12/05/2025 (Agence Europe) – On Monday 12 May, the EU Council decided to extend by one year - until 18 May 2026 - the restrictive measures against perpetrators of cyber-attacks threatening the EU and its Member States, but also third countries or international organisations, where these measures are deemed necessary to achieve the objectives of the common foreign and security policy (CFSP). The legal framework for these measures, introduced in May 2019 (see EUROPE 12257/9), has been extended by three years, until 18 May 2028. Currently 17 individuals and four entities are subject to measures: a freeze on their assets and, for individuals, a ban on travelling to the EU. It is also forbidden to provide, directly or indirectly, funds or economic resources to them or for their benefit. These individual listings will continue to be reviewed every 12 months. (CG)