OpenSanctions
Open-source sanctions, PEP, and criminal-watchlist database — 2.1 million entities aggregated from 328 official sources, free for journalists and non-commercial use.
What should journalists know about OpenSanctions?
OpenSanctions is the most useful open dataset for sanctions and PEP research that has been built in the last decade. It aggregates 2.1 million entities from 328 official sources — OFAC, EU consolidated sanctions, UK HMT, UN Security Council, Interpol notices, national PEP registries, debarment lists, and watchlists from dozens of jurisdictions — into a single deduplicated, structured graph. The data updates daily for most collections and is published as bulk downloads, an API, and a searchable web interface. The project was founded by Friedrich Lindenberg, who built Aleph at OCCRP and ran its data team from 2016 to 2021. Aleph powered investigations into the Russian Laundromat, the Azerbaijani Laundromat, and dozens of other transnational money-laundering stories. Lindenberg spun OpenSanctions out of that work to focus specifically on entity data — sanctions, PEPs, sanctioned vessels, sanctioned aircraft, criminal designations — and to give the same dataset to journalists, banks, and compliance teams under one license. The technical work is the differentiator. OpenSanctions runs an open-source data pipeline (FollowTheMoney + Zavod) that normalizes wildly inconsistent government source files into a clean entity graph. Names are transliterated and deduplicated across alphabets. Date formats are standardized. Aliases, birth dates, passport numbers, and corporate registry IDs are linked. The result is a dataset you can actually query against a name in a story, instead of grepping 50 PDFs from 50 government websites. For journalists, the workflow is straightforward. Use the web search to check whether a person, company, or vessel appears on any sanctions or PEP list. Use the API to enrich a list of names from a leak or court filing. Download the bulk dataset for offline analysis. Cross-reference hits against ICIJ Offshore Leaks, Aleph, or company registries to map the broader network. The limits are real. OpenSanctions only aggregates published official sources — it will not surface unpublished intelligence, leaked documents, or beneficial-ownership data that governments do not release. PEP coverage is uneven across jurisdictions because national PEP registries are uneven. A negative result is not proof of innocence; it is proof of absence from these specific lists. Always verify hits against the original source URL, which OpenSanctions provides for every entity. The project is run by OpenSanctions Datenbanken GmbH, a Berlin-based company with about 15 staff as of late 2025. It is funded by commercial licensing revenue from compliance customers, which subsidizes the free non-commercial tier. The pipeline code, the schema (FollowTheMoney), and the data are all open. This is the trust architecture that makes OpenSanctions usable in investigations: you can verify exactly where every claim comes from.
Checking whether a person, company, vessel, or aircraft appears on any official sanctions or PEP list. Enriching leaked datasets or court filings with sanctions metadata. Cross-jurisdictional investigations involving Russian, Iranian, North Korean, or Venezuelan sanctions. Tracing oligarch networks and politically exposed persons. Building reproducible, citable evidence for stories that name individuals.
Beneficial-ownership investigations where the data is not in any government registry — use OCCRP Aleph and ICIJ datasets instead. General background checks on private individuals — OpenSanctions only covers people on official lists. Real-time alerting on emerging designations — daily updates are fast but not instant. Anything that requires unpublished intelligence.
Security & Privacy
Data is scrambled while being sent to their servers
Data is scrambled when stored on their servers
Where servers are located — affects which governments can request your data
Privacy policy summary
OpenSanctions collects minimal user data on the public website — basic analytics and account information for API users. Search queries on the public web interface are not tied to identifiable accounts unless you create one. API users authenticate with API keys and usage is logged for billing and abuse prevention. As a German entity, OpenSanctions operates under GDPR, which gives users rights to access, deletion, and data portability. The project publishes a Trust Center with detailed compliance documentation. The underlying entity data is itself public — every record links back to the original government source.
How to protect yourself:
For sensitive investigations, download the bulk dataset and run queries locally rather than querying the public API or web interface. The bulk download is a single file you can analyze offline with no logging. If you must use the API, use a dedicated API key per investigation and rotate it after the story publishes. Verify every hit against the original source URL OpenSanctions provides — do not cite OpenSanctions alone in a story. Cross-reference matches against ICIJ Offshore Leaks, Aleph, and corporate registries. Remember that absence from OpenSanctions is not proof of innocence — it only proves the entity is not on the lists OpenSanctions aggregates.
OpenSanctions runs on EU infrastructure under GDPR, with encryption in transit and at rest, minimal data collection, and a published Trust Center. The dataset itself is public and verifiable — every entity record links back to its original government source, which is the strongest possible form of provenance for investigative work. The pipeline code is open source. The project is run by a journalist with a decade of experience in investigative data work at OCCRP. There is no record of a security incident. For sensitive investigations, the bulk-download workflow lets journalists query offline with no server-side logging at all. Rating reflects strong baseline security plus an unusually transparent trust architecture.
Who Owns This
Known issues
Coverage depends on government transparency: OpenSanctions can only aggregate sources that are actually published. PEP coverage is excellent in jurisdictions with public PEP registries (most of the EU, the US, the UK) and weaker in jurisdictions that do not publish them. Beneficial-ownership data is generally not in OpenSanctions because most countries do not publish it. Name matching across alphabets is hard: Russian, Arabic, Chinese, and Persian names create transliteration challenges. OpenSanctions normalizes aggressively, but a query in one transliteration may miss a record in another. Search by date of birth, passport number, or corporate registry ID when possible. Negative results are not exonerating: A name not appearing in OpenSanctions only means it is not on the official lists OpenSanctions aggregates. It does not mean the person is not sanctioned in some jurisdiction not covered, not under investigation, or not a PEP in a country without a public registry. No leaked or unpublished data: OpenSanctions does not include leaked datasets, FinCEN files, Pandora Papers, or any non-public intelligence. For that, journalists need to use OCCRP Aleph, ICIJ Offshore Leaks, and direct collaboration with leak holders. Update lag for some sources: Most collections update daily. A few obscure or low-priority sources update weekly or monthly. Always check the source's "last updated" date in the entity record before relying on a result for time-sensitive reporting.
Pricing
Free for non-commercial use under Creative Commons Attribution-NonCommercial 4.0. Commercial users pay for either bulk data licenses or pay-as-you-go API access through opensanctions.org/licensing — pricing scales with usage and entity volume. Journalists working on commercial publications still qualify for free use under the non-commercial editorial exemption, though OpenSanctions encourages newsrooms to support the project.
This is an editorial assessment based on publicly available information as of 2026-04-07, using our published methodology. Independent security review is pending. Security posture can change at any time. This is not a guarantee of safety.
Something wrong or outdated? Report it.