Defending the security of the EU constitutional order against malicious cyber activity: Reflections on the cyber-targeted sanctions regime.

The European Union has gradually developed a complex and evolving legal framework aimed at managing cybersecurity issues, although national security remains an exclusive responsibility of the Member States pursuant to Article 4(2) TEU. Cybersecurity, indeed, represents a specific component of the supranational strategy for a ‘Security Union’ against exogenous influences that could undermine the EU constitutional order based upon the values set in Article 2 TEU. The article aims to examine recent developments in the Union’s cybersecurity instruments under the Common Foreign and Security Policy (CFSP) from a constitutional perspective, considering the EU’s value-based legal framework. In particular, the analysis focuses on the adoption of restrictive measures against cyber malicious activities from abroad as instrument of CFSP to counter this type of threat. Based on the challenges that characterise this system of sanctions, the article critically assesses the consistency with the EU’s constitutional constraints and its effective contribution to the Union’s security, alongside that of the Member States.