Established in 2017, the framework allows member states to take restrictive measures against cyberattacks, including to prevent, discourage, deter and respond to malicious activities. Last year, the European Council announced a decision to extend the framework until May 18, 2021.

On Monday, the council announced that the framework has been prolonged until May 18, 2022. This means that the EU and member states may continue to take restrictive measures when dealing with cyberattacks.

At the moment, there are eight individuals and four entities that were sanctioned in accordance with the framework. The imposed restrictions include an asset freeze, a travel ban, and EU persons and entities being forbidden from providing funds to those sanctioned.