ICT supply chains, certification schemes are targets of EU cyber package

( January 20, 2026, 15:17 GMT | Official Statement) -- MLex Summary: The European Commission has published the revised Cybersecurity Act. The draft law includes binding measures to phase out from “high-risk vendors” of ICT equipment in critical supply chains, a reform of the current framework to issue cybersecurity certificates, as well as a revamped mandate for the EU cybersecurity agency ENISA. The bill was published with an amendment targeting the revised Network and Information Systems Directive.Full statement follows. The draft legislation and supporting documents are attached....

Prepare for tomorrow’s regulatory change, today

MLex identifies risk to business wherever it emerges, with specialist reporters across the globe providing exclusive news and deep-dive analysis on the proposals, probes, enforcement actions and rulings that matter to your organization and clients, now and in the longer term.

Know what others in the room don’t, with features including:

Daily newsletters for Antitrust, M&A, Trade, Data Privacy & Security, Technology, AI and more
Custom alerts on specific filters including geographies, industries, topics and companies to suit your practice needs
Predictive analysis from expert journalists across North America, the UK and Europe, Latin America and Asia-Pacific
Curated case files bringing together news, analysis and source documents in a single timeline

Experience MLex today with a 14-day free trial.

Start Free Trial

Already a subscriber? Click here to login

ICT supply chains, certification schemes are targets of EU cyber package

Prepare for tomorrow’s regulatory change, today

Documents

Related Sections