Vendor cybersecurity due diligence
Vendor cybersecurity due diligence in the Technology, AI and Competition sector is now a front-line compliance obligation, not a back-office checklist. The Federal Trade Commission, the European Data Protection Board, and the U.S. Cybersecurity and Infrastructure Security Agency have each issued binding or quasi-binding guidance requiring firms to assess third-party risk before onboarding, not after a breach. Compliance teams are currently mapping vendor contracts against CISA's 2023 Secure by Design principles and the FTC's updated Safeguards Rule enforcement posture to close gaps before auditors ask.
Watch
- FTC Safeguards Rule enforcement actions targeting inadequate vendor oversight programs
- EDPB guidance on processor agreements under Article 28 GDPR, especially for AI vendors
- CISA's voluntary Secure by Design pledge and whether voluntary becomes a procurement expectation
- New EU AI Act obligations that extend liability to deployers using third-party AI components
Recent material activity in Technology, AI & Competition
Active monitoring in place across Technology, AI & Competition. Material developments related to vendor cybersecurity due diligence will appear here as they are published.