The group is recommending that cyber penalties focus on individuals and entities. It said the door should also be left open to making cyber-crimes also subject to “sectoral measures.”

The EU has been mulling such a cyber sanctions regime since 2015 and the group of countries is pressing the bloc’s 28 nations to formally agree on the matter at a gathering of EU leaders in Brussels next week.