While this is the first time that the EU has utilized sanctions in retaliation to cyber-attacks, the means for doing so was put in place over a year ago. In May of 2019, the EU added framework to support its Common Foreign and Security Policy which would allow for sanctions against individuals or entities which were believed to be behind cyber-attacks against the EU and its members. The response to these sanctions will be interesting to see unfold in the coming weeks and months. Both China and Russia have a history of responding to sanctions by vehemently denouncing the entities who leverage sanctions against them, and in some cases leverage their own sanctions in retaliation. North Korea, on the other hand, will quickly look to bypass the sanctions by any means necessary, especially when those sanctions have a financial impact. Following China’s support of UN sanctions which required the expulsion of North Korean businesses and businessmen from China, North Korea increased financially based cyber-attacks to supplement the financial loss from those businesses. While these sanctions will likely lead to a change in how each of these organizations target EU based entities, they will likely not stop the cyber-attacks or cyber-espionage activities for long. More information on this incident can be found at: https://www.bleepingcomputer.com/news/security/eu-sanctions-russian-espionage-unit-chinese-and-north-korean-firms/
The announcement of new sanctions by the EU can be found at: https://www.consilium.europa.eu/en/press/press-releases/2020/07/30/eu-imposes-the-first-ever-sanctions-against-cyber-attacks/