Risks in the supply chain are increasing. Cyberattacks via suppliers are causing direct disruptions in production, services, and data security. To help businesses better defend against this growing threat, article 1.26 of the NIS2 Quality Mark has been strengthened and made more specific. This update helps organizations better formalize and demonstrably apply their policies on digital resilience within their supply chains.
Why this update?
The threat posed by suppliers is growing. Many businesses rely heavily on IT and OT providers, digital platforms, logistics partners, and other key links in their chain. If just one of these links is compromised, the entire chain can grind to a halt. Companies must gain insight into their supply chain risks, make agreements on digital security, and document and implement these agreements in a verifiable manner.
Key points:
- Conduct a risk assessment of your most critical suppliers.
- Make clear agreements on digital security, based on proportional and achievable standards.
- Require suppliers to demonstrate compliance with the agreed standards.
- Review and update your policies and agreements annually.
Purpose of this update
The revision of article 1.26 is designed to help organizations safeguard business continuity. It specifically aims to prevent disruptions to the availability, integrity, and confidentiality of information due to vulnerabilities in the supply chain.
Insight, action, and assurance
The NIS2 Quality Mark supports companies in embedding these supply chain measures into their existing processes, aligning directly with the requirements set out in Article 21 of the European NIS2 Directive.
“Supply chain risks are no longer a side issue – they are central to every company’s digital resilience strategy. This update helps organizations establish structural control over their suppliers.”
