European Union (EU)
- Dual-use
  - EU - Dual-use Regulation 2021/821 - EN
- Defence-related products
  - EU - Directive 2009/43 - Defence-related products - EN
  - EU - Common Military List of the EU - EN
- Torture goods
  - EU - Regulation 2019/125 - Torture Goods - EN
- Goods of a strictly civilian nature
  - EU - Regulation 2658/87 - Customs Tariff - EN
- Violation of restrictive measures
  - Directive 2024/1226 Updated
France
Germany
- Kriegswaffenkontrollgesetz v. 20. April 1961
- KrWaffKontrG - Law on control of weapons - English version
- Erste Verordnung zur Durchführung des Gesetzes über die Kontrolle von Kriegswaffen v. 1. Juni 1961
- Zweite Verordnung zur Durchführung des Gesetzes zur Kontrolle der Kriegswaffen v. 1. Juni 1961
- Dritte Verordnung zur Durchführung des Gesetzes zur Kontrolle der Kriegswaffen v. 11. Juli 1969
- Grundsätze der Bundesregierung zur Prüfung der Zuverlässigkeit von Exporteuren von Kriegswaffen und rüstungsrelevanten Gütern v. 25. Juli 2001
- Verordnung über Allgemeine Genehmigungen nach dem Gesetz über die Kontrolle von Kriegswaffen
- Politische Grundsätze der Bundesregierung für den Export von Kriegswaffen und sonstigen Rüstungsgütern, v. 26. Juni 2019
- Politische Grundsätze der Bundesregierung für den Export von Kriegswaffen und sonstigen Rüstungsgütern, v. 26. Juni 2019 - English
- Grundsätze der Bundesregierung für die Ausfuhrgenehmigungspolitik bei der Lieferung von Kleinen und Leichten Waffen
- Aussenwirtschaftsgesetz (AWG) v. 6. Juni 2013 - Fassung 21.12.2023
- Aussenwirtschaftsgesetz (AWG) v. 6. Juni 2013 - English - Fassung 21.12.2023
- Aussenwirtschaftsverordnung v. 2. August 2013 - Fassung 27.09.2023
- Aussenwirtschaftsverordnung (AWV) - English - Vers 27 Sep 2023
- Sanktionsdurchsetzungsgesetz v. 19. Dezember 2022
Luxembourg Updated
- 14 December 2018 - Grand Duke Regulation on export control
- February 2020- Guidelines on ICP
  - LU - ICP Guidelines - EN
  - LU - ICP Guidelines - FR
- 27 June 2018 - Law on export control
- 125 October 2023 Inter-ministerial Coordination Group
Netherlands
- Netherlands - Besluit strategische goederen
- Netherlands - Wet strategische diensten
- Netherlands - Uitvoeringsregeling strategische diensten.3
United States (US)
- ITAR - International Traffic in Arms Regulations
- ITAR - US Munitions List (USML)
- EAR - Export Administration Regulations
Italy
- Italy - Legge 185
- Italy - Decreto 221 15.12.2017
Japan
- Japan - Export Trade Control Order
- Japan - Foreign Exchange Order
Sanctions EU - Afghanistan
- Regulation (EU) No 753/2011 - Afghanistan
- Regulation (EU) No 753/2011 - Afghanistan - Annex
  - Regulation (EU) No 753/2011 - Afghanistan - Annex I
  - Regulation (EU) No 753/2011 - Afghanistan - Annex II
- Afghanistan - Decision 2011/486/CFSP
- Afghanistan - Decision 2011/486/CFSP - Annex
  - Afghanistan - Decision 2011/486 - Annex
Sanctions EU - Belarus
- Decision 2012/642 - Belarus
- Regulation 765/2006 - Belarus
Sanctions EU - Burundi
- Burundi - Regulation 2015/1755
- Burundi - Regulation 2015/1755 - Annex
  - Burundi - Regulation 2015/1755 - Annex I
  - Burundi - Regulation 2015/1755 - Annex II
- Burundi - Decision 2015/1763
Sanctions EU - Central African Republic
- Central African Republic - Decision 2013/798
- Central African Republic - Regulation (EU) No 224/2014
Sanctions EU - Democratic Republic of Congo
- Decision 2010/788 - Congo - Vers Updated
- Regulation 1183/2005 - Congo Updated
Sanctions EU - Guatemala Updated
- Decision 2024/254 - Guatemala
- Regulation 2024/287 - Guatemala
Sanctions EU - Guinea
- Decision 2010/638 - Guinea
- Decision 2010/638 - Guinea - Annex
  - Decision 2010/638 - Guinea - Annex
- Regulation 1284/2009 - Guinea
- Regulation 1284/2009 - Guinea - Annex
  - Regulation 1284/2009 - Guinea - Annex I
  - Regulation 1284/2009 - Guinea - Annex II
Sanctions EU - Guinea Bissau
- Guinea Bissau - Decision 2012/285
- Guinea Bissau - Regulation 377/2012
Sanctions EU - Haiti Updated
- Decision 2022/2319 - Haiti
- Regulation 2022/2309 - Haiti
Sanctions EU - Hamas and PIJ
- Decision 2024/385
- Regulation 2024/386
Sanctions EU - Iran
- Regulation 267/2012 - Iran
- Decision 2011/235 - Iran Updated
- Regulation 359/2011 - Iran Updated
- Decision 2010/413 - Iran
- Decision 2023/1532 - Iran - Vers 11 Dec 2023
- Regulation 2023/1529 - Iran - Vers 11 Dec 2023
Sanctions EU - Iraq
- Iraq - Regulation 1210/2003
- Iraq - Common Position 2003/495
Sanctions EU - Lebanon
- Lebanon - Regulation 2021/1275
- Lebanon - Regulation 2021/1275 - Annex
  - Lebanon - Regulation 2021/1275 - Annex 2
- Lebanon - Decision 2021/1277
- Lebanon - Regulation 305/2006
- Lebanon - Regulation 305/2006 - Annex
  - Lebanon - Regulation 305/2006 - Annex II
  - Lebanon - Regulation 305/2006 - Annex I
- Lebanon - Regulation 1412/2006
- Lebanon - Regulation 1412/2006 - Annex
  - Lebanon - Regulation 1412/2006 - Annex
- Lebanon - Common Position 2005/888
- Lebanon - C Position 2005/888 - Annex
  - Lebanon - Common Position 2005/888 - Annex
- Lebanon - Common Position 2006/625
Sanctions EU - Libya
- Decision 2015/1333 - Lybia
- Regulation 2016/44 - Lybia
Sanctions EU - Mali
- Decision 2017/1775 Updated
- Regulation 2017/1770 Updated
Sanctions EU - Moldova
- Decision 2010/573 - Moldova
- Moldova -Regulation (EU) 2023/888 Updated
- Moldova - Decision 2023/891 Updated
Sanctions EU - Myanmar/Burma
- Regulation 401/2013 - Myanmar
- Decision 2013/184 - Myanmar
Sanctions EU - Nicaragua
- Nicaragua - Regulation (EU) 2019/1716
- Nicaragua - Decision (CFSP) 2019/1720
- Sanctions EU - North Korea
  - North Korea - Council Decision 2016/849/CFSP
  - North Korea - Council Regulation (EU) 2017/1509
Sanctions EU - Niger
- Regulation 2023/2406 - Niger
- Decision 2023/2287 - Niger
Sanctions EU - Russia
- EU - Decision 2014/512 - Russia - EN
- EU - Regulation 833/2014 - Russia - EN
- EU - Russia Decision 2022/266 - EN
- EU - Russia Regulation 2022/263 - EN
Sanctions EU - Somalia Updated
- Decision 2010/231 - Somalia Updated
- Regulation 356/2010 - Somalia Updated
- Regulation 147/2003 - Somalia Updated
Sanctions EU - South Sudan
- South Sudan - Regulation 2015/738
- South Sudan - Decision 2015/740
Sanctions EU - Sudan
- Decision 2014/450 - Sudan
- Regulation 747/2014 - Sudan
- Decision 2023/2135 - Sudan
- Regulation 2023/2147 - Sudan
Sanctions EU - Syria
- Syria - Council Common Position 2005/888/CFSP
- Syria - Council Decision 2013/255/CFSP - Vers. 14 July 2023
- Syria - Council Regulation (EC) 305/2006
- Syria - Council Regulation (EU) 36/2012 - Vers. 20 July 2023
Sanctions EU - Terrorist Groups
- Terrorist Groups - CP 2001-930
- Terrorist Groups - CP 2001/931
- Terrorist Groups - Decision 2016/1693
- Terrorist Groups - Regulation 2002/881
- Terrorist Groups - Regulation 1686/2016
- Terrorist Groups - Regulation 2580/2001
Sanctions EU - Tunisia
- Decision 2011/72 - Tunisia
- Regulation 101/2011 - Tunisia
Sanctions EU - Turkey
- Regulation (EU) 2019/1890 - Turkey
- Decision 2019/1894 - Turkey
Sanctions EU - Ukraine
- Ukraine - Decision 2014/386
- Ukraine - Regulation 692/2014
- Ukraine - Decision 2014/145 - Vers. 12 Mar 2024
- Ukraine - Regulation 269/2014
- Ukraine - Decision 2014/119
- Ukraine - Regulation 208/2014
- Ukraine - Regulation 2023/1100
- Donetsk / Luhansk - Decision 2022/266 Updated
- Donetsk / Luhansk - Regulation 2022/263
- Donetsk / Luhansk - Regulation 2022/263 - Annex I
- Donetsk / Luhansk - Regulation 2022/263 - Annex II
Sanctions EU - Venezuela
- Decision 2017/2074 - Venezuela
- Regulation 2017/2063 - Venezuela
Sanctions EU - Yemen
- Yemen - Decision 2014/932
- Yemen - Regulation 1352/2014
Sanctions EU - Zimbabwe
- Regulation 314/2004 - Zimbabwe
- Regulation 314/2004 - Zimbabwe - Annex
- Decision 2011/101 - Zimbabwe
- Decision 2011/101 - Zimbabwe - Annex
  - Decision 2011/101 - Zimbabwe - Annex I
Sanctions EU - Cyberattacks
- Cyber Attacks - Regulation (EU) 2019/796
- Cyber Attacks - Decision 2019/797
Sanctions EU - Proliferation and use of chemical weapons
- Regulation 2018/1542 - Restrictive measures against the proliferation and use of chemical weapons
- Decision 2018/1544 - Restrictive measures against the proliferation and use of chemical weapons
Sanctions EU - Ozon Layer
- Ozone Layer - Regulation 2024/590
Sanctions OSCE - Armenia
Sanctions OSCE - Azerbaidjan
Glossary
- Glossary - EN Updated
Business registries
FAQ
- FAQ - Risk Assessment
User manual
- Module 6 - Risk Assessment
  - Module 6 - Risk Assessment
  - FAQ - Risk Assessment

Cyber Attacks - Decision 2019/797

19 Jan 2024
15 Minutes to read
Contributors

Print
Share

Twitter

Linkedin

Facebook

Email
Dark

Light
PDF

Cyber Attacks - Decision 2019/797

Updated on 19 Jan 2024
15 Minutes to read
Contributors

Print
Share

Twitter

Linkedin

Facebook

Email
Dark

Light
PDF

Article Summary

Share feedback

Thanks for sharing your feedback!

Council Decision (CFSP) 2019/797 of 17 May 2019 concerning restrictive measures against cyber-attacks threatening the Union or its Member States

Article 1

1. This Decision applies to cyber-attacks with a significant effect, including attempted cyber-attacks with a potentially significant effect, which constitute an external threat to the Union or its Member States.

2. Cyber-attacks constituting an external threat include those which:

(a) originate, or are carried out, from outside the Union;

(b) use infrastructure outside the Union;

(d) are carried out with the support, at the direction or under the control of any natural or legal person, entity or body operating outside the Union.

3. For this purpose, cyber-attacks are actions involving any of the following:

(a) access to information systems;

(b) information system interference;

(d) data interception,

where such actions are not duly authorised by the owner or by another right holder of the system or data or part of it, or are not permitted under the law of the Union or of the Member State concerned.

4. Cyber-attacks constituting a threat to Member States include those affecting information systems relating to, inter alia:

(a) critical infrastructure, including submarine cables and objects launched into outer space, which is essential for the maintenance of vital functions of society, or the health, safety, security, and economic or social well-being of people;

(b) services necessary for the maintenance of essential social and/or economic activities, in particular in the sectors of: energy (electricity, oil and gas); transport (air, rail, water and road); banking; financial market infrastructures; health (healthcare providers, hospitals and private clinics); drinking water supply and distribution; digital infrastructure; and any other sector which is essential to the Member State concerned;

(c) critical State functions, in particular in the areas of defence, governance and the functioning of institutions, including for public elections or the voting process, the functioning of economic and civil infrastructure, internal security, and external relations, including through diplomatic missions;

(d) the storage or processing of classified information; or

(e) government emergency response teams.

5. Cyber-attacks constituting a threat to the Union include those carried out against its institutions, bodies, offices and agencies, its delegations to third countries or to international organisations, its common security and defence policy (CSDP) operations and missions and its special representatives.

6. Where deemed necessary to achieve CFSP objectives in the relevant provisions of Article 21 of the Treaty on European Union, restrictive measures under this Decision may also be applied in response to cyber-attacks with a significant effect against third States or international organisations.

Article 2

For the purposes of this Decision, the following definitions apply:

(a) ‘information systems’ means a device or group of interconnected or related devices, one or more of which, pursuant to a programme, automatically processes digital data, as well as digital data stored, processed, retrieved or transmitted by that device or group of devices for the purposes of its or their operation, use, protection and maintenance.

(b) ‘information system interference’ means hindering or interrupting the functioning of an information system by inputting digital data, by transmitting, damaging, deleting, deteriorating, altering or suppressing such data, or by rendering such data inaccessible.

(c) ‘data interference’ means deleting, damaging, deteriorating, altering or suppressing digital data on an information system, or rendering such data inaccessible; it also includes theft of data, funds, economic resources or intellectual property.

(d) ‘data interception’ means intercepting, by technical means, non-public transmissions of digital data to, from or within an information system, including electromagnetic emissions from an information system carrying such digital data.

Article 3

The factors determining whether a cyber-attack has a significant effect as referred to in Article 1(1) include any of the following:

(a) the scope, scale, impact or severity of disruption caused, including to economic and societal activities, essential services, critical State functions, public order or public safety;

(b) the number of natural or legal persons, entities or bodies affected;

(d) the amount of economic loss caused, such as through large-scale theft of funds, economic resources or intellectual property;

(e) the economic benefit gained by the perpetrator, for himself or for others;

(f) the amount or nature of data stolen or the scale of data breaches; or

(g) the nature of commercially sensitive data accessed.

Article 4

1. Member States shall take the measures necessary to prevent the entry into, or transit through, their territories of:

(a) natural persons who are responsible for cyber-attacks or attempted cyber-attacks;

(b) natural persons who provide financial, technical or material support for or are otherwise involved in cyber-attacks or attempted cyber-attacks, including by planning, preparing, participating in, directing, assisting or encouraging such attacks, or facilitating them whether by action or omission;

as listed in the Annex.

2. Paragraph 1 shall not oblige a Member State to refuse its own nationals entry into its territory.

3. Paragraph 1 shall be without prejudice to the cases where a Member State is bound by an obligation of international law, namely:

(a) as a host country of an international intergovernmental organisation;

(b) as a host country to an international conference convened by, or under the auspices of, the United Nations;

(d) pursuant to the 1929 Treaty of Conciliation (Lateran Pact) concluded by the Holy See (Vatican City State) and Italy.

4. Paragraph 3 shall be considered to apply also in cases where a Member State is host country of the Organization for Security and Co-operation in Europe (OSCE).

5. The Council shall be duly informed in all cases where a Member State grants an exemption pursuant to paragraph 3 or 4.

6. Member States may grant exemptions from the measures imposed under paragraph 1 where travel is justified on the grounds of urgent humanitarian need, or on grounds of attending intergovernmental meetings or meetings promoted or hosted by the Union, or hosted by a Member State holding the Chairmanship in office of the OSCE, where a political dialogue is conducted that directly promotes the policy objectives of restrictive measures, including security and stability in cyberspace.

7. Member States may also grant exemptions from the measures imposed under paragraph 1 where entry or transit is necessary for the fulfilment of a judicial process.

8. A Member State wishing to grant exemptions referred to in paragraph 6 or 7 shall notify the Council in writing. The exemption shall be deemed to be granted unless one or more of the Council members raises an objection in writing within two working days of receiving notification of the proposed exemption. Should one or more of the Council members raise an objection, the Council, acting by a qualified majority, may decide to grant the proposed exemption.

9. Where, pursuant to paragraphs 3, 4, 6, 7 or 8, a Member State authorises the entry into, or transit through its territory of persons listed in the Annex, the authorisation shall be strictly limited to the purpose for which it is given and to the persons directly concerned thereby.

Article 5

1. All funds and economic resources belonging to, owned, held or controlled by:

(a) natural or legal persons, entities or bodies that are responsible for cyber-attacks or attempted cyber-attacks;

(b) natural or legal persons, entities or bodies that provide financial, technical or material support for or are otherwise involved in cyber-attacks or attempted cyber-attacks, including by planning, preparing, participating in, directing, assisting or encouraging such attacks, or facilitating them whether by action or omission;

(c) natural or legal persons, entities or bodies associated with the natural or legal persons, entities or bodies covered by points (a) and (b),

as listed in the Annex, shall be frozen.

2. No funds or economic resources shall be made available directly or indirectly to or for the benefit of the natural or legal persons, entities or bodies listed in the Annex.

3. By way of derogation from paragraphs 1 and 2, the competent authorities of the Member States may authorise the release of certain frozen funds or economic resources, or the making available of certain funds or economic resources, under such conditions as they deem appropriate, after having determined that the funds or economic resources concerned are:

(a) necessary to satisfy the basic needs of the natural or legal persons, entities or bodies listed in the Annex and dependent family members of such natural persons, including payments for foodstuffs, rent or mortgage, medicines and medical treatment, taxes, insurance premiums, and public utility charges;

(b) intended exclusively for the payment of reasonable professional fees or the reimbursement of incurred expenses associated with the provision of legal services;

(c) intended exclusively for the payment of fees or service charges for the routine holding or maintenance of frozen funds or economic resources;

(d) necessary for extraordinary expenses, provided that the relevant competent authority has notified the competent authorities of the other Member States and the Commission of the grounds on which it considers that a specific authorisation should be granted, at least two weeks prior to the authorisation; or

(e) to be paid into or from an account of a diplomatic or consular mission or an international organisation enjoying immunities in accordance with international law, insofar as such payments are intended to be used for official purposes of the diplomatic or consular mission or international organisation.

The Member State concerned shall inform the other Member States and the Commission of any authorisation granted under this paragraph.

4. By way of derogation from paragraph 1, the competent authorities of the Member States may authorise the release of certain frozen funds or economic resources, provided that the following conditions are met:

(a) the funds or economic resources are the subject of an arbitral decision rendered prior to the date on which the natural or legal person, entity or body referred to in paragraph 1 was listed in the Annex, or of a judicial or administrative decision rendered in the Union, or a judicial decision enforceable in the Member State concerned, prior to or after that date;

(b) the funds or economic resources will be used exclusively to satisfy claims secured by such a decision or recognised as valid in such a decision, within the limits set by applicable laws and regulations governing the rights of persons having such claims;

(d) recognition of the decision is not contrary to public policy in the Member State concerned.

The Member State concerned shall inform the other Member States and the Commission of any authorisation granted under this paragraph.

5. Paragraph 1 shall not prevent a natural or legal person, entity or body listed in the Annex from making a payment due under a contract entered into prior to the date on which that natural or legal person, entity or body was listed therein, provided that the Member State concerned has determined that the payment is not, directly or indirectly, received by a natural or legal person, entity or body referred to in paragraph 1.

6. Paragraph 2 shall not apply to the addition to frozen accounts of:

(a) interest or other earnings on those accounts;

(b) payments due under contracts, agreements or obligations that were concluded or arose prior to the date on which those accounts became subject to the measures provided for in paragraphs 1 and 2; or

(c) payments due under judicial, administrative or arbitral decisions rendered in the Union or enforceable in the Member State concerned,

provided that any such interest, other earnings and payments remain subject to the measures provided for in paragraph 1.

7. Paragraphs 1 and 2 shall not apply to the making available of funds or economic resources necessary to ensure the timely delivery of humanitarian assistance or to support other activities that support basic human needs where such assistance and other activities are carried out by:

(a) the United Nations (UN), including its programmes, funds and other entities and bodies, as well as its specialised agencies and related organisations;

(b) i nternational organisations;

(c) humanitarian organisations having observer status with the UN General Assembly and members of those humanitarian organisations;

(d) bilaterally or multilaterally funded non-governmental organisations participating in the UN Humanitarian Response Plans, UN Refugee Response Plans, other UN appeals or humanitarian clusters coordinated by the UN Office for the Coordination of Humanitarian Affairs;

(e) organisations and agencies to which the Union has granted the Humanitarian Partnership Certificate or which are certified or recognised by a Member State in accordance with national procedures;

(f) Member States’ specialised agencies; or

(g) the employees, grantees, subsidiaries or implementing partners of the entities referred to in points (a) to (f) while and to the extent that they are acting in those capacities.

8. Without prejudice to paragraph 7, and by way of derogation from paragraphs 1 and 2, the competent authorities of the Member States may authorise the release of certain frozen funds or economic resources, or the making available of certain funds or economic resources, under such conditions as they deem appropriate, after having determined that the provision of such funds or economic resources is necessary to ensure the timely delivery of humanitarian assistance or to support other activities that support basic human needs.

9. In the absence of a negative decision, a request for information or a notification for additional time from the relevant competent authority within five working days of the date of receipt of a request for authorisation under paragraph 8, that authorisation shall be considered granted.

10. The Member State concerned shall inform the other Member States and the Commission of any authorisations granted under paragraphs 8 and 9 within four weeks of such authorisation.’

Article 6

1. The Council, acting by unanimity upon a proposal from a Member State or from the High Representative of the Union for Foreign Affairs and Security Policy, shall establish and amend the list set out in the Annex.

2. The Council shall communicate the decisions referred to in paragraph 1, including the grounds for listing, to the natural or legal person, entity or body concerned, either directly, if the address is known, or through the publication of a notice, providing that natural or legal person, entity or body with an opportunity to present observations.

3. Where observations are submitted, or where substantial new evidence is presented, the Council shall review the decisions referred to in paragraph 1 and inform the natural or legal person, entity or body concerned accordingly.

Article 7

1. The Annex shall include the grounds for listing the natural and legal persons, entities and bodies referred to in Articles 4 and 5.

2. The Annex shall contain, where available, the information necessary to identify the natural or legal persons, entities or bodies concerned. With regard to natural persons, such information may include: names and aliases; date and place of birth; nationality; passport and identity card numbers; gender; address, if known; and function or profession. With regard to legal persons, entities or bodies, such information may include names, place and date of registration, registration number and place of business.

Article 8

No claims in connection with any contract or transaction the performance of which has been affected, directly or indirectly, in whole or in part, by the measures imposed under this Decision, including claims for indemnity or any other claim of this type, such as a claim for compensation or a claim under a guarantee, in particular a claim for extension or payment of a bond, guarantee or indemnity, in particular a financial guarantee or financial indemnity, of whatever form, shall be satisfied, if they are made by:

(a) designated natural or legal persons, entities or bodies listed in the Annex;

(b) any natural or legal person, entity or body acting through or on behalf of one of the natural or legal persons, entities or bodies referred to in point (a).

Article 9

In order to maximise the impact of the measures set out in this Decision, the Union shall encourage third States to adopt restrictive measures similar to those provided for in this Decision.

Article 10

This Decision shall apply until 18 May 2025 and shall be kept under constant review. The measures set out in Articles 4 and 5 shall apply as regards the natural and legal persons, entities and bodies listed in the Annex until 18 May 2024.

The exceptions referred to in Article 5(7) and (8) as regards Article 5(1) and (2) shall be reviewed at regular intervals, and at least every 12 months, or at the urgent request of any Member State, the High Representative or the Commission following a fundamental change in circumstances.

Article 11

This Decision shall enter into force on the day following that of its publication in the Official Journal of the European Union .

Annex - List of natural and legal persons, entities and bodies referred to in Articles 4 and 5

Show

Initial verison

Council Decision (CFSP) 2019/797 of 17 May 2019 concerning restrictive measures against cyber-attacks threatening the Union or its Member States

Official Journal of the European Union L 129 of 17 May 2019,p 13

Amended by

Council Decision (CFSP) 2020/651 of 14 May 2020 amending Decision (CFSP) 2019/797 concerning restrictive measures against cyber-attacks threatening the Union or its Member States	Official Journal of the European Union L 153 of 15 May 2020,p4
Council Decision (CFSP) 2020/1127 of 30 July 2020 amending Decision (CFSP) 2019/797 concerning restrictive measures against cyber-attacks threatening the Union or its Member States	Official Journal of the European Union L 246 of 30 July 2020,p12
Council Decision (CFSP) 2020/1537 of 22 October 2020 amending Decision (CFSP) 2019/797 concerning restrictive measures against cyber-attacks threatening the Union or its Member States	Official Journal of the European Union L 351 of 20 October 2020,p5
Council Decision (CFSP) 2020/1748 of 20 November 2020 amending Decision (CFSP) 2019/797 concerning restrictive measures against cyber-attacks threatening the Union or its Member States	Official Journal of the European Union L 393 of 23 November 2020,p19
Council Decision (CFSP) 2021/796 of 17 May 2021 amending Decision (CFSP) 2019/797 concerning restrictive measures against cyber-attacks threatening the Union or its Member States	Official Journal of the European Union L 174 of 18 May 2021,p1
Council Decision (CFSP) 2022/754 of 15 May 2022 amending Decision (CFSP) 2019/797 concerning restrictive measures against cyber-attacks threatening the Union or its Member States	Official Journal of the European Union L 138 of 17 May 2022,p16
Council Decision (CFSP) 2023/964 of 15 May 2023 amending Decision (CFSP) 2019/797 concerning restrictive measures against cyber-attacks threatening the Union or its Member States	OJ L 129, 16.05.2023, p. 16
Council Decision (CFSP) 2023/2686 of 27 November 2023 amending certain Council Decisions concerning restrictive measures in order to insert provisions on humanitarian exceptions	OJ L, 2023/2686, 28.11.2023

Corrected by

Corrigendum to Council Decision (CFSP) 2019/797 of 17 May 2019 concerning restrictive measures against cyber-attacks threatening the Union or its Member States

Official Journal of the European Union L 230 of 17 July 2020,p36

Table of contents

Council Decision (CFSP) 2019/797 of 17 May 2019 concerning restrictive measures against cyber-attacks threatening the Union or its Member States