The Cybersecurity Act V2 (CSA V2), expected to be fully implemented by 2027, will fundamentally change how European organizations manage their ICT supply chains. For CISOs, this means mandatory vendor risk assessments must include ownership structure and country-of-origin analysis, not just technical security controls.
Starting in 2027, organizations classified as essential or important under NIS2 will be prohibited from using ICT components from designated high-risk suppliers in critical infrastructure. Mobile network operators have 36 months to replace affected equipment; other sectors will follow.
The immediate impact: procurement processes need updating, existing vendor relationships require auditing, and replacement roadmaps must be developed. Organizations with significant exposure to potentially affected suppliers (currently ~32% of 5G infrastructure in the EU) face substantial transition costs.
CISOs should act now: map your supply chain exposure, implement enhanced vendor due diligence incorporating non-technical risk factors, and align replacement cycles with the transition timeline. Early preparation minimizes disruption and positions your organization ahead of mandatory compliance deadlines.
Recommended advisory: PAC Leadership Session – Cybersecurity Compliance
SHARE :
This Excel document is part of the company profiles PAC publishes every year at local, regional and worldwide level;
Event Date : March 28, 2025
This document provides market volumes, growth rates and forecasts for the Business Application Software (BAS)-related Consulting & Systems ...
Event Date : March 25, 2025
This Excel document is part of the company profiles PAC publishes every year at local, regional and worldwide level; it includes the following ...
Event Date : January 21, 2022
Quantum computing drives breakthroughs but is also associated with risks to cryptography. Algorithms like RSA and ECC could become vulnerable, ...
Event Date : October 21, 2025
Cost constraints, talent availability, and reactivity to threats are driving the need to consolidate companies’ cyber security. By focusing on ...
Event Date : March 30, 2023
Accenture - Figures - Denmark – FY 31-Aug-2025
Datamart March 05, 2026 NEW 
Accenture - Vendor Profile - Denmark
Vendor Profile March 05, 2026 NEW
Accenture - Figures - Finland – FY 31-Aug-2025
Datamart March 05, 2026 NEW
Accenture - Vendor Profile - Finland
Vendor Profile March 05, 2026 NEW
M&A - Deal Tracker - Worldwide
Datamart March 05, 2026 NEW
Atos: Cause for Optimism, Despite the Headlines
Blog Post February 05, 2024
Part 6: The IAM Technology Landscape – Components, Architectures, and Design Options
Blog Post March 03, 2026
AI Powers Your Innovation Flywheel
Blog Post February 25, 2026
Orange Business FY 2025, facing the future with trust…
Blog Post February 25, 2026
OpenClaw Signals A Bifurcation Into Human And Agentic Webs
Blog Post February 24, 2026
Part 5: Zero Trust and IAM – Two Sides of the Same Coin
Blog Post February 24, 2026
