Publication in RInPrax | NIS-2 and the Supply Chain

The new Cybersecurity Act implementing the EU NIS-2 Directive has been in force since December 2025 and its impact extends well beyond the companies directly regulated. In practice, the newly established statutory requirements will increasingly flow into supply chains through contractual pass-through of audit and verification obligations, reporting duties, and warranties regarding security standards. Our attorney Dr. Friderike Rahne and legal trainee Yannis Langela analyse in the current issue of RInPrax (2026, p. 116 et seq.) what this means for regulated companies and their contractual partners, and which measures are advisable now.


The authors' conclusion: Those who professionalise their security standards and documentation at an early stage will not only protect their compliance but also their competitive position.