Bottom line: NIS2 requires granular access controls extending to supply chain interfaces and must be implemented through documented processes.
The NIS2 Directive obligates organizations to implement access controls that must also cover supply chain security. Structured implementation of authentication and authorization across the supply chain is central to compliance.
The NIS2 Directive requires organizations to establish access controls according to the principle of necessity (Least Privilege). These must not only protect internal systems, but also secure critical interfaces with suppliers, partners and service providers that are part of the value chain.
For CISOs, this means that authentication and authorization mechanisms must be systematically extended to supply chain partners. This includes managing user identities across organizational boundaries, controlling temporary access and revoking privileges when partnerships terminate. Particularly relevant is the mapping of access rights at technical and organizational levels.
Practical implementation requires documentation of access policies, regular audits of assigned rights, and implementation of technical controls such as multi-factor authentication for sensitive functions. Organizations should make access requests, approvals and changes traceable and proactively address deviations from policies.
Source: news.google.com · Published June 16, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.