This toolbox provides a common approach on how to identify, assess and mitigate cybersecurity risks of ICT supply chains. It also outlines risk scenarios and recommends mitigation measures, including overcoming the dependencies on high-risk suppliers.
The toolbox will help Member States and public and private actors to bolster the security of ICT supply chains in the EU as set out in the revised Cybersecurity Act presented on 20 January 2026.
This toolbox is accompanied by two risks assessments on connected and automated vehicles and detection equipment. These two reports provide a comprehensive overview of the cybersecurity risks identified, their potential consequences, and the mitigating measures considered necessary to address them.
You can download the toolbox and the risks assessments below.