Skip to main content

Sanctions regimes

Significant cyber incidents sanctions framework

Why are sanctions imposed?

Australia established a thematic autonomous sanctions framework in relation to significant cyber incidents on 21 December 2021. Unlike a country-specific autonomous sanctions framework, a thematic autonomous sanctions framework applies to sanctionable conduct wherever it occurs in the world.

Under the framework, the Minister for Foreign Affairs may designate a person or entity for targeted financial sanctions and declare a person for a travel ban if the Minister is satisfied the person or entity:

  • has caused, or attempted to cause, a significant cyber incident;
  • has assisted with causing, or with attempting to cause, a significant cyber incident; or
  • has otherwise been complicit in causing, or in attempting to cause, a significant cyber incident.

A 'cyber incident' is a cyber-enabled event (or a group of related cyber events) that results in, or seeks to cause, harm to Australia or another country or countries. This may include events that result in harm to individuals, businesses, economies or governments.

The Minister may decide if a significant cyber incident has occurred by having regard to a range of factors, including the breadth, effect, and seriousness of the damage .

Before making a designation or declaration under the framework, the Minister for Foreign Affairs must obtain the agreement in writing of the Attorney‑General and consult such other Ministers as the Minister for Foreign Affairs considers appropriate.

What is prohibited by the significant cyber sanctions framework?

The significant cyber incidents sanctions framework imposes the following sanctions measures:

Measure UNSC Autonomous
restrictions on providing assets to designated persons or entities

-

restrictions on dealing with the assets of designated persons or entities

-

travel bans on declared persons

-

Restrictions on dealing with the assets of designated persons or entities (requirement to freeze assets)

It is prohibited to directly or indirectly make an asset available to, or for the benefit of, a designated person or entity.
It is also prohibited to use or deal with an asset, or allow or facilitate another person to use or deal with an asset owned or controlled by a designated person or entity (the assets are 'frozen’ and cannot be used or dealt with). The prohibition on 'dealing’ with assets includes using, selling or moving assets

An 'asset' includes an asset or property of any kind, whether tangible or intangible, movable or immovable.

Go to the Consolidated List to search the names of designated persons and entities.

If you become aware that you are holding an asset of a designated person or entity, you are required to freeze (hold) that asset and notify the AFP as soon as possible.

Travel bans

All declared persons are prohibited from entering or transiting through  Australia.

Sanctions Permits

The Minister for Foreign Affairs may grant a sanctions permit to allow an activity that would otherwise be prohibited under the framework provided the activity meets specific criteria.

Go to Sanctions Permits for information on permits, including how to apply.

Relevant legislation

The relevant legislation for the significant cyber sanctions framework includes the following:

Back to top