18/05/2021 (Agence Europe) – The EU Council decided, on Monday 17 May, to prolong the framework for restrictive measures against cyber-attacks for one year, until 18 May 2022. This framework, adopted in May 2017, allows the EU to impose targeted restrictive measures on persons or entities involved in cyber-attacks which cause a significant impact and constitute an external threat to the EU or its Member States. Restrictive measures can also be imposed in response to cyber-attacks against third States or international organisations where such sanctions are considered necessary to achieve the objectives of the Common Foreign and Security Policy. Sanctions currently apply to eight individuals - six Russians and two Chinese - and four entities - two Russian, one Chinese and one North Korean (see EUROPE 12539/2, 12587/28). (CG)