On 19 June 2017, the Council of the European Union (the “Council“) published its draft conclusions on a framework for a joint EU diplomatic response to malicious cyber activities, the “Cyber Diplomacy Toolbox”. This framework may include measures within the Common Foreign and Security Policy, including restrictive measures if necessary. In its paper, the Council provides states a commitment to settling international cyber disputes “by peaceful means”, and confirms that any joint response will be proportionate to a cyber attack’s “scope, scale, duration, intensity, complexity, sophistication and impact”.

The proposed measures are likely to be framed broadly to allow the use of sanctions against both state and non-state actors. However, it may be difficult to impose such sanctions in practice given the challenges in identifying the perpetrators of cyber attacks. This is particularly so in the case of state-actors, since the target nation would have to reveal sensitive information about its own intelligence services. In any event, it is hoped the proposed measures will deter cyber attacks. The EU has stressed that the clear signalling of the likely consequences of its joint diplomatic response to malicious cyber activities should improve the security of Member States by influencing the behaviour of potential aggressors.

The full text of the conclusions is available here.