The countdown for NIS-2 is on: By 17 October 2024 at the latest, the new EU directive on network and information security must be transposed into national law. NIS-2 not only expands the circle of affected companies and public institutions - by up to 100,000 additional organisations across Europe - but also tightens the prescribed protective measures. Among other things, possible security risks in supply chains and supplier relationships come more into focus. As a result, NIS-2 also has an impact on a great many other companies.

To ensure the security of their supply chains, CRITIS operators must take into account "the specific vulnerabilities of each immediate supplier and service provider, as well as the overall quality of the products and cybersecurity practices of the ...