EU will be able to impose sanctions in response to cyber-attacks conducted or attempted against it, according to the newly adopted decision of the Council of the EU. The decision, which builds on the existing cyber-diplomacy toolbox from 2017, provides a framework for EU responses to cyber-attacks that constitute an external threat to the EU or its members, as well as attacks against third countries or international organisations. The Council of the EU will be able to react on cyber-attacks -or attempted cyber-attacks -of significant impact, that originate or use infrastructure outside of the union, or are carried out or supported by persons or entities outside of the EU. Sanctions against persons or entities conducting or supporting cyber-attacks include EU travel bans, asset freezes, and bans regarding economic co-operation with EU entities