Governing the Supply Chain: AI and Cyber Risk Beyond Your Perimeter

Both the EU AI Act and EU cybersecurity laws place significant responsibilities on companies and institutions for the conduct of their vendors, suppliers and technology partners. For privacy and compliance professionals, this means supply chain governance is no longer limited to contractual safeguards. It demands active oversight of third-party AI systems and cybersecurity postures alike. This panel draws on the perspectives of a European regulatory agency, a global technology company, an international law firm and the policy community to address how companies and institutions can practically assess, monitor and manage AI and cybersecurity risks that originate outside their own walls. Panelists will discuss due diligence strategies for AI procurement, aligning vendor management with cybersecurity supply chain security requirements, and navigating the tension between regulatory expectations and commercial realities. Attendees will gain concrete tools for building third-party governance programs that hold up under regulatory scrutiny.

What you will learn: 

• How to conduct meaningful due diligence on third-party AI systems and vendors, including what to ask, what to require contractually and what red flags to watch for. 
• Practical methods for aligning AI procurement governance with cybersecurity supply chain security obligations to create a unified third-party risk management framework. 
• How regulators are likely to assess company or institutional accountability for supply chain failures, and what governance documentation and oversight they expect.