EU Plans Sanctions for Cyberattackers Acting on Behalf of Russia

In an effort to thwart adversaries launching cyberattacks, information manipulation, and interference campaigns on Russia's behalf, representatives from 27 European Union member states approved a sanctions mechanism. This new framework will allow the EU to target individuals, agencies or organizations that attempt to undermine the values of the member states or their "security, independence and integrity."

The EU said in a statement it had detected an increasing number of these pro-Russian activities: Targets included critical infrastructure as well as "instrumentalisation of migration and other disruption actions."

Earlier this year NATO warned of Russian "hostile state activity," against several EU nations, including Germany, the United Kingdom, Poland, the Czech Republic, Estonia, Latvia, and Lithuania. Many of the activities meant to undermine support for Ukraine wouldn't merit a military response, which left the EU countries and NATO trying to figure out how best to respond to these attacks.

The EU now has to determine which sanctions would be imposed for which types of actions. For example, hybrid threats including undermining elections, democratic institutions or the economy, or critical infrastructure attacks could result in asset freezes or travel bans. Hybrid in this context refers to actions carried out on behalf of a state to undermine the functioning of another country. As of now, no actual sanctions have been imposed using this system.