The EU ICT Supply Chain Security Toolbox: Turning Supplier Risk into Reviewable Evidence
· 5 min read
On 13 February 2026, the NIS Cooperation Group adopted the EU ICT Supply Chain Security Toolbox, developed by Member States with support from the European Commission and ENISA.
The European Commission describes the toolbox as a horizontal, common, non-binding approach for identifying, assessing, and mitigating cybersecurity risks in ICT supply chains. It recommends measures such as critical-supplier assessment, multi-vendor strategies, and reducing dependencies on high-risk suppliers.
