- Latest available (Revised)
- Point in Time (22/10/2020)
- Original (As adopted by EU)
Council Implementing Regulation (EU) 2020/1536Show full title
Council Implementing Regulation (EU) 2020/1536 of 22 October 2020 implementing Regulation (EU) 2019/796 concerning restrictive measures against cyber-attacks threatening the Union or its Member States
You are here:
- Regulations originating from the EU
- 2020 No. 1536
- Whole Regulation
- Previous
- Next
What Version
Advanced Features
- Show Geographical Extent(e.g. England, Wales, Scotland and Northern Ireland)
- Show Timeline of Changes
More Resources
This is a Regulation originating from the EU
This is a legislation item that originated from the EU
After exit day there will be three versions of this legislation to consult for different purposes. The legislation.gov.uk version is the version that applies in the UK. The EU Version currently on EUR-lex is the version that currently applies in the EU i.e you may need this if you operate a business in the EU.
The web archive version is the official version of this legislation item as it stood on exit day before being published to legislation.gov.uk and any subsequent UK changes and effects applied. The web archive also captured associated case law and other language formats from EUR-Lex.
Changes over time for: Council Implementing Regulation (EU) 2020/1536
Alternative versions:
Status:
Point in time view as at 22/10/2020.
Changes to legislation:
There are currently no known outstanding effects for the Council Implementing Regulation (EU) 2020/1536.
Changes to Legislation
Revised legislation carried on this site may not be fully up to date. At the current time any known changes or effects made by subsequent legislation have been applied to the text of the legislation you are viewing by the editorial team. Please see ‘Frequently Asked Questions’ for details regarding the timescales for which new effects are identified and recorded on this site.
[X1Council Implementing Regulation (EU) 2020/1536
of 22 October 2020
implementing Regulation (EU) 2019/796 concerning restrictive measures against cyber-attacks threatening the Union or its Member States]
THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Council Regulation (EU) 2019/796 of 17 May 2019 concerning restrictive measures against cyber-attacks threatening the Union or its Member States(1), and in particular Article 13(1) thereof,
Having regard to the proposal from the High Representative of the Union for Foreign Affairs and Security Policy,
Whereas:
(1) On 17 May 2019 the Council adopted Regulation (EU) 2019/796.
(2) Targeted restrictive measures against cyber-attacks with a significant effect which constitute an external threat to the Union or its Member States are among the measures included in the Union’s framework for a joint diplomatic response to malicious cyber activities (the cyber diplomacy toolbox) and are a vital instrument to deter and respond to such activities.
(3) In order to prevent, discourage, deter and respond to continuing and increasing malicious behaviour in cyberspace, two natural persons and one body should be included in the list of natural and legal persons, entities and bodies subject to restrictive measures set out in Annex I to Regulation (EU) 2019/796. Those persons and that body are responsible for or were involved in cyber-attacks with a significant effect which constitute an external threat to the Union or its Member States, in particular the cyber-attack against the German federal parliament (Deutscher Bundestag) which took place in April and May 2015.
(4) Annex I to Regulation (EU) 2019/796 should therefore be amended accordingly,
HAS ADOPTED THIS REGULATION:
Editorial Information
X1 Substituted by Corrigendum to Council Implementing Regulation (EU) 2020/1536 of 22 October 2020 of implementing Regulation (EU) 2019/796 concerning restrictive measures against cyber-attacks threatening the Union or its Member States (Official Journal of the European Union L 351 I of 22 October 2020).
Article 1U.K.
Annex I to Regulation (EU) 2019/796 is amended in accordance with the Annex to this Regulation.
Article 2U.K.
This Regulation shall enter into force on the date of its publication in the Official Journal of the European Union.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
ANNEXU.K.
The following entries are added to the list of natural and legal persons, entities and bodies set out in Annex I to Regulation (EU) 2019/796:
A.
Natural persons
| Name | Identifying information | Reasons | Date of listing | |
|---|---|---|---|---|
| ‘7. | Dmitry Sergeyevich BADIN | Дмитрий Сергеевич БАДИН Date of birth: 15 November 1990 Place of birth: Kursk, Russian SFSR (now Russian Federation) Nationality: Russian Gender: male | Dmitry Badin took part in a cyber-attack with a significant effect against the German federal parliament (Deutscher Bundestag). As a military intelligence officer of the 85th Main Centre for Special Services (GTsSS) of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GU/GRU), Dmitry Badin was part of a team of Russian military intelligence officers which conducted a cyber-attack against the German federal parliament (Deutscher Bundestag) in April and May 2015. This cyber-attack targeted the parliament’s information system and affected its operation for several days. A significant amount of data was stolen and the email accounts of several MPs as well as of Chancellor Angela Merkel were affected. | 22.10.2020 |
| 8. | Igor Olegovich KOSTYUKOV | Игорь Олегович КОСТЮКОВ Date of birth: 21 February 1961 Nationality: Russian Gender: male | Igor Kostyukov is the current Head of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GU/GRU), where he previously served as First Deputy Head. One of the units under his command is the 85th Main Centre for Special Services (GTsSS), also known as “military unit 26165” (industry nicknames: “APT28”, “Fancy Bear”, “Sofacy Group”, “Pawn Storm” and “Strontium”). In this capacity, Igor Kostyukov is responsible for cyber-attacks carried out by the GTsSS, including those with a significant effect constituting an external threat to the Union or its Member States. In particular, military intelligence officers of the GTsSS took part in the cyber-attack against the German federal parliament (Deutscher Bundestag) which took place in April and May 2015 and the attempted cyber-attack aimed at hacking into the Wi-Fi network of the Organisation for the Prohibition of Chemical Weapons (OPCW) in the Netherlands in April 2018. The cyber-attack against the German federal parliament targeted the parliament’s information system and affected its operation for several days. A significant amount of data was stolen and email accounts of several MPs as well as of Chancellor Angela Merkel were affected. | 22.10.2020’ |
B.
Legal persons, entities and bodies
| Name | Identifying information | Reasons | Date of listing | |
|---|---|---|---|---|
| ‘4. | 85th Main Centre for Special Services (GTsSS) of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GU/GRU) | Address: Komsomol’skiy Prospekt, 20, Moscow, 119146, Russian Federation | The 85th Main Centre for Special Services (GTsSS) of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GU/GRU), also known as “military unit 26165” (industry nicknames: “APT28”, “Fancy Bear”, “Sofacy Group”, “Pawn Storm” and “Strontium”), is responsible for cyber-attacks with a significant effect constituting an external threat to the Union or its Member States. In particular, military intelligence officers of the GTsSS took part in the cyber-attack against the German federal parliament (Deutscher Bundestag) which took place in April and May 2015 and the attempted cyber-attack aimed at hacking into the Wi-Fi network of the Organisation for the Prohibition of Chemical Weapons (OPCW) in the Netherlands in April 2018. The cyber-attack against the German federal parliament targeted the parliament’s information system and affected its operation for several days. A significant amount of data was stolen and email accounts of several MPs as well as of Chancellor Angela Merkel were affected. | 22.10.2020’ |
Options/Help
Print Options
PrintThe Whole Regulation
Legislation is available in different versions:
Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.
Original (As adopted by EU): The original version of the legislation as it stood when it was first adopted in the EU. No changes have been applied to the text.
Point in Time: This becomes available after navigating to view revised legislation as it stood at a certain point in time via Advanced Features > Show Timeline of Changes or via a point in time advanced search.
See additional information alongside the content
Geographical Extent: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.
Show Timeline of Changes: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.
Opening Options
Different options to open legislation in order to view more content on screen at once
More Resources
Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as adopted version that was used for the EU Official Journal
- lists of changes made by and/or affecting this legislation item
- all formats of all associated documents
- correction slips
- links to related legislation and further information resources
Timeline of Changes
This timeline shows the different versions taken from EUR-Lex before exit day and during the implementation period as well as any subsequent versions created after the implementation period as a result of changes made by UK legislation.
The dates for the EU versions are taken from the document dates on EUR-Lex and may not always coincide with when the changes came into force for the document.
For any versions created after the implementation period as a result of changes made by UK legislation the date will coincide with the earliest date on which the change (e.g an insertion, a repeal or a substitution) that was applied came into force. For further information see our guide to revised legislation on Understanding Legislation.
More Resources
Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as adopted version that was used for the print copy
- correction slips
Click 'View More' or select 'More Resources' tab for additional information including:
- lists of changes made by and/or affecting this legislation item
- confers power and blanket amendment details
- all formats of all associated documents
- links to related legislation and further information resources
All content is available under the Open Government Licence v3.0 except where otherwise stated. This site additionally contains content derived from EUR-Lex, reused under the terms of the Commission Decision 2011/833/EU on the reuse of documents from the EU institutions. For more information see the EUR-Lex public statement on re-use.