On December 31, 2015, the Treasury Department’s Office of Foreign Assets Control (OFAC) issued new regulations that codify the U.S. CyberRelated Sanctions program. These regulations (31 C.F.R. Part 578) implement President Obama’s Executive Order 13694 entitled “Blocking the Property of Certain Persons Engaging in Significant Malicious CyberEnabled Activity” issued on April 1, 2015. While the OFAC codification is a necessary step in implementing the cyber-related sanctions, OFAC’s regulations leave many unanswered questions about how and when OFAC will exercise its authority in practice, which will be answered in supplemental regulations.

As King & Spalding previously reported, EO 13694 is a broad and flexible tool authorizing sanctions on individuals or entities that are responsible for, complicit in, or engage in malicious cyber-enabled activities originating or directed from abroad. The cyber-enabled activities must significantly threaten the national security, foreign policy, or economic health or financial stability of the United States. In addition, the activities must have the purpose or effect of...