On December 31, 2015, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) inaugurated the much-anticipated ‘Cyber-Related Sanctions Regulations’, 31 C.F.R. Part 578. The regulations implement Executive Order 13694 of April 1, 2015 (“Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities”), a blocking order which delegated authority to the Secretary of the Treasury to issue such implementing regulations, amongst other powers.

Upon its release, EO 13694 was styled as a significant tool for the Obama administration in tackling new threats from the cyber theater. According to a statement that President Obama released concurrent with the issuance of EO 13694, the Order was part of a “comprehensive strategy” that the Administration was “pursuing…to confront [malicious cyber actors].” It was certainly apparent that OFAC was hard at work clarifying the scope of the Order for interested parties to identify exactly what kind of conduct the U.S. government was targeting for sanctions. Indeed, OFAC issued a series of Frequently Asked Questions (“FAQs”) to provide guidance on the precise scope of EO 13694.

It is unclear how much work the new regulations will get, though. Despite the significant work that has gone into the Order and its implementing regulations, no U.S. or foreign person has been designated under EO 13694 — some highly-publicized threats to do so notwithstanding. Further, no timeline has been established for imposing designations under EO 13694.

Nonetheless, the issuance of the regulations signifies that the Cyber-Related Sanctions Program is here to stay for the foreseeable future. Unlike country-based sanctions programs, which are susceptible to removal due to renewed diplomatic ties or other diplomatic happenings, the conduct-based nature of the Cyber-Related Sanctions Program — as well as growing cyber-insecurities — suggests that this program will have legs to stand on for a considerable period of time. While U.S. persons have no current obligations with respect to EO 13694 or its implementing regulations, cognizance of the existing authorities is recommended to avoid any potential issues down the road.