Individuals and entities from North Korea, China and Russia, responsible for or involved in ‘WannaCry’, ‘NotPetya’, ‘Operation Cloud Hopper’ and the OPCW (Organisation for the Prohibition of Chemical Weapons) cyber attacks have been identified and received travel bans and an asset freeze in the first ever imposition of restrictive sanctions by the EU Council. EU persons and entities are also forbidden from making funds available to those listed.
In a public statement the EU says: “In order to better prevent, discourage, deter and respond to such malicious behaviour in cyberspace, the Council decided today to apply restrictive measures to six individuals and three entities or bodies involved in cyber-attacks with a significant effect, or attempted cyber-attacks with a potentially significant effect, which constitute an external threat to the European Union or its member states, or with a significant effect against third States or international organisations. The measures concerned are a travel ban and asset freeze to natural persons and an asset freeze to entities or bodies. It is also prohibited to directly or indirectly make funds available to listed individuals and entities or bodies.
In June 2017, the EU stepped up its ability to discourage, deter and respond to cyber threats and malicious cyber activities response by establishing a Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities (the “cyber diplomacy toolbox“). The EU and its member states can use all CFSP measures to protect the integrity and security of the EU and its member states.