Third Countries Align with EU Cyber Sanctions Decision (CFSP) 2026/588
Summary
The EU Council issued a statement on 14 April 2026 noting that Albania, Bosnia and Herzegovina, Iceland, Moldova, Montenegro, North Macedonia, Norway, and Ukraine have aligned themselves with Decision (CFSP) 2026/588, adopted on 16 March 2026, concerning restrictive measures against cyber-attacks threatening the Union or its Member States. The aligning countries will ensure their national policies conform to this Council Decision. The EU takes note of and welcomes this commitment.
What changed
On 16 March 2026, the Council of the EU adopted Decision (CFSP) 2026/588 concerning restrictive measures against cyber-attacks, adding two natural persons and three entities to the sanctions list. The EU subsequently announced that eight third countries have aligned themselves with this decision, committing to conform their national policies accordingly.\n\nAffected parties should note that while this press release does not create new compliance obligations for EU-based entities, the expanded alignment means that restrictive measures against cyber-attack perpetrators may now be replicated across a wider geographic area. Organizations engaged in cross-border cyber operations or incident response should monitor how aligned countries implement these measures domestically.
What to do next
- Monitor for updates on national policy alignment in third countries
- Review Decision (CFSP) 2026/588 for implications on cross-border cyber operations
Archived snapshot
Apr 15, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
- Council of the EU
- Press release
- 14 April 2026 15:05
Statement by the High Representative on behalf of the EU on the alignment of certain third countries concerning restrictive measures against cyber-attacks threatening the Union or its Member States
On 16 March 2026, the Council adopted Decision (CFSP) 2026/588 1 concerning restrictive measures against cyber-attacks threatening the Union or its Member States.
The Council decided to include two natural persons and three entities in the list of natural and legal persons, entities and bodies subject to restrictive measures set out in the Annex to Decision (CFSP) 2019/797.
Albania, Bosnia and Herzegovina, Iceland, Moldova (Republic of), Montenegro, North Macedonia, Norway and Ukraine align themselves with this Council Decision.
They will ensure that their national policies conform to this Council Decision.
The European Union takes note of this commitment and welcomes it.
1 **** OJ L, 2026/588, 16.03.2026 , ELI : http://data.europa.eu/eli/dec/2026/588/oj.
Press contacts
- Anouar El Anouni Spokesperson
- +32 2 291 35 80
- +32 229-13580 If you are not a journalist, please send your request to the public information service.
Topics
- Foreign affairs
- Cybersecurity
- Download as pdf
- Subscribe to press releases Last review: 14 April 2026
Related changes
Get daily alerts for EU Council Sanctions Press Releases
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from EU Council.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when EU Council Sanctions Press Releases publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.