New regulation against cyber attacks

[Update 17 September 2020: Written by Nese Öztunc]

As explained in the lower part of this article, in May 2019 the EU created the legal framework for sanctions in the case of cyber-terrorism. Now, for the first time, these sanctions have been applied to six persons and three entities. The persons and entities affected by these restrictive measures can be found in the Implementing Regulation (EU) 2020/1125 of the European Council of 30 July 2020.

SANSCREEN includes the European CFSP list, which regulates financial sanctions, in the standard package. With our regular updates of our software for sanctioned party list screening, we ensure that you always have the latest information on sanctions and the security of not coming into conflict with the law.

[Article created on: 25 July 2019]

The EU wants to preserve an open, stable and secure cyberspace. However, cyberspace offers increasing opportunities for malicious activities to have a negative impact on the integrity, security and economic competitiveness of the EU.

For this reason, the EU has issued a regulation with the regulation (EU) 2019/796 of 17 May 2019, which makes it possible to order financial sanctions against persons, institutions or organizations involved in cyber attacks. In case of financial sanctions no economic resources may be made available and funds are frozen.

The Regulation covers cyber attacks that have a significant impact and pose an external threat to the Union or its Member States. Even the attempt of such an attack is covered by the Regulation. A threat to the Union or one of its Member States arises when, for example, services necessary for the maintenance of essential social and/or economic activities are attacked. Whether a cyber attack is significant depends on the factors described in Article 2. These factors include, for example, how many people, organizations and institutions are affected or the extent of the economic damage.

The list of natural and legal persons, entities and bodies is contained in Annex I to the Regulation. At present, this list does not contain any entries, but this Regulation makes it clear that the EU has recognised the potential danger. In case of cyber attacks, this regulation provides the tool to take action as soon as possible.


Protection against cyber attacks – Maßnahmen gegen Cyberangriffe (Status from: 18.06.2019)

COUNCIL REGULATION (EU) 2019/796 – VERORDNUNG (EU) 2019/796 DES RATES (Status from: 18.06.2019)

Cyber attacks: Council can now impose sanctions- Cyberangriffe: Rat kann jetzt Sanktionen verhängen (Status from: 18.06.2019)


Alexander Haun

Bei BEX bin ich im Bereich Produktmanagement tätig. Exportkontrolle, Warenursprung und Präferenzen gehören zu meinen Schwerpunktthemen. Für die fachlichen Beiträge zu den genannten Themengebieten bin ich im BEXblog verantwortlich. Haben Sie Fragen zu unseren Lösungen oder einem meiner Beiträge? Zögern Sie nicht uns zu kontaktieren.