The EU issued Implementation Regulation No. 2026/589 to impose sanctions on 2 Chinese individuals and 2 Chinese companies. Brussels, March 16, 2026 - The Council of the European Union officially adopted Implementation Regulation No. 2026/589 today, imposing sanctions on 2 Chinese individuals, 2 Chinese companies and 1 Iranian company. The EU claims that the sanctions are aimed at combating cyber attacks against EU member states, and the sanctioned entities and individuals are accused of being related to cyber security incidents.
Sanctions List and Details of Charges According to an official statement issued by the Council of the European Union, the entities and individuals included in the sanctions list include:
ntegrity Technology Group: Accused of hacking into more than 65,000 devices in six EU member states by providing technical and material support between 2022 and 2023.
Anxun Information Technology: Accused of providing hacking services to critical infrastructure and critical functions of EU member states and third countries.
2 Chinese individuals: Allegedly co-founders of the company, alleged to be responsible for and involved in cyberattacks affecting EU member states.
Emennet Pasargad (Iranian company): Accused of hacking billboards to spread false information during the 2024 Paris Olympics.
The sanctions take effect immediately. According to the implementation regulations, starting from March 16, 2026, the above-mentioned individuals and companies included in the sanctions list will face the following restrictions:
Asset freeze: All funds and financial assets held within the EU will be frozen.
Fund embargo: EU citizens and companies are prohibited from providing any funds, financial assets or economic resources to the above entities and individuals. Travel ban: The two sanctioned Chinese individuals will face a ban on entering and transiting EU territory.
This sanction is a continuation of the EU’s recent pressure on China in the field of cybersecurity. In January 2026, the European Commission proposed a revised draft of the "Cybersecurity Law", which planned to gradually phase out components and equipment from so-called "high-risk suppliers" in 18 key areas such as 5G communications, semiconductors, and power systems. This move was widely seen as targeting Chinese technology companies such as Huawei and ZTE. For Chinese companies operating or doing business in Europe, this sanction sends a clear signal: the EU is accelerating "de-Chinaization" in the field of critical digital infrastructure through legislative and administrative means. Companies need to pay close attention to updates on the EU sanctions list, strengthen internal compliance reviews, and avoid facing legal risks and economic losses due to association with sanctioned entities.