On 22 October 2020, the EU Council imposed restrictive measures on two Russian individuals, including the head of Russia’s military intelligence, and one body held responsible for the cyber-attack on the German Federal Parliament (Deutsche Bundestag) in April and May 2015. The attack targeted the parliament's information system and affected its ability to operate for several days.
These sanctions consist of a travel ban and an asset freeze imposed on the individuals, and an asset freeze imposed on the body. In addition, EU persons and entities are prohibited from making funds available to those listed.
The Council's decision means that a total of eight persons and four entities and bodies have been targeted by restrictive measures in relation to cyber-attacks targeting the EU or its member states. The relevant legal acts, including the names of the individuals and the body concerned, have been published in the Official Journal here.
The legal framework for restrictive measures imposed in response to cyber-attacks was put in place by the Council in May 2019 and first used in July 2020. The application of the sanctions regime is reviewed by the Council on a yearly basis, and was last extended until May 2021. Our thorough blog post on Cyber Sanctions can be found here.
EU Council’s press release can be found here.