As software supply chain attacks continue to evolve, regulators are demanding more than just visibility — they expect verifiable control and accountability. This session explores how large-scale cloud environments can go beyond surface-level SBOM compliance to implement scalable, auditable third-party risk management frameworks that align with emerging legislation such as the Cyber Resilience Act, NIS2, and the EU AI Act.

Drawing from practical experience across EU markets, we’ll walk through how to map compliance obligations to technical controls, what it takes to validate supplier assurances, and why Zero Trust and AI governance must now intersect with supply chain strategy.

Attendees will gain insight into how a multi-region cloud provider is adapting security posture, evidence models, and contractual frameworks to meet the next generation of regulatory scrutiny.