EU, UK Announce Sanctions Regime Against Cyber Attacks

The United Kingdom published its 2019 Cyber Attacks (Asset Freezing) Regulations, which will impose new European Union sanctions announced May 17. The sanctions regime, established by the EU Council, allows the EU to “impose targeted restrictive measures to deter and respond to cyber-attacks” that “constitute an external threat” to the EU, according to the announcement. The regime also allows the EU to sanction people or entities who provide “financial, technical or material” support for cyber-attacks or “who are involved in other ways.” Sanctions include travel bans and asset freezes.

The U.K.’s regulations define terms in the new sanctions regime and describe the various penalties for violations, including bans on dealing with funds belonging to any sanctioned person or entity. The regulations contain a section about licenses that includes several conditions, including a requirement that licenses “specify the acts authorized” and the caveat that the license may be revoked “any time.” The regulations also contain a section on penalties for violators, which include imprisonment and fines.