Council Implementing Regulation (EU) 2025/886 amends Annex I to Regulation (EU) 2019/796, which concerns restrictive measures against cyber-attacks threatening the Union or its Member States. The regulation updates the reasons for including six individuals already listed, who are connected to cyber-attacks. This regulation directly impacts the enforcement of sanctions related to cyber security threats within the EU.
The structure of the regulation is straightforward. It contains two articles: Article 1 states that Annex I of Regulation (EU) 2019/796 is amended as per the Annex to this new regulation. Article 2 specifies that the regulation will come into force the day after its publication in the Official Journal of the European Union. The Annex provides updated entries for individuals already listed under ‘A. Natural Persons’ in Annex I of Regulation (EU) 2019/796, specifically entries 3 to 8.
The main provision of this regulation is the updated information regarding the listed individuals. The updated information includes details about their involvement in cyber-attacks, particularly those targeting the Organisation for the Prohibition of Chemical Weapons (OPCW) and the German federal parliament (Deutscher Bundestag). The updated entries also mention indictments by a grand jury in the United States for related crimes. These updates serve to reinforce the reasons for maintaining these individuals on the sanctions list, ensuring that the restrictive measures remain justified and enforceable. **** One of the listed persons, Evgenii Serebriakov, is indicated as a leader of “Sandworm” group, which has carried out cyber-attacks on Ukraine.
