More and More IT Decisions Are Driven by European Legislation. What Does This Mean for Business Strategy and Supplier Policies? The Latest Insights from Recent Research.
European cybersecurity legislation is changing the game. This is evident from the Cybersecurity Survey 2025 study. Legislation such as NIS2, the Digital Operational Resilience Act (DORA), and the upcoming Cyber Resilience Act (CRA) have become decisive factors for IT strategies and supplier choices.
Almost all surveyed IT leaders state that this legislation structurally guides technological choices and investments.
Compliance Increasingly Seen as a Strategic Opportunity
Although organisations primarily aim to comply with laws and regulations, many companies now see compliance more and more as an opportunity to strengthen their digital reliability and competitive position.
Preference for European Suppliers Is Growing
Over 45% of CIOs report consciously choosing European technology partners. This development is partly driven by stricter compliance requirements, but also by concerns about geopolitical risks and data management outside the EU.
In sectors such as industry, energy, healthcare and government, the demand for suppliers operating according to European standards and legislation is increasing.
IT Compliance as a Foundation in IT Strategy
Compliance is no longer an afterthought, but an integral part of system design, cloud selection and contract negotiations.
According to the research, laws and regulations are now actively incorporated into procurement criteria, risk management and supplier selection.
CIOs and supervisory boards increasingly value transparency and accountability—and are specifically seeking solutions that enable this.
NIS2 Quality Mark Provides a Standardised Approach Across Europe
Without a uniform approach, each organisation must assess compliance per supplier and per country. This leads to extra costs and unnecessary complexity.
The NIS2 Quality Mark offers one practical and recognisable approach, usable throughout the EU. This enables companies to manage risks without overburdening their supply chain.
What Does This Mean for Companies?
For organisations that want to seriously invest in digital security, the message is clear: compliance is no longer optional, but a necessity.
Companies that can demonstrably get their processes in order— for example, via the NIS2 Quality Mark—strengthen their market position. They build trust with customers, regulators, banks and insurers.
Opportunities for Companies That Act Now
Companies that proactively invest in responsible IT processes and collaborate with certified partners are already creating a competitive advantage.
Those who anticipate now will reap the benefits later.
