Council Decision on restrictive measures against cyber-attacks



14 May 2019


The Council of the European Union


“Council Decision concerning restrictive measures against cyber-attacks threatening the Union or its Member States” establishes a framework which allows the EU to impose targeted restrictive measures to deter and respond to cyber-attacks which constitute an external threat to the EU or its member states.

This Decision allows the EU to sanction persons or entities that are responsible for cyber-attacks or attempted cyber-attacks; that provide financial, technical or material support for such attacks; that are involved in other ways. Sanctions may also be imposed on persons or entities associated with them. This framework also applies to cyber-attacks against non-EU states or international organisations where restrictive measures are considered necessary to achieve the objectives of the Common Foreign and Security Policy.