Restrictive measures against cyber-attacks threatening the Union or its Member States
Restrictive measures against cyber-attacks threatening the Union or its Member States is a sanctions program maintained by European Union Council (EU). It imposes asset freeze and travel ban.
Last updated 2 Jun 2026
Overview
Through the adoption of the “Cyber Diplomacy Toolbox” on 19 June 2017, the Council stressed the growing need to protect the integrity and security of the EU, its Member States and their citizens against cyber threats and malicious cyber activities. At the European Council on 18 October 2018, Member States called for the introduction of a new EU sanctions regime to build up the EU and its Member States’ capacity to respond to and to deter cyber-attacks. The Council established the new sanctions regime on 17 May 2019, introducing targeted restrictive measures against cyber-attacks threatening the Union or its Member States. The measures consist of asset freeze and travel ban of persons and/or entities responsible for cyber-attacks or attempted cyber-attacks, as well as those involved in or offering financial, technical or material support for these attacks and those who assist, encourage, facilitate or are associated with them. Adopted by: EU.
Legal bases
- Council Regulation concerning restrictive measures against cyber-attacks threatening the Union or its Member States
- Council Decision concerning restrictive measures against cyber-attacks threatening the Union or its Member States