Sanctions Profile: Cyber-Attacks

At a glance

The EU adopted Council Regulation (EU) 2019/796 and Council Decision (CFSP) 2019/797 in May 2019 to establish a new sanctions regime to deter and respond to malicious cyber activities on EU member states, third states and international organisations.

The UK adopted The Cyber (Sanctions) (EU Exit) Regulations 2020 in January 2021 to further the prevention of cyber activity that undermines the integrity, prosperity or security of the UK, causes economic loss, undermines the effective functioning of international organisations or NGOs, or affects a significant number of persons in an indiscriminate manner.

Subscribe for full access

News

Sanction regimes renewed, third countries align with EU sanctions & Kingpin Act designations

Over the past month, multiple sanctions regimes have been renewed around the world: The US renewed its regime in respect of Yemen for 1 year by continuing the national emergency as declared; The EU adopted: Council Decision (CFSP) 2021/796, which renewed its cyber-attacks sanctions regime until 18 May 2022; and Council Implementing Regulation (EU) 2021/848 and Council Decision (CFSP) 2021/855, …

YemenYemen Cyber-AttacksCyber-Attacks SyriaSyria South SudanSouth Sudan LibyaLibya RussiaRussia TerrorismTerrorism

US renews 4 sanctions regimes for 1 year

In March 2021, the US renewed its sanctions regimes in respect of Zimbabwe, South Sudan, Iran and malicious cyber activities. Those sanctions have been renewed for 1 year by continuing the national emergencies declared in the Executive Orders that introduced and amended the respective regimes.

IranIran South SudanSouth Sudan ZimbabweZimbabwe Cyber-AttacksCyber-Attacks

Third countries align with EU sanctions on Venezuela & cyber-attacks

In November, the EU Council adopted: Decision (CFSP) 2020/1700, which renewed sanctions concerning Venezuela for 1 year; and Decision (CFSP) 2020/1748, which updated the identifying information of two people listed under the EU’s cyber-attacks sanctions regime. North Macedonia, Montenegro, Albania, Iceland, Norway, Ukraine and Georgia have aligned themselves with both decisions. Moldova and Liechtenstein have aligned themselves with the Venezuela …

VenezuelaVenezuela Cyber-AttacksCyber-Attacks

Third countries align with EU Nicaragua and cyber-attacks sanctions

In October 2020, the EU Council adopted: Decision (CFSP) 2020/1467, which renewed sanctions in respect of Nicaragua for 1 year; and Decision (CFSP) 2020/1537, which designated 2 Russian nationals and 1 entity for their involvement in the 2015 cyber-attack on the German Parliament. North Macedonia, Montenegro, Albania, Iceland, Norway, Ukraine and Georgia have aligned themselves with both decisions. Bosnia and …

NicaraguaNicaragua Cyber-AttacksCyber-Attacks

UK issues guidance on 4 sanctions regimes

The UK government has published guidance relating to the following 4 sanctions regimes: The Cyber (Sanctions) (EU Exit) Regulations 2020, Guidance; Bosnia and Herzegovina (Sanctions) (EU Exit) Regulations 2020, Guidance; Lebanon (Sanctions) (Assassination of Rafiq Hariri and others) (EU Exit) Regulations 2020, Guidance; and Nicaragua (Sanctions) (EU Exit) Regulations 2020, Guidance. The guidance covers best practice for compliance with prohibitions …

NicaraguaNicaragua LebanonLebanon Bosnia & HerzegovinaBosnia & Herzegovina Cyber-AttacksCyber-Attacks

Current Sanctions

EU UK

Consolidated

Council Regulation (EU) 2019/796

Parent Regulation

Council Regulation (EU) 2019/796

Amended by:

Council Implementing Regulation (EU) 2020/1124

Council Implementing Regulation (EU) 2020/1536

Consolidated

Council Decision (CFSP) 2019/797

Parent Regulation

Council Decision (CFSP) 2019/797

Amended by:

Council Decision (CFSP) 2020/651

Council Decision (CFSP) 2020/1127

Council Decision (CFSP) 2020/1537

Council Decision (CFSP) 2021/796

The Cyber (Sanctions) (EU Exit) Regulations 2020 (SI 2020/597)