Restrictive Measures for Cyber Attacks against the German Bundestag
On 22 October 2020, the Council imposed restrictive measures against two persons and one body responsible for or involved in the cyberattacks on the German Federal Parliament (Deutscher Bundestag) in April and May 2015. The persons/body concerned belonged to the Russian military intelligence. The attack targeted the Parliament's information system and impaired its functionality for several days. A significant amount of data was stolen, and the email accounts of several Members of Parliament, including that of Chancellor Angela Merkel, were affected. The sanctions consist of a travel ban and the freezing of assets. In addition, persons and entities from the EU are prohibited from making funds available to those on the list.
Sanctions are one of the options available in the Union for a joint diplomatic response to malicious cyber-activities. They are part of the so-called "cyber diplomacy toolbox". Targeted restrictive measures against individuals/concrete entities are intended to prevent, discourage, deter and respond to persistent and increasing malicious behaviour in cyberspace directed against the EU or its member states. The Council used this tool in July 2020 for the first time. The legal framework was adopted in May 2019 (eucrim 2/2019, 99)