In order to achieve the objectives of the Common Foreign and Security Policy (CFSP), on 17th May the European Council established framework against cyber-attacks which allows the EU to impose restrictive measures and sanctions on persons or entities responsible for cyber-attacks or attempted ones, who provide support for said attacks or involved in other ways in such criminal actions.
“The EU recognises that cyberspace offers significant opportunities, but also presents continuously evolving challenges. It is concerned at the rise of malicious behaviour in cyberspace that aims at undermining the EU’s integrity, security and economic competitiveness, with the eventual risk of conflict”, states the Council press release.
Restrictive measures include a ban on persons travelling to the EU and an freeze asset on persons and entities. In addition, EU persons and entities are forbidden from making funds available to those listed.
The overmentioned restrictions will apply to significant cyber-attacks that:
- originate or are carried out from outside the EU or
- use infrastructure outside the EU or
- are carried out by persons or entities established or operating outside the EU or
- are carried out with the support of person or entities operating outside the EU.
You can find the offical Council press release here.