The Council has established a framework (Council Regulation (EU) 2019/796)which allows the EU to impose sanctions in relation to cyber-attacks which constitute an external threat to the EU or its Member States.
It also includes cyber-attacks against third States or international organisations where restricted measures are considered necessary to achieve the objectives of the Common Foreign and Security Policy.
The Regulation is not aimed at any particular country, but is intended to catch all external cyber threats. To be clear, the regulation does not target specific third countries but specific malicious actors.
Cyber-attacks constituting an external threat include those which:
- originate, or are carried out, from outside the Union;
- use infrastructure outside the Union;
- are carried out by any natural or legal person, entity or body established or operating outside the Union; or
- are carried out with the support, at the direction or under the control of any natural or legal person, entity or body operating outside the Union.
Cyber-attacks are actions involving:
- access to information systems;
- information system interference;
- data interference; or
- data interception,
The restrictions include a ban on persons travelling to the EU, and an asset freeze on persons and entities. In addition, EU persons and entities are forbidden from making funds available to those listed.
This Regulation applies :
- within the territory of the Union, including its airspace;
- on board any aircraft or vessel under the jurisdiction of a Member State;
- to any natural person inside or outside the territory of the Union who is a national of a Member State;
- to any legal person, entity or body, inside or outside the territory of the Union, which is incorporated or constituted under the law of a Member State;
- to any legal person, entity or body in respect of any business done in whole or in part within the Union.
The European Union and its Member States are concerned by the rise in malicious behaviour in cyberspace that aim at undermining the EU’s integrity, security and economic competitiveness. Those partaking in such activities have been urged to stop, and there’s been calls for all partners to strengthen international cooperation to promote security and stability in cyberspace.
