1. On 17 May 2019, the Council of the European Union adopted Council Regulation (EU) 2019/797 (the Regulation) concerning restrictive measures against cyber-attacks threatening the Union or its Member States.
2. The Decision (CFSP) 2019/797 was adopted on 17 May 2019 and establishes a framework for targeted restrictive measures to deter and respond to cyber-attacks with a significant effect which constitute an external threat to the Union or its Member States.
3. The framework allows the EU to impose sanctions on persons or entities that are responsible for cyber-attacks or attempted cyber-attacks, who provide financial, technical or material support for such attacks or who are involved in other ways. Sanctions may also be imposed on persons or entities associated with them
4. At the date of this Notice, no individuals or entities have been included in Annex I of the EU Regulation.
What you must do
5. No further action is required at this time.
5. A copy of the Regulation can be obtained from the website of the Official Journal of the European Union:
6. Copies of recent Notices, certain EU Regulations and UK legislation can be obtained from the Cyber-Attacks financial sanctions page on the GOV.UK website: https://www.gov.uk/government/publications/financial-sanctions-cyber-attacks
7. The EU’s press release describing these changes can be found here:
8. For more information please see our guide to financial sanctions: