In an era where supply chains are as interconnected as the technologies that power them, cybersecurity risks no longer respect sectoral or national boundaries. This panel explores the urgent need for an EU-wide, coordinated approach to supply chain security—one that bridges public and private sectors, aligns risk assessment methodologies, and drives the development of a horizontal policy framework across Member States.
The discussion is grounded in the 2024 Report on the State of Cybersecurity in the Union (https://www.enisa.europa.eu/news/eus-first-ever-report-on-the-state-of-cybersecurity-in-the-union), adopted by the European Union Agency for Cybersecurity (ENISA) in cooperation with the European Commission and the Network and Information Systems Cooperation Group, gathering all EU Member States to cooperate on cybersecurity strategic matters. One of the 6 key recommendations of the Report calls for stepping up coordinated risk assessments and establishing a comprehensive EU policy framework to address cybersecurity challenges across supply chains.
Panellists will examine how unified risk assessments can strengthen Europe’s collective resilience, what a common EU supply chain security strategy could look like in practice, and how to balance regulatory ambition with operational realities. With a focus on critical infrastructure, operational technology, and third-party dependencies, this discussion will chart a course from fragmented efforts to a future of shared responsibility and action. Additionally, conference participants will receive insights into the development of the ICT Supply Chain Toolbox—a set of measures currently being prepared by ENISA and the NIS Cooperation Group to mitigate critical ICT supply chain risks across the EU.
