The Cybersecurity Act V2 (CSA V2), expected to be fully implemented by 2027, will fundamentally change how European organizations manage their ICT supply chains. For CISOs, this means mandatory vendor risk assessments must include ownership structure and country-of-origin analysis, not just technical security controls.
Starting in 2027, organizations classified as essential or important under NIS2 will be prohibited from using ICT components from designated high-risk suppliers in critical infrastructure. Mobile network operators have 36 months to replace affected equipment; other sectors will follow.
The immediate impact: procurement processes need updating, existing vendor relationships require auditing, and replacement roadmaps must be developed. Organizations with significant exposure to potentially affected suppliers (currently ~32% of 5G infrastructure in the EU) face substantial transition costs.
CISOs should act now: map your supply chain exposure, implement enhanced vendor due diligence incorporating non-technical risk factors, and align replacement cycles with the transition timeline. Early preparation minimizes disruption and positions your organization ahead of mandatory compliance deadlines.
Recommended advisory: PAC Leadership Session – Cybersecurity Compliance
SHARE :
This document provides market volumes, growth rates and forecasts for Cloud Ecosystem Services in Norway for the 2024-2030 period.
Event Date : January 28, 2026
This document contains the detailed findings for the world from PAC’s “SITSI® CxO Investment Survey 2023”, in which IT decision-makers in user ...
Event Date : October 19, 2023
Indra’s strategic inflection: early delivery of its transformation plan and shift from systems integrator to a vertically integrated defence, ...
Event Date : May 27, 2026
This document provides market volumes, growth rates and forecasts for Cloud Ecosystem Services in France for the 2024-2030 period.
Event Date : January 22, 2026
This document provides market volumes, growth rates and forecasts for Cloud Ecosystem Services in Austria for the 2024-2030 period.
Event Date : January 21, 2026
Sovereign AI-related Services in Europe – PAC RADAR (internal use) – 2026
Radar June 10, 2026
Agentic AI-related Services in Europe – PAC RADAR (internal use) – 2026
Radar June 10, 2026
AI-related Services for the German Mittelstand – PAC RADAR (internal use) – 2026
Radar June 10, 2026
AI-related Services in the UK – PAC RADAR (internal use) – 2026
Radar June 10, 2026
AI-related Services in France – PAC RADAR (internal use) – 2026
Radar June 10, 2026
Atos: Cause for Optimism, Despite the Headlines
Blog Post February 05, 2024
From AI Experimentation to Operational AI
Blog Post June 10, 2026
Top 10 IT Services providers in France: A Difficult 2025 Accelerating the Sector's Transformation
Blog Post June 05, 2026
Agentic AI Enterprise Transformation
Whitepaper & Trend Studies June 01, 2026
TCS SovereignSecure Cloud: A modular and pragmatic approach to Sovereign Cloud in Europe
Blog Post May 28, 2026
Model Selection Is A Strategic Governance Challenge
Blog Post May 28, 2026
