The EU has launched a new “toolbox” to strengthen ICT supply chain security.

The EU has introduced an ICT Supply Chain Security Toolbox, setting out an EU-level approach to identify, assess and mitigate cybersecurity risks across ICT supply chains. It was developed by the NIS2 Cooperation Group, involving EU Member States, the European Commission and the European Union Agency for Cybersecurity (ENISA).

The toolbox outlines relevant risk scenarios and recommends mitigation measures, including the assessment of critical suppliers, the importance of multi-vendor strategies, and approaches to address dependencies on high-risk suppliers. It empowers Member States to strengthen ICT supply chain security.

Emphasising the importance of securing Europe’s ICT supply chains, in the revised cybersecurity framework presented on 20 January 2026 (the proposal to revise Regulation (EU) 2019/881), the Commission also proposed a trusted ICT supply chain framework focused on addressing non-technical risks—such as foreign interference—enabling a harmonised approach for the most critical supply chains.