Ceci est une version HTML d'une pièce jointe de la demande d'accès à l'information 'Documents: ST 12474 2020 INIT & ST 12476 2020 INIT'.


 
  
 
 
 
 

Council of the 
 
 European Union 
   
 
Brussels, 9 November 2020 
(OR. en) 

   
 
12537/20 
 

 
 
 
LIMITE 
 
CORLX 527 
CFSP/PESC 946 

 
 
RELEX 843 
CYBER 213 
JAI 898 
FIN 814 

 
'I' ITEM NOTE 
From: 
General Secretariat of the Council 
To: 
Permanent Representatives Committee 
Subject: 
Council Decision and Implementing Regulation concerning restrictive 
measures against cyber-attacks threatening the Union or its Member 
States 
 
 
DOCUMENT PARTIALLY ACCESSIBLE TO THE PUBLIC (17.11.2020) 
1. 
On 17 May 2019, the Council adopted Decision (CFSP) 2019/797 (1) concerning restrictive 
measures against cyber-attacks threatening the Union or its Member States. 
2. 
On 30 July 2020, the Council adopted Decision (CFSP) 2020/1127, which added six natural 
persons and three entities or bodies to the list of natural and legal persons, entities and bodies 
subject to restrictive measures in the Annex to Decision (CFSP) 2019/797. 
3. 
On 29 October 2020, the High Representative submitted to the Council a proposal for a 
Council Decision amending Decision (CFSP) 2019/797 concerning restrictive measures 
against cyber-attacks threatening the Union or its Member States (doc. 12473/20), and a 
proposal for a Council Implementing Regulation implementing Regulation (EU) 2019/796 
(doc. 12475/20), updating the information for two listings. 
                                                 
1  
Council Decision (CFSP) 2019/797 of 17 May 2019 concerning restrictive measures against 
cyber-attacks threatening the Union or its Member States (OJ L 129 I, 17.5.2019, p. 13). 
 
12537/20  
 
MV/ia 

 
RELEX.1.C 
LIMITE 
EN 
 

  
4. 
On 5 November 2020, the Foreign Relations Counsellors Working Party (RELEX) agreed the 
text of the draft Council Decision and Implementing Regulation. 
5. 
In these circumstances, COREPER is invited to:  
– 
confirm the agreement on the draft Council Decision and draft Council Implementing 
Regulation; 
– 
decide, in accordance with Article 12 of the Council's Rules of Procedure, and Article 1 
of Council Decision 2020/430, that the Council use the written procedure to: 
– 
adopt the draft Council Decision, as set out, after finalisation of the text by the 
legal/linguistic experts, in document 12474/20 and the draft Council 
Implementing Regulation implementing Regulation (EU) 2019/796 as set out, 
after finalisation of the text by the legal/linguistic experts, in document 12476/20; 
– 
approve the draft notices as set out in annexes I and II to this note as well as the 
draft letter in Annex III; 
– 
agree to the publication of the abovementioned Decision and Implementing Regulation 
and notices in the Official Journal of the European Union. 
 
 
12537/20  
 
MV/ia 

 
RELEX.1.C 
LIMITE 
EN 
 

 
ANNEX I 
Notice for the attention of the persons subject to the restrictive measures provided for in 
Council Decision (CFSP) 2019/797(2), as amended by Council Decision (CFSP) 
2020/[number], and in Council Regulation (EU) 2019/796(3), as implemented by Council 
Implementing Regulation (EU) 2020/[number] concerning restrictive measures against 
cyber-attacks threatening the Union or its Member States  
 
The following information is brought to the attention of the persons that appear in the Annex to 
Council Decision (CFSP) 2019/797, as amended by Council Decision (CFSP) 2020/[number]+, and 
in Annex I to Council Regulation (EU) 2019/796, as implemented by Council Implementing 
Regulation (EU) 2020/[number] concerning restrictive measures against cyber-attacks threatening 
the Union or its Member States. 
The Council of the European Union has decided to update the information on two persons that 
appear in the above-mentioned Annexes. The grounds for the listing of the persons concerned 
appear in the relevant entries in those Annexes. 
The attention of the persons concerned is drawn to the possibility of making an application to the 
competent authorities of the relevant Member State(s) as indicated on the websites in Annex II to 
Council Regulation (EU) 2019/796 concerning restrictive measures against cyber-attacks 
threatening the Union or its Member States, in order to obtain an authorisation to use frozen funds 
for basic needs or specific payments. 
                                                 
2  
Council Decision (CFSP) 2019/797 of 17 May 2019 concerning restrictive measures against 
cyber-attacks threatening the Union or its Member States (OJ L 129 I, 17.5.2019, p. 13). 
  
OJ: please insert number and publication details for the Decision in document 12474/20. 
3  
Council Regulation (EU) 2019/796 concerning restrictive measures against cyber-attacks 
threatening the Union or its Member States (OJ L 129 I, 17.05.2019, p. 1). 
  
OJ: please insert number and publication details for the Regulation in document 12476/20. 
 
 
12537/20  
 
MV/ia 

ANNEX I 
RELEX.1.C 
LIMITE 
EN 
 

 
The persons concerned may submit a request to the Council, together with supporting 
documentation, that the decision to include them on the above-mentioned lists should be 
reconsidered, before 15 January 2021, to the following address: 
Council of the European Union 
General Secretariat 
RELEX.1.C 
Rue de la Loi/Wetstraat 175 
1048 Bruxelles/Brussel 
BELGIQUE/BELGIË 
e-mail: xxxxxxxxx@xxxxxxxxx.xxxxxx.xx 
Any observations received will be taken into account for the purpose of the Council's periodic 
review, in accordance with Article 10 of Decision (CFSP) 2019/797 concerning restrictive measures 
against cyber-attacks threatening the Union or its Member States. 
The attention of the persons concerned is also drawn to the possibility of challenging the Council's 
decision before the General Court of the European Union, in accordance with the conditions laid 
down in Article 275, second paragraph, and Article 263, fourth and sixth paragraphs, of the Treaty 
on the Functioning of the European Union. 
 
 
12537/20  
 
MV/ia 

ANNEX I 
RELEX.1.C 
LIMITE 
EN 
 

 
ANNEX II 
Notice for the attention of the data subjects to whom the restrictive measures provided for in 
Decision (CFSP) 2019/797 and Council Regulation (EU) 2019/796 concerning restrictive 
measures against cyber-attacks threatening the Union or its Member States 
 
The attention of data subjects is drawn to the following information in accordance with Article 16 
of Regulation (EU) 2018/1725. 
The legal basis for this processing operation are Council Decision (CFSP) 2019/797(4), as amended 
by Council Decision (CFSP) 2020/[number], and in Council Regulation (EU) 2019/796(5), as 
implemented by Council Implementing Regulation (EU) 2020/[number] concerning restrictive 
measures against cyber-attacks threatening the Union or its Member States. 
The controller of this processing operation is the Council of the European Union represented by the 
Director General of RELEX (External Relations) of the General Secretariat of the Council and the 
department entrusted with the processing operation is RELEX.1.C that can be contacted at: 
 
Council of the European Union 
General Secretariat 
RELEX.1.C 
Rue de la Loi/Wetstraat 175 
1048 Bruxelles/Brussel 
BELGIQUE/BELGIË 
e-mail: xxxxxxxxx@xxxxxxxxx.xxxxxx.xx 
                                                 
4  
Council Decision (CFSP) 2019/797 of 17 May 2019 concerning restrictive measures against 
cyber-attacks threatening the Union or its Member States (OJ L 129 I, 17.5.2019, p. 13). 
  
OJ: please insert number and publication details for the Decision in document 12474/20. 
5  
Council Regulation (EU) 2019/796 concerning restrictive measures against cyber-attacks 
threatening the Union or its Member States (OJ L 129 I, 17.05.2019, p. 1). 
  
OJ: please insert number and publication details for the Regulation in document 12476/20. 
 
12537/20  
 
MV/ia 

ANNEX II 
RELEX.1.C 
LIMITE 
EN 
 

 
The GSC's Data Protection Officer can be contacted at: 
Data Protection Officer 
xxxx.xxxxxxxxxx@xxxxxxxxx.xxxxxx.xx 
The purpose of the processing operation is the establishment and updating of the list of persons 
subject to restrictive measures in accordance with Council Decision (CFSP) 2019/797, as amended 
by Council Decision (CFSP) 2020/[number], and in Council Regulation (EU) 2019/796, as 
implemented by Council Implementing Regulation (EU) 2020/[number]. 
The data subjects are the natural persons who fulfil the listing criteria as laid down in Decision 
(CFSP) 2019/797 and Council Regulation (EU) 2019/796. 
The personal data collected includes data necessary for the correct identification of the person 
concerned, the statement of reasons and any other data related thereto. 
The personal data collected may be shared as necessary with the European External Action Service 
and the Commission. 
Without prejudice to restrictions pursuant to Article 25 of Regulation (EU) 2018/1725, the exercise 
of the rights of the data subjects such as the right of access, as well as the rights to rectification or to 
object will be answered in accordance with Regulation (EU) 2018/1725. 
Personal data will be retained for 5 years from the moment the data subject has been removed from 
the list of persons subject to the restrictive measures or the validity of the measure has expired, or 
for the duration of court proceedings in the event they had been started. 
Without prejudice to any judicial, administrative or non-judicial remedy, data subjects may lodge a 
complaint with the European Data Protection Supervisor in accordance with Regulation (EU) 
2018/1725 (xxxx@xxxx.xxxxxx.xx)
 
                                                 
  
OJ: please insert number and publication details for the Decision in document 12474/20. 
  
OJ: please insert number and publication details for the Regulation in document 12476/20. 
 
12537/20  
 
MV/ia 

ANNEX II 
RELEX.1.C 
LIMITE 
EN 
 

 
ANNEX III 
 
DELETED FROM THIS POINT UNTIL THE END OF THE DOCUMENT (page 8) 
 
 
 
12537/20  
 
MV/ia 

ANNEX III 
RELEX.1.C 
LIMITE 
EN