-
Why this clause exists —
Midnight Sun CTF & Conference is organised in Sweden and is open to the global security-research community.
We believe individual hackers should never be judged by the actions of their governments.
However, as an EU Member State, Sweden and all legal entities organized under Swedish law are legally bound by EU Council Regulations that prohibit providing “funds or economic resources” to persons or organisations listed under EU sanctions.1 -
What this means in practice
- No cash-equivalent rewards (including prize money, travel stipends, accommodation or in-kind vouchers) will be paid, directly or indirectly, to any person or entity that appears on the EU consolidated sanctions list, or that is owned or controlled by such a person or entity.2
- Russia-specific note — because Russia is subject to the widest and most comprehensive sanctions regime ever adopted by the EU (over 2 400 listings and additional sectoral bans), applicants or finalists who are resident in the Russian Federation should expect enhanced scrutiny.3
- Corporate & team entries — any company-sponsored team must certify that neither the company nor any parent, subsidiary, director or 50 %+ shareholder is a sanctioned person or entity. Special attention is paid to firms active in cyber-security, dual-use technology, crypto-currency services or logistics, as these sectors are frequently black-listed for sanctions evasion.
-
Background-check process — finalists from, or with links to, jurisdictions subject to EU sanctions will be asked to provide verifiable information so that we can confirm eligibility. Checks may cover:
- Identity and criminal-record screening
- Credit and financial-sanctions screening (incl. OFAC, EU and UN lists)
- Recent employment and education history
- Confirmation that travel funding will not violate export-control or dual-use rules
- Equal-treatment guarantee — screening is conducted solely to meet legal obligations. Midnight Sun CTF & Conference does not tolerate discrimination on the basis of nationality, ethnicity, race, religion, gender, sexual orientation, disability or any other protected ground under Sweden’s Discrimination Act (2008:567).5
- Appeals & liability — if a prize is withheld because of a positive sanctions hit, the entrant will be notified and given the opportunity to prove that the listing does not apply. Under EU law, organisations that withhold funds in good-faith compliance with a sanctions regulation incur no civil liability.6
- Contact point — questions about this clause or requests for data-access under GDPR should be sent to [email protected].
1 EU sanctions adopted via Art 29 TEU & implemented by directly binding regulations under Art 215 TFEU.
2 Art 2(2), Council Regulation (EU) No 269/2014 (Russia-related asset-freeze regime).
3 European Commission press releases, 2024-2025: “massive and unprecedented” sanctions against Russia; ≈2 400 listings.
4 GDPR, Art 5(1) — principles of lawfulness, fairness, transparency, purpose limitation & data minimisation.
5 Swedish Discrimination Act (2008:567).
6 Art 10, Council Regulation (EU) No 269/2014 — liability shield for good-faith compliance.