This document is an excerpt from the EUR-Lex website
They introduce a framework which allows the EU to impose sanctions to deter and respond to cyber-attacks* constituting an external threat to the EU or to EU countries. These cyber-attacks include those against non-EU countries or international organisations where action is considered necessary to achieve the EU’s common foreign and security policy objectives.
Sanctions for listed persons and entities
Cyber-attacks
The cyber-attacks falling within the scope of this new sanctions regime are those which have significant impact and which:
Cyber-attacks which are a threat to EU countries include those affecting information systems relating to:
They have applied since 18 May 2019.
A joint communication issued in June 2018 pointed out that activities by State and non-state actors such as cyber-attacks disrupting the economy and public services, through targeted disinformation campaigns, to hostile military actions continue to pose a serious and acute threat to the EU and to EU countries. It identified areas where action should be intensified to further deepen and strengthen the EU contribution to addressing these threats, and called upon EU countries and the Commission to ensure swift follow-up.
In October 2018, in the wake of the cyber attacks on the Organisation for the Prohibition of Chemical Weapons, the European Council adopted conclusions calling for measures to be drawn up to further strengthen the EU’s deterrence, resilience and response to hybrid, cyber as well as chemical, biological, radiological and nuclear threats. The Council was called upon to devise a sanctions regime specific to cyber-attacks.
See also:
Council Decision (CFSP) 2019/797 of 17 May 2019 concerning restrictive measures against cyber-attacks threatening the Union or its Member States (OJ L 129I, 17.5.2019, pp. 13-19)
Successive amendments to Decision (CFSP) 2019/797 have been incorporated in the original text. This consolidated version is of documentary value only.
Council Regulation (EU) 2019/796 of 17 May 2019 concerning restrictive measures against cyber-attacks threatening the Union or its Member States (OJ L 129I, 17.5.2019, pp. 1-12)
Successive amendments to Regulation (EU) No 2019/796 have been incorporated in the original text. This consolidated version is of documentary value only.
Joint communication to the European Parliament, the European Council and the Council — Increasing resilience and bolstering capabilities to address hybrid threats (JOIN(2018) 16 final, 13.6.2018)
last update 18.05.2022