When the United States and European Union (EU) imposed sanctions on Russia after the Kremlin’s full-scale invasion of Ukraine, they did so with fanfare. The goal was clear: restrict military development, isolate key industrial inputs, and stall the country’s ability to modernize its war machine. But the reality has turned out to be far messier than the headlines suggested. According to a cache of more than two million procurement documents, leaked and then analyzed by investigative reporters, Western-manufactured goods are embedded inside Russia’s nuclear missile infrastructure.
Reporting on the leak, by Danwatch and Der Spiegel on May 28, was not speculative. It included detailed blueprints, vendor names, model numbers, and product specifications. Among the companies named were Danfoss, Grundfos, Rockwool, and Knauf. These were not cases of gray-market repackaging or counterfeit parts. These were direct product references, sometimes with clauses in official tenders prohibiting substitutions. In some cases, the documents even laid out exactly where inside the base the parts were to be installed.
Some deliveries occurred before the 2022 invasion, others after. But the deeper point is that the products were known, expected, and demanded. Blueprints for underground command centers called for Danfoss valves. Tunnel insulation specs matched Rockwool’s product lines. Russian engineers marked up their plans in Cyrillic, but the parts list read like a European trade expo. These were not occasional one-offs. They were systemic, intentional, and in some cases, locally sourced from still-operating subsidiaries.
The companies, for their part, have denied knowing their products were involved. Some say they exited Russia after the invasion and can’t control what happened after the fact. Others point out, correctly, that certain goods – such as valves, pumps, plaster – are not classified as military hardware. But those defenses do not hold up under scrutiny. Rockwool, for example, continued operating four factories inside Russia in 2023. Knauf’s materials were produced locally in full view of the Kremlin. Danfoss and Grundfos had both been named explicitly in design documents dating back longer than a decade, and their products kept appearing on schematics even after they ceased direct operations.
The leaked materials reveal a much larger problem. Western sanctions on the Kremlin focus on the products companies are exporting. But often do not account for the companies – and products – that were allowed to stay inside Russia. The regulatory architecture around sanctions and dual-use goods wasn’t designed to handle companies that operate on both sides of a war. If a firm shuts down direct sales but leaves its Russian factory running, who owns the outcome? If a brand is so established that its components are specified in military contracts long after withdrawal, does its exit even matter?
These are not just theoretical questions. They speak to a foundational blind spot in modern sanctions enforcement: the assumption that presence ends with policy. If a company issues a press release and sells off an asset, policymakers assume that its footprint has vanished. But brands do not vanish. Distribution networks do not evaporate. The documents make that plain. Products continue to flow, sometimes as if nothing changed.
The EU has passed seventeen waves of sanctions since 2014. Each one has tried to tighten the noose around military procurement. But enforcement remains fragmented. There is no unified export authority in Brussels. Instead, member States manage compliance individually, with varying degrees of urgency and capability. A contractor in Germany might face scrutiny that a similar firm in Greece never encounters. By the time goods flow from a distributor in Istanbul through a warehouse in Almaty, Kazakhstan and into a rail shipment bound for a Russian military district, no EU country is tracking the chain.
The United States is not immune either. Agencies like BIS and OFAC have stepped up alerts and guidance, but actual enforcement tends to lag behind known violations. Exporters fill out forms, run names through screening software, and move forward. Once a shipment reaches a sanctioned entity via a third-party intermediary, there is rarely a reckoning. Compliance officers cite due diligence. Regulators blame complexity. Everyone claims the system works.
It does not. Or rather, it works just well enough to look functional while allowing the essentials to slip through. That is what the leaked materials show in granular detail. Western components did not end up in Russia’s nuclear silos by accident. They got there because the system lets them -- not just through loopholes, but because it is widely believed that once a sale is made, the seller’s responsibility ends.
In past cases, we’ve seen how fragile that logic can be. In 2014, Germany’s Brenntag AG routed sarin precursors to Syria through its Swiss subsidiary. Years earlier, Iran’s centrifuge program thrived on European vacuum pumps re-exported from Dubai. North Korea built its missile fleet with electronics purchased in Shenyang. The pattern is always the same. The paperwork looks good. End-use statements are signed. Then, years later, investigators find Western-made parts in bombs, drones, and silos.
That history should have made sanctions enforcement smarter. Instead, the West is still playing defense. The fact that Knauf’s drywall ended up reinforcing hardened missile silos in Yasny is not a glitch. It is a direct result of trusting distributors and ignoring how global supply chains work. And while Danfoss and Grundfos may have exited Russia, their legacy lives on, both in schematics still archived in Russia’s procurement system and with the contractors still building to those specs.
So far, there has been no official investigation, despite calls from Der Spiegel. There has been no public audit. No agency has released a list of implicated firms. There has been media coverage, pressure from non-governmental organizations (NGOs), and a few vague corporate statements. But regulators have been silent. That silence is not neutral, it is complicit. Because if no one speaks, the story becomes less about what happened and more about what the United States and the EU are willing to tolerate.
The familiar feel of this story is especially alarming. This is not a wake-up call. It is a rerun. The systems in place which are supposed to control the movement of sensitive goods, restrict their use, and penalize misuse, are outdated. They do not keep pace with modern logistics, with transshipment hubs, with layered ownership structures and shell vendors scattered across multiple countries. A product leaves a Danish factory and shows up on a Russian military site two years later, and regulators shrugs. That shrug is the real risk.
The risk is systemic and not just about one country, one set of factories, or even one war. It is about the way Western governments respond, or fail to respond, when Western brands turn up in places they should not. If this is what leaks uncover, what is being missed in the day-to-day churn of procurement? What is being rationalized, or worse, normalized?
Legal frameworks around export controls often come down to checklists. If a form is filed, if a box is checked, if a product code is not on a list, then the transaction proceeds. But intent does not travel on paperwork. And the further away a transaction gets from its origin, the harder it becomes to assign accountability. That is the reality this massive leak further exposes: a long paper trail of compliant behavior that ends in a nuclear weapons complex.
For companies, this is more than a headline problem. It cuts to the core of what Environmental, Social and Governance (ESG) means in real practice. Companies cannot trumpet ethics on their homepage while its insulation ends up inside a Russian missile bunker. Firms cannot claim disengagement while their locally owned subsidiary continues to produce materials for state-linked construction projects. Stakeholders see through that. And they should.
Public trust, once shaken, does not reset with a statement. Investors, policymakers, and the public want accountability, not abstraction. They want proof that companies understand not just the rules but the risks, especially when those risks are geopolitical.
Sanctions cannot just be policy theater. They have to carry weight. That means enforcement that reaches beyond headlines. It means audits that go past the first sale. It means a shift, from assuming the best to verifying the outcome.
Western governments do not need a new sanctions package. They need to follow through, with regulators asking harder questions, not just of exporters, but of themselves. Why haven’t regulators required end-use audits? Why haven’t subsidiaries been brought under control? Why do regulators accept plausible deniability as policy?
The Russian missiles being upgraded are not theoretical. The materials used are not conceptual. And the blueprint trail is not speculative. It’s written in Cyrillic, stamped with supplier IDs, and stored in government servers that, somehow, ended up in the wide open.
