On 30 July 2020, the European Council announced its decision to impose sanctions against six individuals and three entities for their involvement in various cyber-attacks. The sanctions imposed include a travel ban and an asset freeze against the sanctioned parties, which include four members of Russia’s GRU military intelligence unit and two Chinese nationals.
The full text of the Council decision is available here.
The sanctions mark the first time the EU has used its “cyber diplomacy toolbox” to impose sanctions against cyber-attacks. The “toolbox” was established in June 2017 (see our previous update here) as part of the EU’s Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities. The framework allows the EU and its member states to use various restrictive measures, including sanctions, to prevent / deter cyber-attacks against the EU. The legal framework for targeted restrictive measures was adopted in May 2019 (Council Regulation (EU) 2019/76) (see here).
In a coordinated press release, Josep Borrell, the EU foreign affairs chief, stated that the sanctions were part of the EU’s response to “promote international security and stability in cyberspace”.
