The European Commission proposed a new cybersecurity package, including a revised Cybersecurity Act (CSA2) and amendments to NIS2, to strengthen the EU’s cybersecurity resilience. The CSA2 introduces a five-step mechanism to address non-technical risks in the ICT supply chain, potentially prohibiting NIS2 organizations from using ICT equipment from high-risk suppliers, particularly those from countries posing cybersecurity concerns. This framework aims to protect the EU’s ICT supply chain, with potential implications for connectivity and space operators.
