The European Union has imposed its first ever cyber sanctions against six individuals and three entities involved in significant cyber-attacks or attempted cyber-attacks against the EU or its Member States.
What has happened?
The European Union has imposed restrictive measures against six individuals and three entities responsible for or involved in various cyber-attacks, including the attempted attack against the Organisation for the Prohibition of Chemical Weapons and the cyber-attacks known as 'WannaCry', 'NotPetya', and 'Operation Cloud Hopper'.
The sanctions include travel bans, asset freezes and a ban on EU persons and entities to make funds available to the individuals and entities listed.
What does this mean?
The EU has in recent years scaled up its resilience and ability to prevent and respond to cyber threats and malicious cyber activities to safeguard European security and interests.
In 2017, the EU established a Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities (the 'cyber diplomacy toolbox'), which allows the EU and Member States to use Common Foreign and Security Policy (CFSP) measures to prevent, discourage, deter and respond to malicious cyber activities that target the integrity and security of the EU and its Member States.
The regime enables the EU to impose sanctions on persons or entities involved in cyber-attacks that threaten the EU, regardless of the perpetrator's nationality or location. Sanctions are also possible for cyber-attacks against third States or international organisations.
In a Declaration by the High Representative Josep Borrell on behalf of the EU in response to the cyber sanctions imposed, he said:
"The measures follow the European Union and member states consistent signalling and determination to protect the integrity, security, social wellbeing and prosperity of our free and democratic societies, as well as the rules-based order and the solid functioning of its international organisations. We will continue to strengthen our cooperation to advance international security and stability in cyberspace, increase global resilience and to raise awareness on cyber threats and malicious cyber activities."
The EU is increasingly concerned by the rise in malicious behaviour in cyberspace by state and non-state actors, including the abuse of Information and Communications Technologies for malicious purposes, such as cyber-enabled theft of intellectual property.