Supplier Contract Security Addendum Template

by SPAC Alliance | November 2025 | Library, NIS 2, Training and Tools

Several legal instruments recommend – and in some cases require – the inclusion of contractual clauses or dedicated annexes on physical and cyber security, in order to limit the risk of attacks (or their consequences) between two commercial partners:

  • NIS 2 Directive, introducing the notion of shared responsibility within the supply chain (confirmed and further detailed by Implementing Regulation 2024/2690)
  • CER Directive, imposing resilience objectives

15 Security requirements listed in the regulations

According to your own criticality and/or that of your service provider, you must include all or part of the following clauses to mitigate your liability and — most importantly — ensure an adequate level of security:

  1. Security scope and objectives (NIS 2 Art. 21 + Regulation 2024/2690 §5.1.4)
  2. Selection criteria and ongoing compliance — Regulation 2024/2690 §5.1.2
  3. Incident notification “without undue delay” — Regulation 2024/2690 §5.1.4(d)
  4. Audit rights / audit reports — Regulation 2024/2690 §5.1.4(e)
  5. Vulnerability and patch management — Regulation 2024/2690 §5.1.4(f) together with patch-management principles (§16)

EXCLUSIVE Product

This content is exclusively available to CLUB SPAC Alliance subscribers and SPAC Alliance Members!
JOIN US !

Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.
Change
Please enter a new password