Cyber-Attacks (Asset-Freezing) Regulations 2019


Key Theme(s) EU Regulations; Cyber-Attacks; Assets; and Freezing Injunctions.

Whilst the UK persists in its membership of the EU, it is still required to implement any EU Council Regulations into domestic law. On 11 June 2019, the Cyber-Attacks (Asset-Freezing) Regulations 2019 (the Regulations) seek to comply with Council Regulation (EU) 2019/796 which provides measures to allow member states to respond to and deter cyber-attacks with a particular focus on cyber-attacks which originate outside of the EU or with support from someone outside of the EU.

The Regulations apply to "designated persons" which are defined as:

  • those responsible for successful or attempted cyber-attacks;
  • those providing financial, technical or material support in successful or attempted cyber-attacks; and
  • anybody associated with points a) and b).

The consequence of such Regulations is wide ranging and both the EU and the UK are taking a clear stance in relation to the future of cyber-attacks in the region. In a globalised world, cyber-attacks may occur in any remit and therefore having regulations that cover whole sectors allows wide spread protection and deterrence. The particular focus on external threats to the EU may give a nod to a turbulent political landscape, however, nonetheless, it will be interesting to monitor how these Regulations are applied in practice on a case by case basis.

Points to Note

Main Restrictive measures:

  • bans on persons travelling to the EU;
  • freezing of funds and economic resources; and
  • prohibition from making funds available to designated persons; and

Overview of Regulations:

  • Regulation 2 – interpretation;
  • Regulations 3 to 7 – prohibits any dealing with or making available any funds or economic resources for the benefit a designated person;
  • Regulation 8 – exceptions to prohibited activities (e.g. providing funds in relation to any interest accumulated, payments due under contract, and/or court orders);
  • Regulation 9 – the Treasury is able to grant a licence authorising certain acts. Creates offences for false information; false documents; or non-compliance with a licence;
  • Regulation 10 - offences for contravention of regulations 3 to 7;
  • Regulations 11 to 14 – penalties, proceedings and consent; and

Schedule - information gathering and disclosure. Creates offences for failure to comply with a request for information and compliance with reporting obligations.


Trowers talks podcasts: Topical issues in the housing sector


Recent increase to the Statutory Legacy on intestacy


Trowers talks podcast: Reputation management in the age of social media


Trowers & Hamlins obtains $24 million judgment for TWC Aviation Capital


Liability claims and insurance issues affecting the care sector arising from the Covid-19 crisis


Bank not vicariously liable for alleged sexual assaults