Cyber attacks can originate from anywhere in the world and target anyone irrespective of their location...this is a consequence of the connectivity that underlies the Internet.
This presents many challenges for anyone investigating these incidents, as the trail can take you literally anywhere, especially considering all of the "hops" and false trails attackers employ to disguise their origin. Often a trail will end at an ISP, normally in a foreign country, where you are then relying on civil legal action (should any be available) or reporting the matter to law enforcement and seeking their assistance.
These same challenges also apply to law enforcement and governments seeking to investigate or deter cyber attackers. There is sometimes no evidential trail available, although that is not always the case and often the perpetrators can be identified. However, it is one thing to identify and another to do anything about it.
This is where their framework should be of assistance, allowing measures such as travel bans and asset freezes to be used against perpetrators and those that provide financial, technical or material support to them. Although there are obvious limitations to how effective this may be in combating the problem, it does recognise the problem, provide remedies and therefore should be commended.
this framework allows the EU for the first time to impose sanctions on persons or entities that are responsible for cyber-attacks or attempted cyber-attacks, who provide financial, technical or material support for such attacks or who are involved in other ways. Sanctions may also be imposed on persons or entities associated with them.