The European Union has imposed today its first ever cyber-sanctions against six individuals and three entities involved in significant cyber-attacks or attempted cyber-attacks against the EU or its Member States. The sanctions include travel bans and the freezing of assets. It is also forbidden for EU persons and entities to make funds available to those individuals and entities listed.
Since 2017, the EU has put in place a comprehensive cyber diplomacy toolbox, including an autonomous horizontal cyber sanctions regime adopted in May 2019, to prevent, deter and respond to malicious behaviour in cyberspace. This regime allows the EU to impose sanctions on persons or entities involved in cyber-attacks threatening the EU or its member states, or attempted cyber-attacks, regardless of the nationality or location of the perpetrator. Sanctions are also possible for cyber-attacks against third States or international organisations.
The EU and its Member States are concerned by the rise of malicious behaviour in cyberspace by both state and non-state actors, including the abuse of Information and Communications Technologies (lCTs) for malicious purposes, including cyber-enabled theft of intellectual property.
Malicious cyber activities threaten the integrity, security and economic competitiveness of the EU and undermine international security and stability potentially leading to destabilising and cascading effects with enhanced risks of conflict. They also threaten the very functioning of our democracies, our freedoms and our values.
The EU remains committed to a global, open, stable, peaceful and secure cyberspace. With the imposition of the first targeted measures under the cyber sanctions regime, the EU is determined to prevent, deter and respond to continuing and increasing malicious behaviour in cyberspace.