On May 14 2020, the Council of the European Union (the “EU Council”) announced its decision to extend the sanctions regime on persons involved in cyberattacks (or attempted cyberattacks) targeting the EU, a member state, a third state or an international organization (the “Sanctions Regime”) for a year, i.e., until May 18, 2021.

The Sanctions Regime was adopted in May 2019 by the EU Council as one of the steps to strengthen EU cyber-resilience capabilities.1 Sanctions are typically asset freezes for those responsible for the attack and a prohibition of making funds available to these persons by EU persons or entities. These sanctions are subject to certain limited exceptions, which are common across other EU asset freeze regimes. Targeted individuals are additionally subject to travel bans, meaning that a member state must prevent these individuals from entering or transiting its territory.

Continue reading.