What changed
This regulation updated the list of individuals or entities subject to EU sanctions for carrying out or supporting cyber-attacks that threaten the EU or its member states. It was issued on 11 May 2026 and took effect on 13 May 2026, but has since been repealed, meaning it has been superseded by a newer measure.
Who is affected
The sanctions primarily affect individuals, organisations, and businesses directly listed — freezing their assets and imposing travel bans within the EU. Businesses and financial institutions in the EU are indirectly affected, as they are prohibited from dealing with listed parties.
What to look out for
→ Since this regulation has been repealed, it is worth checking the current EU sanctions list on the official EU Sanctions Map or EUR-Lex to see which measures are now in force regarding cyber-attack-related restrictions.
⚠️ This explanation was created with AI assistance and may be inaccurate or incomplete. It is not legal advice. Before taking action, check the official text and consult a qualified lawyer.
Original law: 32026R1078 — Check the official text before relying on this explanation.