Vendor Scorecard

We have contacted the vendors listed below to confirm the scope of public disclosure. Initial outreach dates are noted for transparency.

Specific incident details are not disclosed; however, we provide independent guidance on compliance, governance, and systemic risk.

OpenAI

Initial Contact

28-10-2025

Days since initial report

Attempts

~27

Status

--------------------------------

Escalated to OAIC on 10-12-2025

No response received as of 03/02/2026

--------------------------------

Escalated to ACCC on 29-01-2026

Advised concerns raised fall outside laws administered by ACCC on 03/02/2026. Further information requested.

--------------------------------

Linkedin message from Global Startups lead on 06-02-2026

Responded with summary of issues

Risk Tiers

Risk Category	Tier
Technical Security	CRITICAL
Privacy & Data Protection	CRITICAL
Safety & Human Harm	CRITICAL
Governance & Compliance	CRITICAL
Enterprise Reputation	CRITICAL
Cross-Vendor Ecosystem	HIGH
Systemic / Long-Term	CRITICAL

Regulatory and Public Sector Frameworks

Online Safety Act 2021, Part 5
Privacy Act 1988 (APP 1, APP 6, APP 11)
Protective Security Policy Framework (PSPF)
ASD Information Security Manual (ISM)
ACSC Essential 8
GDPR Art. 5(1), 28, 32
UK GDPR / Data Protection Act 2018
CCPA / CPRA
Digital Services Act (EU)

Security Certifications and Assurance Signals

SOC 2 Type II
ISO/IEC 27001
ISO/IEC 27017
ISO/IEC 27018
ISO/IEC 27701
CSA STAR

Implication: The incident indicates a multi-standard compliance alignment failure, increasing regulatory exposure across AU, EU, and US jurisdictions.

Gemini
Initial Contact
11-12-2025, VRP raised on 15/12/2025
Days since initial report
—
Attempts
12+
Process Status
Awaiting VRP response (deadline: 14-02-2026).
Risk Tiers
        
          
              Risk Category
              Tier
            

          Technical SecurityCRITICAL
Privacy & Data ProtectionCRITICAL
Safety & Human HarmCRITICAL
Governance & ComplianceCRITICAL
Enterprise ReputationHIGH
Cross-Vendor EcosystemNOT REVIEWED
Systemic / Long-TermHIGH

        
      