On July 30, 2020, the Council of the European Union (the “Council”) imposed for the first time restrictive measures against six individuals and three entities responsible for or involved in various cyber attacks, including the “WannaCry,” “NotPetya” and “Operation Cloud Hopper” attacks and the attack against the Organization for the Prohibition of Chemical Weapons. Sanctions imposed by the Council include a travel ban, an asset freeze and a prohibition against making funds available to the sanctioned EU individuals and entities.
Sanctions are one of the tools available to the Council in the Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities (the “framework”), also known as the “cyber diplomacy toolbox,” which was adopted by the Council in May 2019. The framework allows the EU to impose targeted restrictive measures to deter and respond to cyber attacks. In particular, the framework allows the EU to impose sanctions on individuals or entities responsible for or involved in, e.g., by providing financial, technical or material support, (attempted) cyber attacks. This is the first time these sanctions have been used.
Read the press release.