The Cybersecurity Act V2 (CSA V2), expected to be fully implemented by 2027, will fundamentally change how European organizations manage their ICT supply chains. For CISOs, this means mandatory vendor risk assessments must include ownership structure and country-of-origin analysis, not just technical security controls.
Starting in 2027, organizations classified as essential or important under NIS2 will be prohibited from using ICT components from designated high-risk suppliers in critical infrastructure. Mobile network operators have 36 months to replace affected equipment; other sectors will follow.
The immediate impact: procurement processes need updating, existing vendor relationships require auditing, and replacement roadmaps must be developed. Organizations with significant exposure to potentially affected suppliers (currently ~32% of 5G infrastructure in the EU) face substantial transition costs.
CISOs should act now: map your supply chain exposure, implement enhanced vendor due diligence incorporating non-technical risk factors, and align replacement cycles with the transition timeline. Early preparation minimizes disruption and positions your organization ahead of mandatory compliance deadlines.
Recommended advisory: PAC Leadership Session – Cybersecurity Compliance
SHARE :
For this report, we have identified 45 IT services providers that are active in the German market for digital sustainability & ESG.
Event Date : February 05, 2024
This Excel document is part of the company profiles PAC publishes every year at local, regional and worldwide level.
Event Date : October 24, 2025
This Excel document contains the latest market figures on the French SITS market with regard to the Transport sector.
Event Date : January 19, 2026
This Excel document is part of the company profiles PAC publishes every year at local, regional and worldwide level.
Event Date : November 10, 2025
Germany’s Manufacturing Industry in 2025: Navigating Digital Transformation and Global Challenges The German manufacturing sector is at a ...
Event Date : August 28, 2025
Cloud Ecosystem Services - Market Figures - France
Datamart June 18, 2026 NEW 
Cloud Platforms by Segments - Market Figures - France
Datamart June 18, 2026 NEW
Datamart June 18, 2026 NEW
Datamart June 18, 2026 HOT 
NEW
IT Services - Preliminary Vendor Rankings - Spain
Datamart June 17, 2026 NEW
Atos: Cause for Optimism, Despite the Headlines
Blog Post February 05, 2024
From AI Experimentation to Operational AI
Blog Post June 10, 2026
Top 10 IT Services providers in France: A Difficult 2025 Accelerating the Sector's Transformation
Blog Post June 05, 2026
Agentic AI Enterprise Transformation
Whitepaper & Trend Studies June 01, 2026
TCS SovereignSecure Cloud: A modular and pragmatic approach to Sovereign Cloud in Europe
Blog Post May 28, 2026
Model Selection Is A Strategic Governance Challenge
Blog Post May 28, 2026
