The report provides an overview of the current supply chain cybersecurity practices followed by essential and important entities in the EU, based on the results of a 2022 ENISA study which focused on investments of cybersecurity budgets among organizations in the EU. The report also gathers good practices on supply chain cybersecurity derived from European and international standards. It focuses primarily on the supply chains of ICT or OT.