The European Council this week announced its decision to extend for one year the framework for sanctions against cyberattacks that threaten the European Union and its member states.
Established in 2017, the framework allows member states to take restrictive measures against cyberattacks, including to prevent, discourage, deter and respond to malicious activities. Last year, the European Council announced a decision to extend the framework until May 18, 2021.
On Monday, the council announced that the framework has been prolonged until May 18, 2022. This means that the EU and member states may continue to take restrictive measures when dealing with cyberattacks.
At the moment, there are eight individuals and four entities that were sanctioned in accordance with the framework. The imposed restrictions include an asset freeze, a travel ban, and EU persons and entities being forbidden from providing funds to those sanctioned.
In July last year, the EU announced its very first sanctions, against Russian and Chinese individuals, as well as Chinese, North Korean, and Russian entities. A total of six individuals and three entities were named in connection with various cyberattacks, including WannaCry, NotPetya and Operation Cloud Hopper.
In October 2020, sanctions were imposed against two Russian officials over a cyberattack that hit the German parliament in 2015. Both were said to be part of Russia’s GRU military intelligence agency, which is also accused of hacking the Netherlands-based Organization for the Prohibition of Chemical Weapons in 2018.