EU Extends Authority to Respond to Cyberattacks

The European Union (EU) on Friday agreed to new rules that will grant it authority to impose travel bans and asset freezes against individuals responsible for cyberattacks that pose a significant threat to the bloc.

The new rules come amid concerns by European and U.S. officials over cyberattacks related to election meddling or intellectual property theft by actors linked to Russia and China.

The measures, which aim to “deter and respond to cyberattacks which constitute an external threat to the EU,” would apply to actors responsible for attacks originating outside the bloc, the Council of EU member states said in a statement.

The bloc said it would also consider measures in response to attacks targeted at countries outside the EU or international organizations.

Bloomberg reported earlier this week that EU governments had reached a deal on the new sanctions regime.

“Our message to governments, regimes, and criminal gangs prepared to carry out cyberattacks is clear: Together, the international community will take all necessary steps to uphold the rule of law and the rules-based international system which keeps our societies safe,” U.K. Foreign Secretary Jeremy Hunt said in a statement.

EU member states in recent months had been mulling a joint response to attacks allegedly conducted by a Chinese state-linked hacker group known as APT 10, after the U.K. presented evidence about network infiltration.

The bloc in the end issued a statement in April, according to a person familiar with the matter, urging “actors to stop undertaking such malicious activities” but made no explicit mention of China or the hacker group. The statement was issued three days after a summit of EU and Beijing leaders in Brussels, where the bloc claimed it won important Chinese concessions over curbing subsidies to domestic industries and facilitating market access for foreign companies.