The Cybersecurity Act V2 (CSA V2), expected to be fully implemented by 2027, will fundamentally change how European organizations manage their ICT supply chains. For CISOs, this means mandatory vendor risk assessments must include ownership structure and country-of-origin analysis, not just technical security controls.
Starting in 2027, organizations classified as essential or important under NIS2 will be prohibited from using ICT components from designated high-risk suppliers in critical infrastructure. Mobile network operators have 36 months to replace affected equipment; other sectors will follow.
The immediate impact: procurement processes need updating, existing vendor relationships require auditing, and replacement roadmaps must be developed. Organizations with significant exposure to potentially affected suppliers (currently ~32% of 5G infrastructure in the EU) face substantial transition costs.
CISOs should act now: map your supply chain exposure, implement enhanced vendor due diligence incorporating non-technical risk factors, and align replacement cycles with the transition timeline. Early preparation minimizes disruption and positions your organization ahead of mandatory compliance deadlines.
Recommended advisory: PAC Leadership Session – Cybersecurity Compliance
SHARE :
This vendor profile gives a comprehensive overview of the Worldwide positioning, performance and strategy of Arvato.
Event Date : March 14, 2025
Cybersecurity is a fast-paced market segment with many interesting start-up companies in Europe. This report will provide an overview of interesting ...
Event Date : December 18, 2024
This document provides market volumes, growth rates and forecasts for Cloud Ecosystem Services in Luxembourg for the 2024-2030 period.
Event Date : January 22, 2026
This Excel document is part of the company profiles PAC publishes every year at local, regional and worldwide level.
Event Date : April 09, 2026
Sopra Steria Norway is a leading IT and consulting provider serving public sector, healthcare, oil & gas and enterprise clients. The firm combines ...
Event Date : April 07, 2026
Oracle - Figures - France – FY 31-May-2025
Datamart May 08, 2026 NEW 
Oracle - Vendor Profile - France
Vendor Profile May 08, 2026 NEW
Cybersecurity – Deutsche Telekom Security – Vendor Profile – Worldwide
Vendor Profile May 08, 2026 NEW
Digital Customer Engagement - Genesys - Vendor Profile - Worldwide
Vendor Profile May 07, 2026 NEW
IT Services - Preliminary Vendor Rankings - US
Datamart May 07, 2026 NEW
Atos: Cause for Optimism, Despite the Headlines
Blog Post February 05, 2024
DataCenter Forum 2026 – Key Takeaways from the 8th Edition
Blog Post May 08, 2026
[update] How the Middle East Conflict Could Shape the IT Services Market
Blog Post May 07, 2026
Claude Mythos and the Strategic Recalibration of Cybersecurity
Blog Post May 05, 2026
Blog Post April 27, 2026
Hannover Messe 2026 – Industrial AI between business value, tech advancements, and hype
Blog Post April 27, 2026
