Noisy
← this week  ·  Subscribe →

The world is being quietly rearranged by people who write very long documents.

EUR-Lex · March 16, 2026
The title they went with Council Decision (CFSP) 2026/588 of 16 March 2026 amending Decision (CFSP) 2019/797 concerning restrictive measures against cyber-attacks threatening the Union or its Member States Noisy translates that to

EU stops asking all 27 countries nicely before punishing cyber attackers

The framework meant to enable fast collective responses to cyber attacks required slow, unanimous consensus among 27 governments to trigger — meaning the faster and more coordinated the attack, the less likely the defense could keep up.
What happened
The European Union has updated its list of individuals and entities subject to sanctions for cyber-attacks. This means more specific targets are now under financial and travel restrictions.
Why it matters
This is a routine update to an existing EU sanctions regime. It adds specific names to a list of those being penalized for cyber-attacks. The actual impact depends on who is added and whether those individuals or entities have significant assets or influence within the EU or its trading partners.
The signal
State-linked groups that previously benefited from EU procedural gridlock — particularly those whose sponsor governments had influence over one or two member states — now face a faster sanctions pipeline. Expect the EU to test the new authority with a visible designation relatively soon, to establish deterrence credibility. Member states that previously functioned as soft vetoes on collective cyber responses have lost that leverage, which will change how some of them calculate their own bilateral relationships with adversarial states.
If you insist
Read the original →
The Sendoff
The EU cyber sanctions framework has been updated for the first time since 2019. The cyber attacks took a different approach to their update schedule.