NIS2 — Securing the Supply Chain
Obligation under Article 21(2)(d) NIS2 to assess supply chain risks.
Practitioner's note: This article is practice-oriented compliance documentation, not legal advice. We are a compliance specialist, not a law firm. For legally binding information please consult a licensed lawyer.
Definition
NIS2 obliges essential and important entities to systematically assess and address cybersecurity risks in the supply chain. In practice: supplier classification, contractual obligations (e.g. incident notification), audits of critical suppliers. The NIS2 Kit contains a supplier security policy and contractual clauses.