Council regulation (EU) 2019/796 of 17 May 2019 concerning restrictive measures against cyber-attacks threatening the Union or its member states

According to this decision of the Council of the EU, the EU will be able to impose sanctions in response to cyber-attacks conducted or attempted against it. The decision, which builds on the existing cyber-diplomacy toolbox from 2017, provides a framework for EU responses to cyber-attacks that constitute an external threat to the EU or its members, as well as attacks against third countries or international organisations. The Council of the EU will be able to react on cyber-attacks – or attempted cyber-attacks – of significant impact, that originate or use infrastructure outside of the union, or are carried out or supported by persons or entities outside of the EU. Sanctions against persons or entities conducting or supporting cyber-attacks include EU travel bans, asset freezes, and bans regarding economic co-operation with EU entities.