Third-party risk management
Third-party risk management in the Technology, AI, and Competition sector is under direct regulatory pressure from multiple directions. The Federal Trade Commission has used its unfair methods of competition authority to scrutinize platform dependencies and vendor lock-in arrangements, while the European Banking Authority's ICT and third-party risk guidelines and the U.S. Securities and Exchange Commission's cybersecurity disclosure rules are forcing technology firms to formalize what many previously treated as informal vendor oversight. Compliance teams are now mapping critical supplier relationships against contractual exit rights, concentration risk thresholds, and incident notification timelines before regulators ask first.
Watch
- SEC cybersecurity disclosure rule: vendor incident materiality determinations under active review
- EU AI Act Article 28 obligations for deployers using third-party AI system providers
- FTC scrutiny of exclusive dealing and API dependency in platform vendor contracts
- DORA ICT third-party risk provisions: applicability questions for U.S. tech firms with EU entities
- Concentration risk in cloud infrastructure: emerging supervisory expectation across APAC regulators
Recent material activity in Technology, AI & Competition
-
NIST releases updated AI Risk Management Framework companion guide for critical infrastructure
NIST published AI RMF 1.1 companion guidance specifically addressing AI deployment in critical infrastructure sectors including energy, financial services, and healthcare. The guide introduces mandatory risk assessment c…
Read a full sample brief →