The European council announced today that it will impose “restrictive measures against six individuals and three entities responsible for or involved in various cyber-attacks. These include the attempted cyber-attack against the OPCW (Organisation for the Prohibition of Chemical Weapons) and those publicly known as ‘WannaCry’, ‘NotPetya’, and ‘Operation Cloud Hopper’.”
The measures will include a travel ban and asset freeze, and constitute the very first sanctions the EU implements in response to nation-state cyberattacks. This comes as part of the Framework for a Joint EU Diplometic Response to Malicious Cyber Activities (aka the cyber diplomacy toolbox), which entitles the member states and the European Council to apply restrictive measures as a deterrent for cyber attacks.
Importantly, the Council’s announcement specifies that “Targeted restrictive measures have a deterrent and dissuasive effect and should be distinguished from attribution of responsibility to a third state.”