On May 17, 2024, EU CNCL decided to extend sanctions regime until May 18, 2025.
In light of continuing and increasing malicious behavior in cyberspace, incl. behavior directed against third States, the reasons for including 6 persons and 2 entities in the list of natural and legal persons, entities, bodies subject to restrictive measures set out in Annex to Dec (CFSP) 2019/797 and Annex I to Reg 2019/796 should be updated.
Issued in OJ: Reg 2024/1390 of May 17, 2024 implementing Reg 2019/796 concerning restrictive measures against cyber-attacks threatening the Union or its Member States.
And Dec (CFSP) 2024/1391 of May 17, 2024 amending Dec (CFSP) 2019/797 on restrictive measures against cyber-attacks threatening the Union or its Member States.
On May 16, EU CNCL further extended cyber-attacks sanctions regime.
EU CNCL decided to prolong framework for cyber-attack sanctions for further 3 years.
Follows EU CNCL 2021 prolonged framework for sanctions for 1 year, see #105667.
Overview
Framework allows EU to impose restrictive measures on persons or entities involved in cyber-attacks which cause significant impact, or constitute external threat to EU, MSs.
Can be imposed in response to cyber-attacks against third states, international bodies.
If necessary to achieve objectives of the common foreign and security policy (CFSP).
Sanctions currently apply to 8 individuals, 4 entities, include asset freeze, travel ban.
EU persons and entities are forbidden from making funds available to those listed.
Decision to prolong the restrictive measures for 3 years shows EU strong commitment to enhance its resilience and ability to prevent, deter, and respond to cyber threats.
Effectiveness
The sanctions regime is to be extended to May 18, 2025.
May 17, 2022 Official Journal
On May 17, 2022, EU CNCL published in OJ Decision (CFSP) 2022/754 of 16 May 2022 amending Decision (CFSP) 2019/797 concerning restrictive measures against cyber-attacks threatening the Union or its Member States, effective on day after publication.
Provides for cyber attack sanctions regime to apply until May 18, 2025; while asset freeze and travel ban on currently listed persons/entities applies until May 18, 2023.
Amends Dec (CFSP) 2019/797 concerning restrictive measures against cyber-attacks threatening the Union or its Member States, effective on day after publication.
Cyber attack sanctions regime regime to apply until May 18, 2025, while asset freeze and travel ban on currently listed persons and entities shall apply until May 18, 2024.
May 17, 2024 Decision Extended
On May 17, 2024, EU CNCL decided to extend sanctions regime until May 18, 2025.
In light of continuing and increasing malicious behavior in cyberspace, incl. behavior directed against third States, the reasons for including 6 persons and 2 entities in the list of natural and legal persons, entities, bodies subject to restrictive measures set out in Annex to Dec (CFSP) 2019/797 and Annex I to Reg 2019/796 should be updated.
Issued in OJ: Reg 2024/1390 of May 17, 2024 implementing Reg 2019/796 concerning restrictive measures against cyber-attacks threatening the Union or its Member States.
And Dec (CFSP) 2024/1391 of May 17, 2024 amending Dec (CFSP) 2019/797 on restrictive measures against cyber-attacks threatening the Union or its Member States.
Regulators
EU CNCL
Entity Types
B/D; Bank; BS; Ins; Inv Co; MSB
Reference
OJ L, Dec (CFSP) 2024/1391, Reg 2024/1390, 5/17/2024; OJ L 129/16, 5/16/2023; Dec 2023/964, 5/15/2023; OJ L 138/16, 5/17/2022; Dec 2022/754, PR 5/16/2022; Dec(CFSP) 2019/797; Citation: Dec (CFSP) 2023/964; Dec (CFSP) 2019/797; Reg 2024/1390; Dec (CFSP) 2024/1391;
