Cyber related sanctions

Information as of: 31st July 2022

Latest Updates

Arms Embargo
Further Details
US EO 13694 01 Apr 2015 allows for the blocking of property of persons engaging in malicious cyber-enabled activities. Amended by EO 13757 28 Dec 2016, which allows for further sanctions related to cyber activities to be imposed and added individuals and entities to the SDN list. 15 Mar 2018, 13 individuals and 3 entities related to Russian interference in 2016 elections and malicious cyberattacks added to the list. Cyber related General License also updated 15 Mar 2018. 23 Mar 2018, 10 Iranian individuals and 1 entity designated for malicious cyber activities. 11 Jun 2018, several Russian firms and individuals designated under the EO and CAATSA for providing support to the Federal Security Bureau (FSB).  On the 30 March 2020 all restrictive measures under EO 13694 were renewed for a further year. All restrictive measures under EO 13694 were renewed for a further year wef 1 Apr 2021.  On the 30th March 2022 the US issued a notice of continuation of the national emergency in respect of malicious cyber-enabled activities as declared under EO 13694 for a further year until 1 April 2023.
EU On 17 May 2019 Council Regulation (EU) 2019/796 puts in place the framework for travel bans and asset freezing measures to be imposed on those “responsible for cyber-attacks or attempted cyber-attacks, who provide financial, technical or material support for such attacks or who are involved in other ways”. Measures stated under Council Regulation (EU) 2019/796 have been extended until 18 May 2021 under (CFSP) 2020/651. Restrictive measures stated under CFSP 2019/797 were extended until 18 May 2022 under CFSP 2021/796On the 30 Jul 2020 the first designations under the regime were implemented under (CFSP) 2020/1127. UK has put in place the  Cyber-Attacks (Asset-Freezing) Regulations 2019 which transpose the EU sanctions into UK law WEF 11 Jun 2019.  On the 16th May 2022 the EU renewed its cyber sanctions framework under CFSP/2022/754 until 18th May 2025 and its restrictive measures until 18th May 2023.
The Cyber-Attacks (Asset-Freezing) Regulations 2019 transpose EU restrictive measures against cyber-attacks into UK law wef: 11 Jun 2019. The Cyber (Sanctions) (EU Exit) Regulations 2020 wef: 31 Dec 2020 ensure sanctions aimed at furthering the prevention of certain cyber activity are implemented effectively after the UK leaves the EU.
This information has been collated by the International Underwriting Association of London and is intended as a guide only. The IUA does not accept any liability for the accuracy of this information.
This publication is intended to convey only general information about sanctions legislation and associated insurance coverage. It is not, and is not intended to be, a complete statement of the law relating to this area. It should not be relied on or be used as a substitute for legal advice in relation to any particular set of circumstances. Accordingly, IUA does not accept any liability for any loss which may arise from reliance on this information.