New regulation against cyber attacks

[Update September 17, 2020: Written by Nese Öztunc] As already explained in the lower part of this article, in May 2019 the EU created the legal framework for sanctions in case of cyberterror. Now, these sanctions have been applied for the first time against six individuals and three entities. You can read about which individuals and entities these restrictive measures apply to in the European Council’s Implementing Regulation (EU) 2020/1125 of July 30, 2020. SANSCREEN includes in its standard package the European CFSP list that governs financial sanctions. With our regular updates of our sanctioned party list screening software, we ensure you always have the latest information on sanctions and the certainty of not running afoul of the law.


[Article created on: June 25, 2019] The EU wants to maintain an open, stable and secure cyberspace. However, cyberspace offers more and more opportunities to negatively impact the integrity, security and economic competitiveness of the EU through malicious activities. Therefore, with Regulation (EU) 2019/796 of May 17, 2019 the EU has adopted a regulation that allows financial sanctions to be ordered against persons, entities or organizations related to cyberattacks. In the case of financial sanctions, no economic resources may be made available and funds will be frozen. The regulation covers cyberattacks that have a significant impact and pose an external threat to the Union or its member states. Even an attempt to carry out such an attack is covered by this regulation. A threat to the Union or one of its member states arises when, for example, services necessary for the maintenance of essential social and/or economic activities are attacked. Whether a cyberattack is significant depends on the factors described in Article 2. For example, how many individuals, organizations, and institutions are affected or the amount of economic damage is taken into account. The list of natural and legal persons, entities and bodies can be found in Annex I of the Regulation. Currently, this list does not yet contain any entries, but this regulation makes it clear that the EU has recognized the potential danger. In the event of cyber attacks, this regulation provides the tool to initiate measures as quickly as possible.


Sources: Maßnahmen gegen Cyberangriffe (Stand: June 18, 2019) VERORDNUNG (EU) 2019/796 DES RATES (Stand: June 18, 2019) Cyberangriffe: Rat kann jetzt Sanktionen verhängen (Stand: June 18, 2019)

Alexander Haun

Bei BEX bin ich im Bereich Produktmanagement tätig. Exportkontrolle, Warenursprung und Präferenzen gehören zu meinen Schwerpunktthemen. Für die fachlichen Beiträge zu den genannten Themengebieten bin ich im BEXblog verantwortlich. Haben Sie Fragen zu unseren Lösungen oder einem meiner Beiträge? Zögern Sie nicht uns zu kontaktieren.