The Cybersecurity Act V2 (CSA V2), expected to be fully implemented by 2027, will fundamentally change how European organizations manage their ICT supply chains. For CISOs, this means mandatory vendor risk assessments must include ownership structure and country-of-origin analysis, not just technical security controls.
Starting in 2027, organizations classified as essential or important under NIS2 will be prohibited from using ICT components from designated high-risk suppliers in critical infrastructure. Mobile network operators have 36 months to replace affected equipment; other sectors will follow.
The immediate impact: procurement processes need updating, existing vendor relationships require auditing, and replacement roadmaps must be developed. Organizations with significant exposure to potentially affected suppliers (currently ~32% of 5G infrastructure in the EU) face substantial transition costs.
CISOs should act now: map your supply chain exposure, implement enhanced vendor due diligence incorporating non-technical risk factors, and align replacement cycles with the transition timeline. Early preparation minimizes disruption and positions your organization ahead of mandatory compliance deadlines.
Recommended advisory: PAC Leadership Session – Cybersecurity Compliance
SHARE :
This Excel document is part of the company profiles PAC publishes every year at local, regional and worldwide level; it includes the following ...
Event Date : August 22, 2025
IT companies are facing increasing pressure from all of their stakeholders to decarbonize their products and services while also having a central ...
Event Date : September 05, 2022
This short vendor profile provides a quick overview of the local portfolio and performance of Capgemini in Germany.
Event Date : December 09, 2024
This Excel document is part of the company profiles PAC publishes every year at local, regional and worldwide level.
Event Date : November 06, 2024
NLP (natural language processing) and NLU (natural language understanding) technologies are starting to gain momentum as more and more enterprises ...
Event Date : January 26, 2021
Cloud Ecosystem Services - Market Figures - Rest of Eastern Europe
Datamart March 18, 2026 NEW 
Cloud Platforms by Segments - Market Figures - Rest of Eastern Europe
Datamart March 18, 2026 NEW
Cloud Ecosystem Services - Market Figures - Turkey
Datamart March 18, 2026 NEW
Cloud Platforms by Segments - Market Figures - Turkey
Datamart March 18, 2026 NEW
CGI - Figures - Finland – FY 30-Sep-2025
Datamart March 17, 2026 NEW
Atos: Cause for Optimism, Despite the Headlines
Blog Post February 05, 2024
Part 8: Real-World IAM – Lessons Learned from the Field
Blog Post March 17, 2026
No AI Without Networks: 1Finity / Fujitsu Network Analyst Day 2026
Blog Post March 12, 2026
Key Takeaways From Mobile World Congress 2026
Blog Post March 12, 2026
How the Middle East Conflict Could Shape the IT Services Market
Blog Post March 10, 2026
Part 7: Navigating the IAM Vendor Landscape – Platforms, Trends, and How to Choose
Blog Post March 10, 2026
