The Trust Center discloses that GitHub Copilot holds TISAX certification, the Trusted Information Security Assessment Exchange standard used in the automotive industry.
This analysis describes what GitHub's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
TISAX certification is a prerequisite for many suppliers and service providers operating within the automotive sector supply chain; its disclosure indicates GitHub Copilot has undergone assessment under the VDA ISA (Information Security Assessment) framework administered by ENX Association.
Interpretive note: The specific TISAX assessment level achieved is not disclosed in the Trust Center; the operational significance of the certification depends on the assessment level, which requires verification through separate ENX portal access.
TISAX certification changed from text-only reference to badge-displayed format for improved visibility.
View full change record →This provision establishes that GitHub Copilot has achieved TISAX certification, which is relevant for organizations in the automotive sector that require TISAX-assessed vendors for information security compliance.
How other platforms handle this
Model cards should describe: Intended uses and out-of-scope uses. Potential biases and limitations. How the model was trained, including the training data and evaluation. Model architecture and parameters.
Political ads must comply with all applicable campaign and election laws for any location they target, including laws relating to political advertising disclaimers. Advertisers must have the required authorizations.
You must clearly state the following (or a substantially similar statement) on your site: '[Insert your name] is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to ...
Monitoring
GitHub has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"TISAX [badge displayed]— Excerpt from GitHub's GitHub Copilot Business Privacy Statement
(1) REGULATORY LANDSCAPE: TISAX is administered by the ENX Association and is based on the VDA Information Security Assessment framework. It is not a regulatory requirement per se but is widely required contractually in the automotive supply chain. It engages with ISO 27001 as its information security baseline. No single government enforcement authority governs TISAX compliance. (2) GOVERNANCE EXPOSURE: Low for organizations outside the automotive sector. Medium for automotive supply chain participants that contractually require TISAX-assessed vendors. (3) JURISDICTION FLAGS: TISAX is primarily relevant for organizations operating in the European automotive supply chain, including German OEMs and their tier-1 and tier-2 suppliers. Organizations outside this sector have limited exposure related to this certification. (4) CONTRACT AND VENDOR IMPLICATIONS: Automotive sector procurement teams should verify the TISAX assessment level achieved by GitHub (assessment levels range from 1 to 3, with differing data sensitivity scopes) to confirm alignment with their contractual requirements. The TISAX assessment results are not publicly available and must be accessed through the ENX portal by entitled participants. (5) COMPLIANCE CONSIDERATIONS: Organizations in the automotive sector should request confirmation of the specific TISAX assessment level and scope from GitHub and document this in vendor qualification records. The TISAX result should be refreshed periodically in accordance with ENX re-assessment schedules.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
TISAX certification is a prerequisite for many suppliers and service providers operating within the automotive sector supply chain; its disclosure indicates GitHub Copilot has undergone assessment under the VDA ISA (Information Security Assessment) framework administered by ENX Association.
This provision establishes that GitHub Copilot has achieved TISAX certification, which is relevant for organizations in the automotive sector that require TISAX-assessed vendors for information security compliance.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by GitHub.