The Cybersecurity Act V2 (CSA V2), expected to be fully implemented by 2027, will fundamentally change how European organizations manage their ICT supply chains. For CISOs, this means mandatory vendor risk assessments must include ownership structure and country-of-origin analysis, not just technical security controls.
Starting in 2027, organizations classified as essential or important under NIS2 will be prohibited from using ICT components from designated high-risk suppliers in critical infrastructure. Mobile network operators have 36 months to replace affected equipment; other sectors will follow.
The immediate impact: procurement processes need updating, existing vendor relationships require auditing, and replacement roadmaps must be developed. Organizations with significant exposure to potentially affected suppliers (currently ~32% of 5G infrastructure in the EU) face substantial transition costs.
CISOs should act now: map your supply chain exposure, implement enhanced vendor due diligence incorporating non-technical risk factors, and align replacement cycles with the transition timeline. Early preparation minimizes disruption and positions your organization ahead of mandatory compliance deadlines.
Recommended advisory: PAC Leadership Session – Cybersecurity Compliance
SHARE :
This report provides a comprehensive overview of SAP's current customer experience offering. We will define the term customer experience, ...
Event Date : November 17, 2022
This Vendor Profile offers an in-depth analysis of Swisscom’s strategy, performance, and market positioning in 2024, alongside PAC’s expert ...
Event Date : December 03, 2025
Snowflake, Databricks, and Palantir aim to own the enterprise AI control plane. However, they pursue distinct and complementary strategies to define ...
Event Date : March 19, 2026
This document provides the following vendor rankings for the SAP services market in Germany.
Event Date : December 15, 2025
This document provides market volumes, growth rates and forecasts for Cloud Ecosystem Services in China for the 2022-2028 period.
Event Date : February 13, 2024
Cloud Computing - Infosys - Vendor Profile - Worldwide
Vendor Profile April 16, 2026 NEW 
Cloud Computing - Wipro - Vendor Profile - Worldwide
Vendor Profile April 15, 2026 NEW
Cloud Computing - Fujitsu - Vendor Profile - Worldwide
Vendor Profile April 15, 2026 NEW
Adobe Systems - Figures - Worldwide – FY 30-Nov-2025
Datamart April 14, 2026 NEW
Adobe Systems - Vendor Profile - Worldwide
Vendor Profile April 14, 2026 NEW
Atos: Cause for Optimism, Despite the Headlines
Blog Post February 05, 2024
Blog Post April 09, 2026
Maximizing AI ROI Through Smarter Model Usage
Blog Post April 08, 2026
Fujitsu advances its AI strategy and industry focus with a governance led approach
Blog Post April 02, 2026
Blog Post March 27, 2026
NTT DATA’s Horizons Innovation Summit 2026 Explores AI Opportunities
Blog Post March 27, 2026
