European Union: NIS Cooperation Group adopted risk assessment of detection equipment at border crossing points

On 13 February 2026, the Network and Information Systems (NIS) Cooperation Group, in collaboration with the European Commission and the European Union Agency for Cybersecurity (ENISA), published a coordinated security risk assessment of detection equipment used by law enforcement and security operators at border crossing points. This assessment, carried out under Article 22 of the NIS2 Directive, provides an overview of cybersecurity risks and necessary mitigating measures for equipment used in both stand-alone and interconnected environments. The report identifies 13 generic risks based on an all-hazard approach, primarily focusing on detection equipment supply chain vulnerabilities. The highest-ranked risks involve dependency on a limited number of manufacturers, unauthorised maintenance access affecting equipment performance, and the potential for malware to jeopardise sensitive information systems. The evaluation notes that while much equipment currently operates independently, the integration into larger ICT systems at major logistics hubs increases the potential impact of security incidents. As development towards the European Union Customs Authority and the European Union Data Hub progresses, the assessment stresses that interoperability will heighten these vulnerabilities. To manage these risks, the document calls for the effective application of Union-level measures for high-risk suppliers and the integration of security requirements into procurement and maintenance practices. The assessment further addresses challenges in the detection equipment market, such as the dominance of non-European Union manufacturers, and aims to support the diversification of market availability and the de-risking of critical infrastructure.