Products Intelligence Pricing Methodology Contact
TRADE & GEOPOLITICAL RISK

Vendor cybersecurity due diligence

Vendor cybersecurity due diligence in Trade and Geopolitical Risk is no longer a back-office checklist item: the U.S. Department of the Treasury's Office of Foreign Assets Control and the Bureau of Industry and Security have both issued guidance tying third-party technology relationships directly to sanctions exposure and export control liability. The European Union Agency for Cybersecurity published its updated ICT supply chain risk framework under the NIS2 Directive in late 2023, and compliance teams in cross-border trade are now mapping vendor contracts against those disclosure and incident-reporting requirements before renewals.

Watch

  • BIS Entity List additions affecting cloud and software vendors used in trade operations
  • NIS2 Directive ICT supply chain provisions: incident reporting deadlines for third-party breaches
  • OFAC guidance on technology vendor nexus to sanctioned jurisdiction exposure
  • Whether U.S. agencies coordinate a unified vendor vetting standard across trade and cyber mandates

Recent material activity in Trade & Geopolitical Risk

  • Apr 13, 2026 MATERIAL

    OFAC designates 14 entities linked to Russian defense procurement network

    The Treasury Department's Office of Foreign Assets Control added 14 entities and 6 individuals to the Specially Designated Nationals list for their roles in procuring critical technology components for Russia's defense i…

    Read a full sample brief →
  • Apr 10, 2026 MATERIAL

    BIS adds 22 Chinese semiconductor entities to Entity List for advanced chip diversion

    The Bureau of Industry and Security expanded export controls targeting Chinese semiconductor entities found to be diverting advanced computing chips through third-country intermediaries. New license requirements affect i…

    Read a full sample brief →