CYBERATTACKS, EU COUNCIL EXTENDS SANCTIONS

On 17 May, the EU Council decided to extend for another year, until 18 May 2022, the framework of restrictive measures against cyber-attacks that threaten the European Union or its Member States.

It may not be public information, but the European Union imposes restrictive measures at   people, companies or entities, involved in cyber-attacks which have a significant impact and pose an external threat to the EU or its Member States. Such restrictive measures may also be imposed as a “political” response to cyber-attacks against third states or international organizations, where such sanctions are necessary to achieve the Union objectives of the Common Foreign and Security Policy (PESC). In June 2017, the EU established “Framework for a joint EU diplomatic response to malicious cyber activities” (defined as “cyber diplomacy tool packet”), which allows its Member States to use all PESC resources, including restrictive measures, if necessary, in order to prevent, and respond to dangerous cyber activities that threaten the integrity and security of the Union. The sanctions currently apply to eight individuals and four entities and include the freezing of goods and the access denied into the EU. In addition, it is forbidden for European subjects to finance, in any way, sanctioned subjects.