The Point: NIS2 compliance requires formal coverage of supply chain security in all critical sectors from October onwards, with documented risk assessment.
The NIS2 Directive sets an October deadline by which organizations within its scope must redesign their supply chain security according to new standards. For CISOs, this means concrete control obligations over external partners and critical dependencies.
With the expiration of a transition period in October, companies falling under NIS2 scope must reassess and document their supply chain security. The Directive requires not only review of direct IT partners, but also systematic identification of third-party risks and critical dependencies in the value chain.
For CISOs, the scope of control is expanding: risk analyses must include suppliers, cloud providers, and other critical external actors. Documentation of these assessments becomes a compliance obligation. Many organizations must extend or rebuild their existing vendor management processes to meet the requirements.
The October deadline marks the transition from planning to implementation: from this point forward, the expanded requirements apply with full legal force. Organizations unable to demonstrate reliable supply chain security concepts by then face regulatory issues and fines.
Source: news.google.com · Published 30 June 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.