The Cybersecurity Act V2 (CSA V2), expected to be fully implemented by 2027, will fundamentally change how European organizations manage their ICT supply chains. For CISOs, this means mandatory vendor risk assessments must include ownership structure and country-of-origin analysis, not just technical security controls.
Starting in 2027, organizations classified as essential or important under NIS2 will be prohibited from using ICT components from designated high-risk suppliers in critical infrastructure. Mobile network operators have 36 months to replace affected equipment; other sectors will follow.
The immediate impact: procurement processes need updating, existing vendor relationships require auditing, and replacement roadmaps must be developed. Organizations with significant exposure to potentially affected suppliers (currently ~32% of 5G infrastructure in the EU) face substantial transition costs.
CISOs should act now: map your supply chain exposure, implement enhanced vendor due diligence incorporating non-technical risk factors, and align replacement cycles with the transition timeline. Early preparation minimizes disruption and positions your organization ahead of mandatory compliance deadlines.
Recommended advisory: PAC Leadership Session – Cybersecurity Compliance
SHARE :
This document provides market volumes, growth rates and forecasts for the Public and Hosted Private Cloud in France for the 2024-2030 period.
Event Date : June 18, 2026
This document provides market volumes, growth rates and forecasts for the Digital Sustainability Services market for the 2022-2028 period.
Event Date : July 17, 2024
While the cloud as a technology paradigm has been around for many years, its use across all retail operations continues to evolve in how retailers ...
Event Date : January 23, 2024
This document provides market volumes, growth rates and forecasts for the Business Application Software (BAS)-related Consulting & Systems ...
Event Date : March 25, 2025
The starting point for sustainability-related projects at financial institutions (FIs) can be IT infrastructures or application landscapes ...
Event Date : September 07, 2023
Services & Consumers - InSight Analysis - UK
Market Reports July 10, 2026
Transport - InSight Analysis - UK
Market Reports July 09, 2026
Datamart July 07, 2026
Datamart July 07, 2026
Software & IT Services - Vendor Rankings - Poland
Datamart July 07, 2026
Atos: Cause for Optimism, Despite the Headlines
Blog Post February 05, 2024
Top 10 IT Services Providers in Germany
Blog Post July 07, 2026
Cybersecurity M&A Is Not Slowing Down. It Is Becoming More Selective
Blog Post July 06, 2026
Top 10 IT Services Companies in the UK
Press Releases June 30, 2026
Accenture’s OT Security Bet: A Very Expensive Deal That Makes Strategic Sense
Blog Post June 23, 2026
Hitachi Digital Services – an integrated digital powerhouse is awakening
Blog Post June 23, 2026