GitHub Copilot holds a TISAX certification, which is an information security assessment standard used in the automotive industry to evaluate suppliers and service providers.
This analysis describes what GitHub's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
TISAX certification indicates that GitHub Copilot has been assessed against the VDA ISA (Verband der Automobilindustrie Information Security Assessment) standard, which is required by many automotive manufacturers for their supply chain technology vendors.
Interpretive note: TISAX results are not publicly disclosed; the Trust Center lists the certification but the specific assessment level, scope, and ENX result identifier are not visible on this page, requiring direct verification through the ENX portal.
Enterprise customers in the automotive sector or automotive supply chain who require TISAX-certified vendors can reference this certification when evaluating GitHub Copilot for use in automotive-related development workflows.
Cross-platform context
See how other platforms handle TISAX Certification Disclosure and similar clauses.
Compare across platforms →Monitoring
GitHub has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"TISAX— Excerpt from GitHub's GitHub Copilot Business Privacy Statement
(1) REGULATORY LANDSCAPE: TISAX is administered by ENX Association and is based on the VDA ISA standard. It is not a government regulation but is contractually required by many major automotive OEMs (original equipment manufacturers) in their supplier agreements. It maps to ISO 27001 and is relevant to organizations subject to automotive sector data protection and security requirements in Germany and the broader EU automotive supply chain. (2) GOVERNANCE EXPOSURE: Low for non-automotive organizations. Medium for automotive sector enterprises where TISAX is contractually mandated by OEM customers. The governance consideration is confirming the specific TISAX assessment level and scope applicable to GitHub Copilot. (3) JURISDICTION FLAGS: Primarily relevant to Germany-based enterprises and EU automotive supply chain participants. TISAX results are shared through the ENX portal on a controlled basis; unlike ISO certifications, TISAX results are not publicly disclosed and must be shared directly between assessed companies and their customers. (4) CONTRACT AND VENDOR IMPLICATIONS: Automotive sector procurement teams should request the TISAX result identifier from GitHub to verify the assessment level, scope, and validity period through the ENX portal. This is distinct from other certifications listed on the Trust Center, as TISAX results require ENX portal access to verify. (5) COMPLIANCE CONSIDERATIONS: Compliance teams in the automotive sector should confirm that the TISAX assessment scope covers the specific GitHub Copilot workflows and data types used in their automotive development environment. They should also verify the assessment level matches their OEM customer contractual requirements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
TISAX certification indicates that GitHub Copilot has been assessed against the VDA ISA (Verband der Automobilindustrie Information Security Assessment) standard, which is required by many automotive manufacturers for their supply chain technology vendors.
Enterprise customers in the automotive sector or automotive supply chain who require TISAX-certified vendors can reference this certification when evaluating GitHub Copilot for use in automotive-related development workflows.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by GitHub.