The Council of the EU decided to extend till 18.05.2021 the framework of the restrictive measures against cyber-attacks which pose threats to the EU or its members. This way the EU will be able to impose targeted restrictive measures on persons or entities involved in cyber-attacks with a significant impact and an external threat to the European Union or its member states.
Restrictive measures can also be imposed for cyber-attacks against third countries or international organisations. Cyber sanctions include a ban on persons travelling to the EU and an asset freeze on persons and entities. Also, EU persons and entities are forbidden from making funds available to those listed.
On 30.04 the High Representative Josep Borrell, on behalf of the European Union, made a statement on malicious cyber activities exploiting the coronavirus pandemic. “The European Union and its Member States condemn this malicious behaviour in cyberspace, express solidarity with all countries that are victims of malicious cyber activities and underline their continued support to increase global cyber resilience,” reads the statement. The EU called upon every country “to exercise due diligence and take appropriate actions against actors conducting such activities from its territory”.
In the last few years, the EU has scaled-up its resilience and ability to prevent, discourage, deter, and respond to cyber threats and malicious cyber activities to safeguard European security and interests. In June 2017, the EU established a Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities (the “Cyber Diplomacy Toolbox”). In April 2019, the Council adopted a regulation called the ‘Cybersecurity Act’, which introduces a system of EU-wide certification schemes and an EU Agency for Cyber Security to take over from the existing European Union Agency for Network and Information Security.