In the past few years, cybersecurity experts have identified a new phenomenon: supply chain cybersecurity attacks. In these attacks, threat actors exploit systems so that they can subsequently infiltrate a much larger target. Several pieces of open-source software have seen contributors work for many years to gain trust which they then violate by implementing backdoors in the software. In a way, these supply chain attacks are a modern Trojan horse. This threat is amplified by the supply chain of modern digital products, which can consists of thousands of hardware and software suppliers. EU legislators have also identified this threat and have started to respond. Recent legislation includes supply chain cybersecurity requirements for entities operating in critical sectors (e.g., hospitals) and financial entities. Is this approach sufficient, and, if not, how should and the law respond? I hope to see all of you in April to discuss further!