Why are sanctions imposed?

Australia established a thematic autonomous sanctions regime in relation to significant cyber incidents on 21 December 2021. Unlike a country-specific autonomous sanctions regime, a thematic autonomous sanctions regime applies to sanctionable conduct wherever it occurs in the world.

Under the regime, the Minister for Foreign Affairs may designate a person or entity for targeted financial sanctions and declare a person for a travel ban if the Minister is satisfied the person or entity:

• has caused, or attempted to cause, a significant cyber incident;
• has assisted with causing, or with attempting to cause, a significant cyber incident; or
• has otherwise been complicit in causing, or in attempting to cause, a significant cyber incident.

A 'cyber incident' is a cyber-enabled event (or a group of related cyber events) that results in, or seeks to cause, harm to Australia or another country or countries. This may include events that result in harm to individuals, businesses, economies or governments.

The application of the regime will be reserved for the most egregious situations of international concern. Before making a designation or declaration under the regime, the Minister for Foreign Affairs must obtain the agreement in writing of the Attorney‑General and consult such other Ministers as the Minister for Foreign Affairs considers appropriate.

What is prohibited by the significant cyber sanctions regime?

The significant cyber incidents sanctions regime imposes the following sanctions measures:

Restrictions on providing assets to designated persons or entities

Restrictions on dealing with the assets of designated persons or entities (requirement to freeze assets)
It is prohibited to directly or indirectly make an asset available to, or for the benefit of, a designated person or entity.
It is also prohibited to use or deal with an asset, or allow or facilitate another person to use or deal with an asset owned or controlled by a designated person or entity (the assets are 'frozen’ and cannot be used or dealt with). The prohibition on 'dealing’ with assets includes using, selling or moving assets

An 'asset' includes an asset or property of any kind, whether tangible or intangible, movable or immovable.

Go to the Consolidated List to search the names of designated persons and entities.

If you become aware that you are holding an asset of a designated person or entity, you are required to freeze (hold) that asset and notify the AFP as soon as possible. Go to What You Need to Do for more information.

Travel bans

All declared persons are prohibited from transiting through or entering Australia.

Sanctions Permits

The Minister for Foreign Affairs may grant a sanctions permit to allow an activity that would otherwise be prohibited under the regime provided the activity meets specific criteria.

The table below provides a general guide to relevant criteria. You should get your own legal advice if you think your proposed activity is affected by sanctions and may meet the criteria for a permit. Go to Sanctions Permits for information on permits, including how to apply.

Relevant legislation

The relevant legislation for the significant cyber sanctions regime includes the following:

• Autonomous Sanctions Act 2011
• Autonomous Sanctions Regulations 2011
• Autonomous Sanctions (Designated Persons and Entities and Declared Persons – Thematic Sanctions) Instrument 2022
• Customs (Prohibited Exports) Regulations 1958