On May 16, EU CNCL further extended cyber-attacks sanctions regime.
EU CNCL decided to prolong framework for cyber-attack sanctions for further 3 years.
Follows EU CNCL 2021 prolonged framework for sanctions for 1 year, see #105667.
Overview
Framework allows EU to impose restrictive measures on persons or entities involved in cyber-attacks which cause significant impact, or constitute external threat to EU, MSs.
Can be imposed in response to cyber-attacks against third states, international bodies.
If necessary to achieve objectives of the common foreign and security policy (CFSP).
Sanctions currently apply to 8 individuals, 4 entities, include asset freeze, travel ban.
EU persons and entities are forbidden from making funds available to those listed.
Decision to prolong the restrictive measures for 3 years shows EU strong commitment to enhance its resilience and ability to prevent, deter, and respond to cyber threats.
Effectiveness
The sanctions regime is to be extended to May 18, 2025.
May 17, 2022 Official Journal
On May 17, 2022, EU CNCL published in OJ Decision (CFSP) 2022/754 of 16 May 2022 amending Decision (CFSP) 2019/797 concerning restrictive measures against cyber-attacks threatening the Union or its Member States, effective on day after publication.
Provides for cyber attack sanctions regime to apply until May 18, 2025; while asset freeze and travel ban on currently listed persons/entities applies until May 18, 2023.
Amends Dec (CFSP) 2019/797 concerning restrictive measures against cyber-attacks threatening the Union or its Member States, effective on day after publication.
Cyber attack sanctions regime regime to apply until May 18, 2025, while asset freeze and travel ban on currently listed persons and entities shall apply until May 18, 2024.
Regulators
EU CNCL
Entity Types
B/D; Bank; BS; Ins; Inv Co; MSB
Reference
OJ L 129/16, 5/16/2023; Dec 2023/964, 5/15/2023; OJ L 138/16, 5/17/2022; Dec 2022/754, PR 5/16/2022; Dec(CFSP) 2019/797; Citation: Dec (CFSP) 2023/964; Dec (CFSP) 2019/797;