On 16 April 2018, the Council adopted conclusions on malicious cyber activities which underline the importance of a global, open, free, stable and secure cyberspace where human rights and fundamental freedoms and the rule of law fully apply.
The Council expresses its serious concern about the increased ability and willingness of third states and non-state actors to pursue their objectives by undertaking malicious cyber activities. The EU will continue to bolster its capabilities to address cyber threats.
The Council firmly condemns the malicious use of information and communications technologies (ICTs), including in Wannacry and NotPetya, which have caused significant damage and economic loss in the EU and beyond. It stresses that the use of ICTs for malicious purposes is unacceptable.
The EU expresses its willingness to continue working on the further development and implementation of voluntary non-binding norms, rules and principles for the responsible state behaviour in cyberspace within the UN and other appropriate international fora.