We use cookies to collect and analyse information on site performance and usage to improve and customise your experience, where applicable. View our Cookies Policy. Click Accept and continue to use our website or Manage to review and update your preferences.

Strengthen procurement rules – cyber report
(Pic: Shutterstock)
03 Dec 2025 technology Print

Strengthen procurement rules – cyber report

An updated assessment of the risks posed by cyber-attacks to Ireland has called for full implementation of a package of EU measures aimed at tackling the threat.
The report also calls for stronger Government procurement rules.

The recommendations are contained in the National Cyber Security Centre’s updated National Cyber Risk Assessment (NCRA), published yesterday (2 December).

The report provides an overview of the systemic cyber threats facing the State, its critical national infrastructure, and the associated supply chains.

The report provides an overview of the systemic cyber threats facing the State, its critical national infrastructure, and the associated supply chains.

‘Aggressive response’

Writing in the report, NCSC director Richard  Browne said that it underscored the need for a co-ordinated national approach to cyber-security – including taking a whole-of-society approach.

“However, it is also clear thar the accelerating nature of some of the risks demands an aggressive response by the State – including by making full and active use of EU legislation,” he added.

The report calls for the implementation of EU rules that include the NIS2 Directive, the Cyber Resilience Act, the Cyber Security Act, and the Cyber Solidarity Act.

A draft National Cyber Security Bill going through the Oireachtas puts the NCSC on a statutory footing and transposes NIS2 into Irish law, though data-collection concerns have been expressed about some sections.

Third-country interference

The report finds that critical ICT (information and communication technology) supply chains create some of the most significant systemic risks to Ireland.

“Reliance on complex, opaque, and concentrated supply chains exposes the State to embedded vulnerabilities, vendor lock-in, and third-country interference,” it states.

“It is imperative that organisations procuring services central to the operations of their business and the security of their data perform due diligence on the cyber-security of prospective partners or suppliers and the regulatory environments they operate within,” the assessment states.

It warns of the risk of third-country interference in supply-chain security, which could include the unauthorised transfer of data to third countries, embedded vulnerabilities in product design, or in-built back door capability.

‘High-risk’ suppliers

It calls for stronger Government procurement rules to ensure that “baseline” cyber-security requirements are applied consistently.

The report also urges the State to “increase visibility” into ownership, control, and security practices at ICT suppliers.

It also says that the State should have “appropriate legal powers” to step in where “high-risk” suppliers of ICT infrastructure pose national-level risks in critical sectors.

Gazette Desk
Gazette.ie is the daily legal news site of the Law Society of Ireland

Related to technology

technology
Matheson appoints new technology partner

Marie McGinley to lead division from next year

technology
Law Society's GenAI guidance for solicitors

‘Particular caution’ urged on submissions to court
technology
Telecoms and cloud giants on DORA list

EU bodies’ name ‘critical’ providers to financial firms
technology
RDJ to roll out Legora GenAI platform

Move follows ‘successful’ pilot earlier this year

Copyright © 2025 Law Society Gazette. The Law Society is not responsible for the content of external sites – see our Privacy Policy.