Ukrainian partners to sanctions under local enforcement mechanisms.

Ukraine's digital services legislation now requires technology companies meeting defined threshold criteria to register, appoint a local representative, implement algorithmic accountability measures, and maintain localised documentation of their digital services. The rules apply to both domestically established entities and foreign operators providing services to Ukrainian users. Companies must complete initial compliance steps within the transition period set by the relevant implementing instruments.

This alert covers the key change, which businesses are affected, the applicable thresholds, the compliance deadline, and the immediate actions international companies should take now.

What has changed and when it takes effect

Ukraine's legislative agenda for digital regulation has accelerated significantly as part of its broader alignment with European digital standards. The new requirements, introduced under Ukraine's developing technology licensing and digital services legislative regime, establish a formal regulatory system for providers of digital platforms, intermediary services, and AI-enabled applications directed at Ukrainian users.

The core change is structural. Previously, foreign technology companies could distribute digital services into Ukraine with minimal local compliance obligations. The new rules introduce a tiered system of obligations that mirrors elements of the EU approach to digital services regulation, including obligations around algorithmic accountability, software liability exposure, and disclosure requirements for automated decision-making systems.

The legislative measures entered into force in stages. Foundational registration and representative appointment obligations became effective at the start of 2026. Obligations relating to AI Act compliance-equivalent standards – including transparency and algorithmic accountability documentation – apply from mid-2026. Companies that began operating in Ukraine before the effective date are subject to a transition period, but that window is closing. New market entrants are subject to the full regime immediately upon commencing service delivery to Ukrainian users.

The Ministerstvo tsyfrovoi transformatsii (Ministry of Digital Transformation of Ukraine) is the primary supervisory authority responsible for implementing and enforcing the new digital services regime. It has the power to issue binding instructions, impose administrative penalties, and refer persistent non-compliance for prosecution under applicable enforcement legislation.

Which companies are affected and threshold criteria

The new regime applies broadly, but the intensity of obligations scales with the size and nature of the operator. International companies should assess their exposure against three primary criteria.

First – service type. The regime covers operators of online platforms, application marketplaces, search intermediaries, AI-driven content recommendation systems, and providers of cloud-based software-as-a-service directed at Ukrainian users. Pure business-to-business operators serving only non-Ukrainian users are not within scope, but any service accessible to and used by individuals or entities in Ukraine triggers a threshold analysis.

Second – user volume. Companies with a significant number of active Ukrainian users per month fall into the higher-obligation tier. The legislation draws a distinction between operators below the threshold. who face lighter notification and registration duties. and those above it, who must appoint a local representative, maintain Ukrainian-language documentation, and implement algorithmic accountability protocols. Operators should assess their active user counts against the criteria published by the Ministry of Digital Transformation.

Third – systemic risk designation. Operators designated as providers of systemic importance face the most demanding obligations. This designation can be applied regardless of user volume if the service is deemed critical to Ukrainian digital infrastructure or public communications. Systemic-risk operators are subject to audit rights, mandatory incident reporting, and enhanced software liability disclosure obligations.

Foreign companies operating through Ukrainian subsidiaries or commercial partners should note that the local entity may itself bear compliance obligations. This creates a dual exposure: the foreign parent must comply as a service provider, and the Ukrainian affiliate must comply as a local operator. Engaging a technology law adviser in Ukraine early in the assessment process can prevent both entities from inadvertently assuming unmanaged liability.

For advice on how these thresholds apply to your digital services business, contact us at info@ferrazwhitmore.com.

Immediate actions for international companies

The transition period does not eliminate urgency. Companies that delay their compliance assessment until the formal deadline risk compressed timelines for documentation, local appointments, and technical implementation. The following actions should be initiated without delay.

  • Map your Ukrainian user base. Determine whether your active Ukrainian user count crosses the threshold for the higher-obligation tier. Retain records of this assessment – regulators may request evidence of the analysis if enforcement proceedings are initiated.
  • Appoint or identify a local representative. The legislation requires in-scope operators to designate a natural or legal person in Ukraine as their official point of contact for the Ministry of Digital Transformation. This representative assumes responsibility for receiving regulatory correspondence and coordinating compliance responses.
  • Audit your algorithmic accountability documentation. If your service uses automated decision-making, content recommendation, or AI-driven personalisation directed at Ukrainian users, you must prepare and maintain documentation that describes the system's logic, data inputs, and user-impact assessments. This is one of the areas where enforcement is expected to be most active.
  • Review technology licensing arrangements. Any technology licensing agreements that govern the distribution of software or digital services in Ukraine should be reviewed for consistency with the new regime. Licences that do not reflect current regulatory obligations may expose both licensor and licensee to liability under applicable commercial and technology legislation.
  • Check intellectual property registration status. The new digital services rules interact with Ukraine's intellectual property legislation in ways that affect enforcement rights. Companies whose software, platform interfaces, or AI models are not adequately protected under Ukrainian intellectual property law may face difficulties asserting rights in a dispute or enforcement context. Our analysis of intellectual property protection in Ukraine covers the key steps for technology companies.

Companies operating across multiple CIS markets should also consider how the Ukrainian rules interact with digital services developments in neighbouring jurisdictions. Our alert on digital services regulation in Russia addresses parallel requirements that may affect businesses with a regional footprint.

About Ferraz & Whitmore

Ferraz & Whitmore is an international law firm based in Lisbon, advising technology companies, platform operators, and institutional investors on digital services regulation, AI Act compliance, and cross-border technology licensing across 46 jurisdictions. As an international law firm advising clients who need a lawyer in Ukraine with cross-border experience, we combine Portuguese civil law expertise with English common law tradition to deliver practical, results-oriented counsel. Our Asia-Pacific, Middle East and CIS practice supports international businesses managing regulatory and commercial challenges in high-growth and emerging markets, including Ukraine. The firm's technology law team includes practitioners with experience advising on algorithmic accountability requirements, software liability exposure, and digital services compliance across both EU-aligned and CIS regulatory systems. To discuss how Ukraine's new digital services requirements apply to your business, contact us at info@ferrazwhitmore.com.

Disclaimer: This publication is provided for informational purposes only and does not constitute legal advice. The information herein should not be relied upon as a substitute for professional legal counsel tailored to your specific circumstances. Ferraz & Whitmore assumes no liability for actions taken or not taken based on the contents of this material. For advice regarding your particular situation, please contact info@ferrazwhitmore.com.

Published: April 20, 2026

Author: Anna Chen – Senior Associate, Asia-Pacific, Middle East & CIS

Anna Chen is a Senior Associate at Ferraz & Whitmore focusing on cross-border transactions, market entry, and dispute resolution across Asia-Pacific, Middle Eastern, and CIS jurisdictions. She supports international clients in navigating regulatory and commercial challenges in high-growth and emerging markets.