the new IDs for old controls that did not change. For these you only need to update the control ID from your current SoA, keeping all the remaining information the same. For example, control A.9.1.1 Access control policy, is now A.5.15 Access control.
the new IDs for old controls that change only the control name. For these, you need to update the control ID and control name from your current SoA. For example, control A.14.3.1 Protection of test data is now A.8.33 Test information
the new IDs for old controls that were merged. For these you need to create a new entry, merging the information from merged controls, and excluding the entries from the older version. For example, controls A.5.1.1 Policies for information security and A.5.1.2 Review of the policies for information security are now A.5.1 Policies for information security
the new IDs for the new controls. For these, you will need to update your risk assessment to verify if these new controls are applicable or not and include the proper information. For example, control A.5.7 Threat intelligence