Cyber-Attacks (Asset-Freezing) Regulations 2019


Share

Key Theme(s) EU Regulations; Cyber-Attacks; Assets; and Freezing Injunctions.

Whilst the UK persists in its membership of the EU, it is still required to implement any EU Council Regulations into domestic law. On 11 June 2019, the Cyber-Attacks (Asset-Freezing) Regulations 2019 (the Regulations) seek to comply with Council Regulation (EU) 2019/796 which provides measures to allow member states to respond to and deter cyber-attacks with a particular focus on cyber-attacks which originate outside of the EU or with support from someone outside of the EU.

The Regulations apply to "designated persons" which are defined as:

  • those responsible for successful or attempted cyber-attacks;
  • those providing financial, technical or material support in successful or attempted cyber-attacks; and
  • anybody associated with points a) and b).

The consequence of such Regulations is wide ranging and both the EU and the UK are taking a clear stance in relation to the future of cyber-attacks in the region. In a globalised world, cyber-attacks may occur in any remit and therefore having regulations that cover whole sectors allows wide spread protection and deterrence. The particular focus on external threats to the EU may give a nod to a turbulent political landscape, however, nonetheless, it will be interesting to monitor how these Regulations are applied in practice on a case by case basis.

Points to Note

Main Restrictive measures:

  • bans on persons travelling to the EU;
  • freezing of funds and economic resources; and
  • prohibition from making funds available to designated persons; and

Overview of Regulations:

  • Regulation 2 – interpretation;
  • Regulations 3 to 7 – prohibits any dealing with or making available any funds or economic resources for the benefit a designated person;
  • Regulation 8 – exceptions to prohibited activities (e.g. providing funds in relation to any interest accumulated, payments due under contract, and/or court orders);
  • Regulation 9 – the Treasury is able to grant a licence authorising certain acts. Creates offences for false information; false documents; or non-compliance with a licence;
  • Regulation 10 - offences for contravention of regulations 3 to 7;
  • Regulations 11 to 14 – penalties, proceedings and consent; and

Schedule - information gathering and disclosure. Creates offences for failure to comply with a request for information and compliance with reporting obligations.

News

Trowers & Hamlins expands international dispute resolution practice

Explore
News

Trowers & Hamlins partner crowned Litigator of the Year

Explore
Insight

Paving the way for data breach group actions

Explore
Insight

Do I not like that?

Explore
Insight

Fraud newsletter - September 2019

Explore
Insight

EU cross-border litigation following Brexit – what it means in practice and steps to mitigate risk

Explore