The Cybersecurity Act V2 (CSA V2), expected to be fully implemented by 2027, will fundamentally change how European organizations manage their ICT supply chains. For CISOs, this means mandatory vendor risk assessments must include ownership structure and country-of-origin analysis, not just technical security controls.
Starting in 2027, organizations classified as essential or important under NIS2 will be prohibited from using ICT components from designated high-risk suppliers in critical infrastructure. Mobile network operators have 36 months to replace affected equipment; other sectors will follow.
The immediate impact: procurement processes need updating, existing vendor relationships require auditing, and replacement roadmaps must be developed. Organizations with significant exposure to potentially affected suppliers (currently ~32% of 5G infrastructure in the EU) face substantial transition costs.
CISOs should act now: map your supply chain exposure, implement enhanced vendor due diligence incorporating non-technical risk factors, and align replacement cycles with the transition timeline. Early preparation minimizes disruption and positions your organization ahead of mandatory compliance deadlines.
Recommended advisory: PAC Leadership Session – Cybersecurity Compliance
SHARE :
This Excel document is part of the company profiles PAC publishes every year at local, regional and worldwide level.
Event Date : June 06, 2025
This Excel document is part of the company profiles PAC publishes every year at local, regional and worldwide level.
Event Date : March 18, 2026
This Excel document is part of the company profiles PAC publishes every year at local, regional and worldwide level.
Event Date : September 19, 2024
This short vendor profile provides a quick overview of the local portfolio and performance of Kyndryl in Austria.
Event Date : July 08, 2025
This short vendor profile provides a quick overview of the local portfolio and performance of DXC in Sweden.
Event Date : May 13, 2022
Market Reports May 28, 2026
Expert View: Foundation Models Significantly Impact The Behavior Of AI Agents
Market Reports May 27, 2026
Indra - Figures - Spain - FY 31-Dec-2025
Datamart May 27, 2026 NEW 
Indra - Vendor Profile - Spain
Vendor Profile May 27, 2026 NEW
Atos - Figures - France - FY 31-Dec-2025
Datamart May 27, 2026 NEW
Atos: Cause for Optimism, Despite the Headlines
Blog Post February 05, 2024
TCS SovereignSecure Cloud: A modular and pragmatic approach to Sovereign Cloud in Europe
Blog Post May 28, 2026
Model Selection Is A Strategic Governance Challenge
Blog Post May 28, 2026
The hidden message in the LTM-Randstad deal: labor arbitrage is running out of road
Blog Post May 25, 2026
The Hidden Cost Problem in AI Model Usage
Blog Post May 22, 2026
Embedding AI with SAP: What Dutch organizations are doing differently
Blog Post May 21, 2026
