IN Brief:
- Cross-stack coalition launched at the Munich Security Conference to align security principles.
- Five principles cover governance, secure development, supplier oversight, open ecosystems, and data protection.
- Commitments include contractually binding supplier assurances and room for independent assessment.
A new industry coalition, the Trusted Tech Alliance, has been formed to align security and transparency principles across the global technology supply chain, spanning the stack from semiconductors and connectivity through cloud infrastructure, software platforms, and AI.
The alliance was announced at the Munich Security Conference, initially naming 15 signatories across Africa, Asia, Europe, and North America. The group subsequently added ASML, taking the signatory list to 16. The roster includes Anthropic, ASML, AWS, Cassava Technologies, Cohere, Ericsson, Google Cloud, Hanwha, Jio Platforms, Microsoft, Nokia, Nscale, NTT, Rapidus, Saab, and SAP, reflecting an attempt to cover both foundational infrastructure and the application-layer systems now embedded in industrial operations.
The coalition has published five principles intended to define what it means to operate as a “trusted” technology provider. These cover transparent corporate governance and ethical conduct; operational transparency, secure development, and independent assessment; robust supply chain and security oversight; an open, cooperative, inclusive, and resilient digital ecosystem; and respect for the rule of law and data protection.
The alliance’s stated commitments include using contractually binding security and quality assurances with suppliers, holding upstream providers to strong global security standards, and supporting independent assessment alongside internal compliance processes. In effect, it is a bid to standardise expectations for how security controls and assurance artefacts should look when technology components are sourced across borders and assembled into critical systems.
Ericsson’s President and CEO, Börje Ekholm, stated the approach is a cross-company necessity: “No single company or a country can build a secure and trusted digital stack alone. Rather, trust and security can only be achieved together.” The line is aimed at a market reality that technology stacks increasingly mix hardware, firmware, cloud services, and AI tooling sourced from multiple jurisdictions, with vulnerabilities often introduced at the seams between suppliers.
Microsoft’s Vice Chair and President, Brad Smith, put the emphasis on verifiable operating principles rather than supplier nationality: “Based not on the nationality of the provider but on shared commitments to customers, this Alliance brings together leading companies around clear, verifiable principles that show technology can be secure, reliable, and responsibly operated wherever it is deployed.” That message is likely to resonate with multinational operators that are being asked to prove due diligence, not just declare it, as regulations tighten around critical infrastructure, data residency, and third-party risk.
The coalition says it will continue to expand its community and shape shared approaches that support national and international efforts to strengthen sovereignty, resilience, and competitiveness. The immediate measure of traction will be whether the principles translate into usable supplier language, audit frameworks, and assessment mechanisms that procurement teams can apply consistently across cloud, AI, connectivity, and semiconductor sourcing.
