EU extends cyber-attack sanctions listings until 18 May 2027
This website is the official website of the Council of the EU and the European Council. It is managed by the General Secretariat of the Council, the body of staff responsible for assisting the Council of the EU and the European Council.
The Council today decided to prolong the restrictive measures (sanctions) against actors involved in cyber-attacks threatening the EU and its member states for a year, until 18 May 2027. The legal framework for these measures had already been extended until 18 May 2028.
This sanctions regime allows the EU to impose targeted restrictive measures on persons or entities involved in cyber-attacks with a significant effect which constitute an external threat to the EU or its member states. Restrictive measures can also be imposed in response to cyber-attacks against third states or international organisations, where such measures are considered necessary to achieve the objectives of the Common Foreign and Security Policy (CFSP).
With these restrictive measures, the EU seeks to deter malicious cyber activities and uphold the international rules-based order by ensuring that those responsible are held accountable. Listings under this regime currently apply to 19 individuals and 7 entities.
Those listed are subject to an asset freeze, and EU citizens and companies are forbidden from making fundsor economic resources available to them. Natural persons also face a travel ban that prohibits them from entering or transiting through EU territories.
These individual listings will continue to be reviewed every 12 months. The EU and its member states will continue to cooperate with our international partners to promote an open, free, stable and secure cyberspace.
The Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities (the "cyber diplomacy toolbox") was established in June 2017. It allows the EU and its member states to use all CFSP measures, including restrictive measures if necessary, to prevent, discourage, deter and respond to malicious cyber activities targeting the integrity and security of the EU and its member states.
