Council of the
European Union
Brussels, 9 November 2020
(OR. en)
12537/20
LIMITE
CORLX 527
CFSP/PESC 946
RELEX 843
CYBER 213
JAI 898
FIN 814
'I' ITEM NOTE
From:
General Secretariat of the Council
To:
Permanent Representatives Committee
Subject:
Council Decision and Implementing Regulation concerning restrictive
measures against cyber-attacks threatening the Union or its Member
States
DOCUMENT PARTIALLY ACCESSIBLE TO THE PUBLIC (17.11.2020)
1.
On 17 May 2019, the Council adopted Decision (CFSP) 2019/797 (
1) concerning restrictive
measures against cyber-attacks threatening the Union or its Member States.
2.
On 30 July 2020, the Council adopted Decision (CFSP) 2020/1127, which added six natural
persons and three entities or bodies to the list of natural and legal persons, entities and bodies
subject to restrictive measures in the Annex to Decision (CFSP) 2019/797.
3.
On 29 October 2020, the High Representative submitted to the Council a proposal for a
Council Decision amending Decision (CFSP) 2019/797 concerning restrictive measures
against cyber-attacks threatening the Union or its Member States (doc. 12473/20), and a
proposal for a Council Implementing Regulation implementing Regulation (EU) 2019/796
(doc. 12475/20), updating the information for two listings.
1
Council Decision (CFSP) 2019/797 of 17 May 2019 concerning restrictive measures against
cyber-attacks threatening the Union or its Member States (OJ L 129 I, 17.5.2019, p. 13).
12537/20
MV/ia
1
RELEX.1.C
LIMITE
EN
4.
On 5 November 2020, the Foreign Relations Counsellors Working Party (RELEX) agreed the
text of the draft Council Decision and Implementing Regulation.
5.
In these circumstances, COREPER is invited to:
–
confirm the agreement on the draft Council Decision and draft Council Implementing
Regulation;
–
decide, in accordance with Article 12 of the Council's Rules of Procedure, and Article 1
of Council Decision 2020/430, that the Council use the written procedure to:
–
adopt the draft Council Decision, as set out, after finalisation of the text by the
legal/linguistic experts, in document 12474/20 and the draft Council
Implementing Regulation implementing Regulation (EU) 2019/796 as set out,
after finalisation of the text by the legal/linguistic experts, in document 12476/20;
–
approve the draft notices as set out in annexes I and II to this note as well as the
draft letter in Annex III;
–
agree to the publication of the abovementioned Decision and Implementing Regulation
and notices in the Official Journal of the European Union.
12537/20
MV/ia
2
RELEX.1.C
LIMITE
EN
ANNEX I
Notice for the attention of the persons subject to the restrictive measures provided for in
Council Decision (CFSP) 2019/797(2), as amended by Council Decision (CFSP)
2020/[number]
, and in Council Regulation (EU) 2019/796(
3)
, as implemented by Council
Implementing Regulation (EU) 2020/[number]
concerning restrictive measures against
cyber-attacks threatening the Union or its Member States
The following information is brought to the attention of the persons that appear in the Annex to
Council Decision (CFSP) 2019/797, as amended by Council Decision (CFSP) 2020/[
number]+, and
in Annex I to Council Regulation (EU) 2019/796, as implemented by Council Implementing
Regulation (EU) 2020/[
number] concerning restrictive measures against cyber-attacks threatening
the Union or its Member States.
The Council of the European Union has decided to update the information on two persons that
appear in the above-mentioned Annexes. The grounds for the listing of the persons concerned
appear in the relevant entries in those Annexes.
The attention of the persons concerned is drawn to the possibility of making an application to the
competent authorities of the relevant Member State(s) as indicated on the websites in Annex II to
Council Regulation (EU) 2019/796
concerning restrictive measures against cyber-attacks
threatening the Union or its Member States, in order to obtain an authorisation to use frozen funds
for basic needs or specific payments.
2
Council Decision (CFSP) 2019/797 of 17 May 2019 concerning restrictive measures against
cyber-attacks threatening the Union or its Member States (OJ L 129 I, 17.5.2019, p. 13).
OJ: please insert number and publication details for the Decision in document 12474/20.
3
Council Regulation (EU) 2019/796 concerning restrictive measures against cyber-attacks
threatening the Union or its Member States (OJ L 129 I, 17.05.2019, p. 1).
OJ: please insert number and publication details for the Regulation in document 12476/20.
12537/20
MV/ia
3
ANNEX I
RELEX.1.C
LIMITE
EN
The persons concerned may submit a request to the Council, together with supporting
documentation, that the decision to include them on the above-mentioned lists should be
reconsidered,
before 15 January 2021, to the following address:
Council of the European Union
General Secretariat
RELEX.1.C
Rue de la Loi/Wetstraat 175
1048 Bruxelles/Brussel
BELGIQUE/BELGIË
e-mail:
xxxxxxxxx@xxxxxxxxx.xxxxxx.xx
Any observations received will be taken into account for the purpose of the Council's periodic
review, in accordance with Article 10 of Decision (CFSP) 2019/797 concerning restrictive measures
against cyber-attacks threatening the Union or its Member States.
The attention of the persons concerned is also drawn to the possibility of challenging the Council's
decision before the General Court of the European Union, in accordance with the conditions laid
down in Article 275, second paragraph, and Article 263, fourth and sixth paragraphs, of the Treaty
on the Functioning of the European Union.
12537/20
MV/ia
4
ANNEX I
RELEX.1.C
LIMITE
EN
ANNEX II
Notice for the attention of the data subjects to whom the restrictive measures provided for in
Decision (CFSP) 2019/797 and Council Regulation (EU) 2019/796 concerning restrictive
measures against cyber-attacks threatening the Union or its Member States
The attention of data subjects is drawn to the following information in accordance with Article 16
of Regulation (EU) 2018/1725.
The legal basis for this processing operation are Council Decision (CFSP) 2019/797(
4), as amended
by Council Decision (CFSP) 2020/[
number], and in Council Regulation (EU) 2019/796(
5),
as
implemented by Council Implementing Regulation (EU) 2020/[
number] concerning restrictive
measures against cyber-attacks threatening the Union or its Member States.
The controller of this processing operation is the Council of the European Union represented by the
Director General of RELEX (External Relations) of the General Secretariat of the Council and the
department entrusted with the processing operation is RELEX.1.C that can be contacted at:
Council of the European Union
General Secretariat
RELEX.1.C
Rue de la Loi/Wetstraat 175
1048 Bruxelles/Brussel
BELGIQUE/BELGIË
e-mail:
xxxxxxxxx@xxxxxxxxx.xxxxxx.xx
4
Council Decision (CFSP) 2019/797 of 17 May 2019 concerning restrictive measures against
cyber-attacks threatening the Union or its Member States (OJ L 129 I, 17.5.2019, p. 13).
OJ: please insert number and publication details for the Decision in document 12474/20.
5
Council Regulation (EU) 2019/796 concerning restrictive measures against cyber-attacks
threatening the Union or its Member States (OJ L 129 I, 17.05.2019, p. 1).
OJ: please insert number and publication details for the Regulation in document 12476/20.
12537/20
MV/ia
5
ANNEX II
RELEX.1.C
LIMITE
EN
The GSC's Data Protection Officer can be contacted at:
Data Protection Officer
xxxx.xxxxxxxxxx@xxxxxxxxx.xxxxxx.xx
The purpose of the processing operation is the establishment and updating of the list of persons
subject to restrictive measures in accordance with Council Decision (CFSP) 2019/797, as amended
by Council Decision (CFSP) 2020/[
number], and in Council Regulation (EU) 2019/796, as
implemented by Council Implementing Regulation (EU) 2020/[
number].
The data subjects are the natural persons who fulfil the listing criteria as laid down in Decision
(CFSP) 2019/797 and Council Regulation (EU) 2019/796.
The personal data collected includes data necessary for the correct identification of the person
concerned, the statement of reasons and any other data related thereto.
The personal data collected may be shared as necessary with the European External Action Service
and the Commission.
Without prejudice to restrictions pursuant to Article 25 of Regulation (EU) 2018/1725, the exercise
of the rights of the data subjects such as the right of access, as well as the rights to rectification or to
object will be answered in accordance with Regulation (EU) 2018/1725.
Personal data will be retained for 5 years from the moment the data subject has been removed from
the list of persons subject to the restrictive measures or the validity of the measure has expired, or
for the duration of court proceedings in the event they had been started.
Without prejudice to any judicial, administrative or non-judicial remedy, data subjects may lodge a
complaint with the European Data Protection Supervisor in accordance with Regulation (EU)
2018/1725 (xxxx@xxxx.xxxxxx.xx).
OJ: please insert number and publication details for the Decision in document 12474/20.
OJ: please insert number and publication details for the Regulation in document 12476/20.
12537/20
MV/ia
6
ANNEX II
RELEX.1.C
LIMITE
EN
ANNEX III
DELETED FROM THIS POINT UNTIL THE END OF THE DOCUMENT (page 8)
12537/20
MV/ia
7
ANNEX III
RELEX.1.C
LIMITE
EN