European Council extends cyber sanctions regime until 2021

The European Council adopted a decision extend the restrictive measures framework against cyber-attacks which threaten the EU or its member states by one more year to May 18, 2021.

The decision was announced on Thursday through a press release by the European Council.  

European Union (EU) will therefore keep its ability to impose targeted restrictive measures on persons or entities involved in cyber-attacks which cause a significant impact, and constitute an external threat to the EU or its member states.

Restrictive measures can also be imposed in response to cyber-attacks against third states or international organisations where such measures are considered necessary to achieve the objectives of the Common Foreign and Security Policy (CFSP).

Underlying purpose of the decision remains that of deterring and responding to cyber activities directed against the EU or its member states. Restrictive measures include a ban on persons travelling to the EU, and an asset freeze on persons and entities. In addition, EU persons and entities are forbidden from making funds available to those listed.

The decision comes just a few days after a declaration of the European Union and its member states on malicious cyber activities which exploit the coronavirus pandemic that noted the EU's determination to prevent, discourage, deter and respond to malicious cyber activities, including as a part of its wider response to the Covid-19 crisis.