EU Member States approved, on Monday 17 October, the draft EU Council conclusions on strengthening the supply chain security of the information and communication technologies (ICT). The findings come as cyber attacks have increased in recent years and the threat is growing in the current context of geopolitical tensions.
In concrete terms, the agreed conclusions include specific actions to strengthen the security of ICT supply chains, notably in the areas of public procurement and foreign direct investments screening.
In this respect, Member States are also putting forward the idea of selection criteria related to cyber security in public procurement processes. The Commission, for its part, could publish methodological guidelines to encourage public procurement authorities to make cybersecurity a central issue.
In addition, the conclusions also stress the need for further work on the proposed legislation on cyber resilience. This would complement other legislation already in force, such as the NIS2 Directive (see EUROPE 12992/31).
Finally, the implementation of coordinated assessments under the latter directive could be facilitated by the creation of an ICT supply chain toolkit, which would consist of generic measures to reduce risks to this critical supply chain.
See the conclusions: https://aeur.eu/f/3nh (Original version in French by Thomas Mangin)