Sanctions Profile: Cyber-Attacks

At a glance

The EU adopted Council Regulation (EU) 2019/796 and Council Decision (CFSP) 2019/797 in May 2019 to establish a new sanctions regime to deter and respond to malicious cyber activities on EU member states, third states and international organisations.

The UK adopted The Cyber (Sanctions) (EU Exit) Regulations 2020 in January 2021 to further the prevention of cyber activity that undermines the integrity, prosperity or security of the UK, causes economic loss, undermines the effective functioning of international organisations or NGOs, or affects a significant number of persons in an indiscriminate manner.

Subscribe for full access

News

US renews 4 sanctions regimes for 1 year

In March 2021, the US renewed its sanctions regimes in respect of Zimbabwe, South Sudan, Iran and malicious cyber activities. Those sanctions have been renewed for 1 year by continuing the national emergencies declared in the Executive Orders that introduced and amended the respective regimes.

IranIran South SudanSouth Sudan ZimbabweZimbabwe Cyber-AttacksCyber-Attacks

Third countries align with EU sanctions on Venezuela & cyber-attacks

In November, the EU Council adopted: Decision (CFSP) 2020/1700, which renewed sanctions concerning Venezuela for 1 year; and Decision (CFSP) 2020/1748, which updated the identifying information of two people listed under the EU’s cyber-attacks sanctions regime. North Macedonia, Montenegro, Albania, Iceland, Norway, Ukraine and Georgia have aligned themselves with both decisions. Moldova and Liechtenstein have aligned themselves with the Venezuela …

VenezuelaVenezuela Cyber-AttacksCyber-Attacks

Third countries align with EU Nicaragua and cyber-attacks sanctions

In October 2020, the EU Council adopted: Decision (CFSP) 2020/1467, which renewed sanctions in respect of Nicaragua for 1 year; and Decision (CFSP) 2020/1537, which designated 2 Russian nationals and 1 entity for their involvement in the 2015 cyber-attack on the German Parliament. North Macedonia, Montenegro, Albania, Iceland, Norway, Ukraine and Georgia have aligned themselves with both decisions. Bosnia and …

NicaraguaNicaragua Cyber-AttacksCyber-Attacks

UK issues guidance on 4 sanctions regimes

The UK government has published guidance relating to the following 4 sanctions regimes: The Cyber (Sanctions) (EU Exit) Regulations 2020, Guidance; Bosnia and Herzegovina (Sanctions) (EU Exit) Regulations 2020, Guidance; Lebanon (Sanctions) (Assassination of Rafiq Hariri and others) (EU Exit) Regulations 2020, Guidance; and Nicaragua (Sanctions) (EU Exit) Regulations 2020, Guidance. The guidance covers best practice for compliance with prohibitions …

NicaraguaNicaragua LebanonLebanon Bosnia & HerzegovinaBosnia & Herzegovina Cyber-AttacksCyber-Attacks

UK post Brexit cyber sanctions regs published

The UK has published The Cyber (Sanctions) (EU Exit) Regulations 2020, which will come into force on “exit day” (currently 11pm on 31 December 2020). These regulations revoke The Cyber-Attacks (Asset-Freezing) Regulations 2019 (which currently implement the EU regime which targets those responsible for cyber-attacks on member states, third states or international organisations). “Relevant cyber-activity” that could be sanctionable under …

Cyber-AttacksCyber-Attacks

Current Sanctions

EU UK

Consolidated

Council Regulation (EU) 2019/796

Parent Regulation

Council Regulation (EU) 2019/796

Amended by:

Council Implementing Regulation (EU) 2020/1124

Council Implementing Regulation (EU) 2020/1536

Consolidated

Council Decision (CFSP) 2019/797

Parent Regulation

Council Decision (CFSP) 2019/797

Amended by:

Council Decision (CFSP) 2020/651

Council Decision (CFSP) 2020/1127

Council Decision (CFSP) 2020/1537

The Cyber (Sanctions) (EU Exit) Regulations 2020 (SI 2020/597)