In the Council’s effort to deter cyber-attacks constituting an external threat to the EU or Member States, the EU can now impose targeted restrictive measures which include asset freezes on both persons and entities and a ban on people travelling to the EU.

Such restricted measures are considered necessary in light of the Common Foreign and Security Policy (CFSP) objectives and are applicable to cyber-attacks that are determined to have a significant impact,

Cyber-attacks falling within the scope of this new sanctions regime are those which have significant impact, including those which:

• “originate or are carried out from outside the EU or
• use infrastructure outside the EU or
• are carried out by persons or entities established or operating outside the EU or
• are carried out with the support of person or entities operating outside the EU.”

For more information, please see the Council of the EU Press Release here.