The European Union may target a Russian and a Chinese entity, as well as several individuals, with sanctions over cyber attacks, adding to signs of increasing alarm in the bloc over network security.
Five diplomats familiar with the matter said talks on the proposed measures will begin as soon as this week, declining to name the entities targeted and the incidents concerned. Diplomats are typically wary of sharing details about sanctions in advance out of concern for legal action and that those targeted may move their assets to evade punitive measures, as reported by Bloomberg.
The move would be the first application of the EU's so-called cyber sanctions regime – a toolbox including travel bans and asset freezes intended to deter cyber attacks. The measures could help quell some U.S. concerns about the EU being soft on China, after the bloc resisted pressure from Washington to ban Huawei Technologies from next generation telecom networks, despite warnings about spying.
The adoption of sanctions requires unanimity among the EU's 27 members, a clause that has frequently paralyzed EU foreign policy decisions, amid competing national sensitivities and interests. One of the diplomats familiar with the matter said, however, that there is consensus in the bloc that there's little point in having a cyber sanctions tool, without using it.
The process, which starts with discussions between cyber security experts before EU governments are eventually requested to sign off, may take around two months, the diplomat said.