On 16 May 2023 the Council of the European Union extended the Decision concerning restrictive measures against cyber-attacks threatening the Union or its Member States until 18 May 2025. The measures set out in Articles 4 and 5 of the Decision shall apply as regards the natural and legal persons, entities and bodies listed in the Annex until 18 May 2024.