EU imposes first ever sanctions against cyber-attacks
For the first time ever, the EU has decided to impose restrictive measures based on cyber-attacks, the legal framework for doing so having been adopted in May 2019 (Decision (CFSP) 2019/797, Article 21 TEU). Yesterday the Council of the EU decided to impose a travel ban and asset freeze on six individuals and three entities responsible for or involved in cyber-attacks - relating to the Organisation for the Prohibition of Chemical Weapons and ‘WannaCry’, ‘NotPetya’ and ‘Operation Cloud Hopper’. It stated the purpose of doing so was to ‘prevent, discourage, deter and respond to continuing and increasing malicious behaviour in cyberspace’.
EU persons and entities are also forbidden from making funds available to those listed.