Click on any item to navigate to that section.
Note: This report does not include page numbers as section breaks vary by browser and device.
NVIDIA Corporation is a publicly traded U.S. semiconductor company headquartered in Santa Clara, California, and incorporated in Delaware, designing and supplying graphics processing units, data center accelerated computing platforms, and AI infrastructure solutions that are foundational to the global technology industry. This report evaluates NVIDIA as a prospective integrated supplier or subcontractor, with deep operational involvement anticipated in the requester's technology processes, products, or client delivery obligations. The relationship type implies meaningful exposure to NVIDIA's export control compliance posture, cybersecurity practices, IP risk profile, and business continuity across a supply chain with structural concentration in Taiwan-based manufacturing.
Export control restrictions have structurally foreclosed NVIDIA's ability to compete in China's data center market, a material revenue constraint that a requester depending on NVIDIA's product roadmap or delivery capacity must factor into continuity planning. The U.S. Department of Justice launched an antitrust investigation into NVIDIA in 2024, issuing subpoenas, and the French Competition Authority conducted office raids and prepared formal charges alleging anticompetitive practices; these concurrent investigations constitute pending regulatory exposure that requires monitoring throughout the engagement lifecycle.
A securities class action lawsuit arising from alleged cryptocurrency mining disclosure failures was certified for class treatment in March 2026, creating unresolved financial and reputational exposure that remains active.
Multiple active copyright class action lawsuits, including one alleging NVIDIA knowingly sought pirated book datasets and scraped YouTube videos for AI model training, expose the requester to reputational association risk if these claims are substantiated.
NVIDIA depends almost entirely on TSMC for manufacturing of its most advanced chips, produced primarily in Taiwan, a geopolitically exposed location that represents a single-point-of-failure for the requester's operational continuity if cross-strait tensions escalate.
NVIDIA's exceptional financial health β with record full-year fiscal 2026 revenue of $215.9 billion, up 65% year-over-year, and record quarterly revenue of $68.1 billion β represents a positive indicator of financial stability and operational capability relevant to this integrated supplier relationship.
See the Risk Indicator Summary for section-level risk detail.
Sanctions Screening: No matches identified for NVIDIA Corporation or its key executives across screened databases
Regulatory Risk: Active β concurrent DOJ antitrust investigation with subpoenas issued; French competition authority investigation with charges pending; resolved SEC enforcement action (2022)
Adverse Media: Material β AI copyright litigation, chip smuggling diversion concerns, antitrust scrutiny across multiple jurisdictions
Financial Risk: Stable β record revenues, strong margins, no going concern indicators
β See Section-by-Section Risk Indicator Summary
Name: NVIDIA Corporation
Country: United States
Business Type: Publicly traded corporation (NASDAQ: NVDA)
Website: nvidia.com
Industry: Semiconductor design and manufacturing; artificial intelligence hardware and software
Headquarters: Santa Clara, California, United States
Known Locations: Santa Clara, California (global headquarters); Austin, Texas; Hillsboro, Oregon; Durham, North Carolina; Seattle, Washington; and additional U.S. research and engineering offices. International offices include Tel Aviv and Yokne'am, Israel (Mellanox Technologies operations); Taipei and Hsinchu, Taiwan; Shanghai and Beijing, China; Munich, Germany; Paris, France; London, United Kingdom; Amsterdam, Netherlands; Tokyo, Japan; Bangalore and Pune, India; Singapore; and numerous additional global sales and engineering offices across Europe, Asia-Pacific, and the Americas.
NVIDIA was incorporated in California in April 1993 and reincorporated in Delaware in April 1998, with headquarters in Santa Clara, California. The company is listed on the NASDAQ Global Select Market under the ticker symbol NVDA and is registered with the U.S. Securities and Exchange Commission under CIK 0001045810, with filings accessible through SEC EDGAR. Entity verification was confirmed through two independent Tier 1 sources: SEC EDGAR mandatory filings and the company's Delaware Certificate of Incorporation on file with the SEC. The name of the corporation, as filed with the SEC, is NVIDIA Corporation.
NVIDIA reports its business results in two segments: the Compute and Networking segment, which includes data center accelerated computing and networking platforms and AI solutions, and the Graphics segment, which includes GeForce GPUs for gaming and enterprise workstation graphics. The company is the dominant supplier of AI accelerator chips globally, with a market capitalization exceeding $4 trillion as of early 2026. No name ambiguity was identified in this research β the subject entity is unambiguously identified as NVIDIA Corporation, the publicly traded semiconductor company.
NVIDIA Corporation is a publicly traded Delaware corporation with no parent company.
Institutional investors collectively hold approximately 64β68% of NVIDIA's shares, with major institutional shareholders including Vanguard Group (approximately 8.7%), BlackRock (approximately 7.4%), Fidelity, State Street, and Geode Capital. As of March 24, 2025, Vanguard held 2,045,049,380 shares equal to 8.36% of the company, and BlackRock held 1,805,935,550 shares, or 7.38%. Jensen Huang held 922,922,938 shares, amounting to 3.77%.
No single shareholder holds a controlling interest. The company's ownership structure is transparent and consistent with its status as a large-cap publicly traded corporation. The significant subsidiaries of NVIDIA Corporation, all 100% owned, include Mellanox Technologies, Ltd. (incorporated in Israel), NVIDIA International, Inc. (Delaware, U.S.), and NVIDIA Singapore Pte Ltd (Singapore), as disclosed in SEC filings for fiscal year 2025.
Mellanox Technologies, Ltd., incorporated in Israel, is NVIDIA's most strategically significant subsidiary.
Mellanox has headquarters in Yokne'am and Sunnyvale, California, and is a maker of high-speed servers and storage switching solutions.
Israel is a jurisdiction with a functioning rule of law and robust regulatory framework (Tier 2), but operations there introduce geopolitical risk considerations given regional instability, potential impacts on workforce and facilities, and the reputational sensitivity of defense-adjacent technology research. No sanctions exposure specific to Israel was identified in the context of NVIDIA's Israeli operations. Mellanox's networking technology is deeply integrated into NVIDIA's data center and AI product stack, creating technical and operational dependency risk if Israeli operations were disrupted.
NVIDIA Singapore Pte Ltd operates in a well-regulated, Tier 1 jurisdiction. Singapore presents no material sanctions or geopolitical risk. The subsidiary's role is primarily as a regional holding and operational entity supporting Asia-Pacific business operations.
NVIDIA International, Inc. is a Delaware holding entity with no independent risk implications identified.
NVIDIA maintains extensive operational presence in China through offices and customer relationships, though as of the end of fiscal year 2026, NVIDIA was effectively foreclosed from competing in China's data center compute market due to export control restrictions. The Chinese operational footprint, while reduced in strategic impact, remains a compliance monitoring area given military-civil fusion concerns, Chinese data localization laws, and the risk of technology diversion through third-party channels. The U.S.-China Economic and Security Review Commission's 2025 annual report identified a significant gap between export controls, government enforcement, and corporate compliance programs as a national security vulnerability that adversarial actors are exploiting.
Jensen Huang co-founded NVIDIA in 1993 and has served as its President and CEO since inception, transforming the company from a graphics card manufacturer into a driving force behind AI and high-performance computing.
Huang is the company's largest individual shareholder,
holding 812.8 million shares based on a March 2026 SEC filing, representing approximately 3.3% of the company with a value of approximately $146 billion.
His dual role as founder, CEO, and significant shareholder creates a key person concentration that is material for any integrated supplier relationship. No adverse regulatory or criminal findings were identified for Jensen Huang personally across the databases searched.
Colette Kress joined NVIDIA in 2013 and serves as Executive Vice President and Chief Financial Officer, overseeing all financial planning, investor relations, accounting, tax, and corporate development.
Tim Teter serves as Executive Vice President, General Counsel, and Corporate Secretary, providing oversight of NVIDIA's legal and compliance functions. Additional senior executives include Ajay Puri (Executive Vice President, Worldwide Field Operations), Debora Shoquist (Executive Vice President, Operations), and Jeff Fisher (Senior Vice President, GeForce). The average tenure of NVIDIA's management team and board of directors is 16.7 years and 15.1 years respectively, indicating substantial institutional continuity and stability at the executive level.
NVIDIA streamlined its leadership structure in late 2025, reducing direct reports to CEO Jensen Huang from 55 to 36.
Board director Ellen Ochoa departed in August 2025 after six years of service, a routine governance change with no adverse compliance implications identified.
No adverse sanctions, debarment, or criminal findings were identified for any current key executive. The primary personnel risk is key person dependency on Jensen Huang, whose visibility, strategic direction, and dual roles as founder and CEO make him singularly important to the company's strategic identity.
This section reflects screening conducted across various sanctions, controls and watchlist databases. A complete list of these databases is provided in Appendix A. Individual databases are identified in this section only when a match or potential match is found. No listing means no matches for this entity were found.
IMPORTANT DISCLAIMER: This screening is based on open-source web research conducted at the time of report generation. FirstCheck.App does not directly query sanctions databases in real time. Sanctions listings change frequently. The requesting party must conduct independent direct screening against all applicable databases before entering into any business relationship or transaction. Reliance on this report without independent verification does not constitute a defense to sanctions violations.
SCREENING TIMESTAMP: List checks performed on May 26, 2026 at 01:51:43 PM UTC. Results: No matches were identified for NVIDIA Corporation or its key executives across the databases listed in Appendix A. NVIDIA Corporation is a U.S.-domiciled, publicly traded entity with no identified sanctions exposure on U.S. (OFAC SDN, BIS Entity List, SAM.gov), EU, UK HM Treasury, UN Security Council, or other applicable lists. No debarment, OIG exclusion, World Bank debarment, or Interpol Red Notice matches were identified for NVIDIA Corporation or its named senior executives. Identity verification was applied consistently; no name-only matches requiring disambiguation were identified.
SEC Enforcement Action (Resolved β 2022) The U.S. Securities and Exchange Commission announced a settlement against NVIDIA Corporation on May 6, 2022, for inadequate disclosures concerning the impact of cryptocurrency mining on the company's gaming business. The SEC fined NVIDIA $5.5 million, alleging that in back-to-back quarters in fiscal year 2018, NVIDIA failed to disclose that cryptocurrency mining was a "significant element" of its revenue growth from sales of chips designed for gaming.
NVIDIA did not admit or deny the SEC's findings, which included violations of Section 17(a)(2) and (3) of the Securities Act of 1933 and disclosure provisions of the Securities Exchange Act of 1934.
NVIDIA agreed to a cease-and-desist order and paid the penalty.
This matter is resolved and is presented as historical context.
DOJ Antitrust Investigation (Active) In August 2024, the U.S. Department of Justice launched an antitrust investigation into NVIDIA, focusing on allegations that the company was engaging in anticompetitive practices in the AI chip market where it holds over 80% market share. The DOJ sent subpoenas to NVIDIA after rivals raised concerns that NVIDIA promotes exclusive use of its chips, prioritizes customers that can immediately use its products, and that its acquisition of AI management firm Run:AI forecloses competition from rivals.
NVIDIA has publicly dismissed the claims, arguing that superior products are the reason for its success.
No charges have been filed, and the investigation was initiated under the prior administration. The current status under the Trump administration is undetermined based on publicly available information as of the report date; monitoring is warranted.
French Competition Authority Investigation (Active) The French antitrust authority plans to file charges against NVIDIA, accusing the company of engaging in anticompetitive practices β making France the first country to take such legal action against NVIDIA. The French Competition Authority had raided NVIDIA's local offices in September 2023 as part of an investigation into the graphics card sector. The AutoritΓ© de la Concurrence concluded its market study in June 2024, finding that NVIDIA is likely abusing its dominance through price fixing, production restrictions, unfair contractual conditions, and discriminatory behavior, and expressed concern over the AI industry's dependence on NVIDIA's CUDA programming software.
Companies violating French antitrust rules could face fines of up to 10% of their global annual revenue.
EU Commission Antitrust Inquiry
EU antitrust regulators sent questionnaires to NVIDIA rivals and customers asking whether the company bundles its products in ways that may give it an unfair advantage, in a move that may lead to a formal investigation.
NVIDIA was also reportedly the subject of an informal EU probe into suspected monopolistic practices in the AI chip sector.
No formal charges have been confirmed at the EU Commission level as of the report date.
Securities Class Action β Cryptocurrency Disclosure (Active)
Judge Gilliam granted lead plaintiffs' motion to certify the class on March 25, 2026 in the securities fraud class action arising from NVIDIA's alleged failure to disclose cryptocurrency mining revenue in 2017β2018.
A federal judge certified a class-action lawsuit against NVIDIA, alleging the company concealed over $1 billion in cryptocurrency mining revenue, with investors claiming NVIDIA's GeForce GPUs were significantly impacted by crypto market volatility despite the company downplaying these sales.
No judgment has been entered; the case proceeds to trial preparation.
NVIDIA is subject to extensive international media coverage, predominantly focused on its dominant position in AI and semiconductor markets. The adverse media landscape is material across several thematic areas.
Antitrust and Market Dominance
Competition authorities in the U.S., UK, EU, France, South Korea, and China have all launched inquiries into NVIDIA's business practices.
International wire services including Reuters, Bloomberg, and the Financial Times have extensively covered these investigations throughout 2024 and into 2025β2026. Coverage is consistent, corroborated across multiple independent outlets, and represents a sustained pattern of regulatory scrutiny rather than isolated incidents.
AI Training Data and Copyright On March 8, 2024, authors Abdi Nazemian, Brian Keene, and Stewart O'Nan filed a class-action lawsuit in the California federal district court against NVIDIA, alleging that their works were part of a dataset of nearly 197,000 books used to train NVIDIA's NeMo AI models.
An amended complaint alleged that NVIDIA willingly used an illegal source of pirated books to train its models, and specifically claimed that NVIDIA staff contacted a shadow library known as Anna's Archive. In November 2025, entities owning YouTube channels filed suit against NVIDIA in the U.S. District Court for the Northern District of California, alleging NVIDIA mass-scraped YouTube to train its Cosmos video AI model and citing internal communications published by 404 Media showing NVIDIA employees discussing the initiative.
These cases are actively litigated and have attracted significant coverage in technology and legal trade media.
Chip Diversion and Export Control Compliance The U.S.-China Economic and Security Review Commission's 2025 annual report found a significant gap between export controls and corporate compliance programs, creating a national security vulnerability that adversarial actors are exploiting, and warned that China is quickly developing AI capabilities powered by smuggled American-made components.
Coverage in outlets including Fortune has examined the role of NVIDIA chips in smuggling networks, noting that NVIDIA has conducted facility spot-checks but that structural enforcement gaps persist in third-party distribution channels.
Employee Sentiment and Workforce
Employee review platforms and technology media indicate no pattern of significant workforce instability. Multiple current employee reviews note no active layoffs and competitive compensation. NVIDIA has been notable among major technology companies for maintaining workforce stability during industry-wide downcycles.
NVIDIA's financial position is exceptional by any measure applicable to an integrated technology supplier relationship.
NVIDIA reported record full-year fiscal 2026 revenue of $215.9 billion, up 65% year-over-year, and record quarterly revenue of $68.1 billion for the fourth quarter of fiscal 2026, up 73% from a year ago. For fiscal 2026, GAAP and non-GAAP gross margins were 71.1% and 71.3% respectively. For the first quarter of fiscal 2027 (ended April 26, 2026), NVIDIA reported record revenue of $81.6 billion, up 85% from a year ago, and record Data Center revenue of $75.2 billion, up 92% year-over-year.
Revenue growth was led by the Compute and Networking segment generating $193.5 billion, a 67% year-over-year increase, with Data Center Compute revenue growing 59% and Data Center Networking revenue surging 142%. The company maintains strong cash generation and an investment-grade financial profile. No bankruptcy filings, going concern warnings, material credit downgrades, or payment default indicators were identified. The primary financial risk dimension for this relationship is not counterparty default but revenue concentration risk.
NVIDIA's own SEC disclosures acknowledge that a significant amount of its revenue stems from a limited number of partners and distributors, and that revenue could be adversely affected if it loses or is prevented from selling to any of these end customers. In April 2025, NVIDIA was informed by the U.S. government that a license is required for exports of its H20 products to China, resulting in a $4.5 billion charge in the first quarter of fiscal 2026 associated with H20 excess inventory and purchase obligations.
This episode illustrates that sudden export control changes can create material, immediate financial impacts, though NVIDIA's overall financial resilience absorbed this charge without material impairment.
NVIDIA's primary jurisdiction of incorporation and operation is the United States, a Tier 1 jurisdiction with strong rule of law, a robust regulatory framework, and low systemic corruption. The principal geopolitical risk affecting this relationship is not jurisdictional to NVIDIA's incorporation but to its manufacturing supply chain.
NVIDIA depends almost entirely on a single foundry, TSMC, for its most advanced and profitable chips, and those chips are produced primarily in Taiwan, a geopolitically exposed location.
Taiwan produces over 90% of the world's cutting-edge chips, and 2025 brought a spike in Chinese military drills, pressure, and uncertainty, making that single point of failure more acute.
Any material disruption to TSMC's Taiwan operations β whether through military conflict, political coercion, natural disaster, or regulatory action β would directly impair NVIDIA's ability to supply advanced GPUs and AI accelerators, with immediate consequences for any requester operating as an integrated technology partner. In April 2025, the Trump administration banned chips previously deemed compliant with export rules as it ramped up tariffs and technology restrictions on Beijing, and then three months later reversed course, indicating that licenses for the H20 would be approved.
This pattern of rapid, unpredictable policy reversal is material to delivery planning and contractual commitments in an integrated supplier relationship.
Competition authorities in the U.S., UK, EU, France, South Korea, and China have all launched inquiries into NVIDIA's business practices, reflecting a structural geopolitical dimension to NVIDIA's regulatory environment that transcends any single jurisdiction.
Jurisdictional Tier: 1 - United States; strong rule of law, robust regulatory framework, transparent judiciary, low systemic corruption
a) EXPORT CONTROLS
The export controls applicable to China are complex, addressing parameters including total processing performance, performance density, interconnect bandwidth, and memory bandwidth of a chip. Under current rules and the geopolitical landscape, NVIDIA is unable to create and deliver a competitive product for China's data center market that receives approval from both the U.S. government and the Chinese government.
This is a confirmed, ongoing operational constraint disclosed in NVIDIA's SEC annual report for fiscal year 2026. NVIDIA's H100, H200, and Blackwell GPU lines remain subject to export licensing requirements to restricted Tier 3 countries including China, Russia, Iran, and North Korea. In April 2025, NVIDIA was informed by the U.S. government that a license is required for exports of its H20 products to the China market, representing a mid-cycle regulatory change that had not been anticipated in product planning. No confirmed BIS Entity List listing, denial order, or export license revocation was identified for NVIDIA Corporation itself. No active BIS enforcement action specifically against NVIDIA was identified in publicly available records. The chip diversion risk is material from a requester perspective.
NVIDIA has stated that it conducts repeated visits to customer facilities and spot-checks consistent with its practice to verify GPU deployment locations. However the structural gap between export controls and enforcement capacity identified by the U.S.-China Economic and Security Review Commission means that NVIDIA's technology may be reaching restricted jurisdictions through third-party intermediaries, a risk that flows down to any requester whose operations involve NVIDIA-derived technology in export-sensitive contexts.
b) SANCTIONS SCREENING
No OFAC SDN listing, Sectoral Sanctions Identifications (SSI) listing, or equivalent match was identified for NVIDIA Corporation. NVIDIA is a U.S.-domiciled entity and is not owned or controlled by sanctioned parties. As detailed in Section 4, no sanctions matches were identified. The principal sanctions-adjacent risk for this relationship is technology diversion: NVIDIA's advanced GPUs are subject to export controls restricting transfer to sanctioned or embargoed jurisdictions, and the requester must assess its own downstream obligations if NVIDIA hardware or technology is incorporated into products or services that could reach restricted end-users.
c) DATA PRIVACY
No confirmed GDPR enforcement action, CCPA enforcement action, or data protection authority fine was identified targeting NVIDIA Corporation directly in available public records.
NVIDIA's information security management program generally follows processes outlined in the ISO 27001 framework, and the company evaluates and evolves its security measures as appropriate, per its SEC disclosures.
A threat actor claimed to have breached GeForce NOW and stolen user records; however, NVIDIA clarified that its own systems were not affected and the issue was isolated to a third-party GeForce NOW Alliance partner in Armenia.
This incident illustrates residual third-party data risk in NVIDIA's partner ecosystem but does not represent a confirmed breach of NVIDIA's own infrastructure.
A lawsuit filed in December 2025 alleges that NVIDIA allows cookies and tracking tools to monitor online visitors' browsing activity even if they click 'decline all.'
This litigation is pending and unresolved. Given the integrated supplier relationship type, the requester should assess NVIDIA's data processing practices specifically in connection with any shared systems, customer data, or proprietary information that NVIDIA may access.
d) CFIUS/FOREIGN INVESTMENT
No CFIUS review, adverse CFIUS finding, or foreign government ownership concern was identified for NVIDIA Corporation. NVIDIA is a U.S.-domiciled, publicly traded corporation with no identified state-owned enterprise ownership. The company does not appear to have undergone adverse CFIUS review in available public records. NVIDIA's role as a supplier of AI and semiconductor technology to U.S. government-adjacent customers and defense-sector commercial customers means that any foreign investment in or acquisition of NVIDIA would likely trigger CFIUS review, but no such transaction is identified as pending.
e) IP & TRADE SECRETS
Authors filed class-action lawsuits in March 2024 alleging that their works were part of a dataset of nearly 197,000 books used to train NVIDIA's NeMo AI models without authorization.
An amended complaint further alleged that NVIDIA staff knowingly sought pirated books from shadow library sources, including Anna's Archive. In November 2025, entities owning YouTube channels filed suit alleging NVIDIA mass-scraped millions of YouTube videos in violation of DMCA anti-circumvention provisions to train its Cosmos AI model, citing internal communications as evidence.
These cases are active, unresolved, and represent material IP compliance risk. For the integrated supplier relationship, the requester must assess whether NVIDIA's AI model outputs, tools, or platforms incorporated into the requester's own products or delivery obligations carry embedded copyright infringement risk that could expose the requester to secondary liability or reputational harm.
f) CYBERSECURITY
In February 2022, the data extortion group Lapsus$ claimed to have stolen approximately 1TB of data from NVIDIA's network.
This was a significant confirmed breach of NVIDIA's own infrastructure.
A critical vulnerability (CVE-2024-0132) in NVIDIA's Container Toolkit was identified in 2024, with an incomplete patch disclosed in April 2025; successful exploitation could lead to unauthorized access to sensitive host data and theft of proprietary AI models or intellectual property, affecting organizations using NVIDIA Container Toolkit or Docker in AI, cloud, or containerized environments.
NVIDIA's SEC disclosures indicate that the company has in place infrastructure, systems, policies, and procedures designed to proactively and reactively address cybersecurity incidents, and that its information security management program generally follows processes outlined in the ISO 27001 international standard.
No SOC 2 Type II attestation for NVIDIA's core enterprise systems was confirmed in publicly accessible sources, which is a gap that should be addressed through direct inquiry for any integrated supplier relationship involving access to the requester's systems or data.
g) GOVERNMENT CONTRACTS
NVIDIA is not primarily a U.S. government contractor in the traditional FAR/DFARS sense, though its products and platforms are procured by U.S. government agencies and defense contractors as commercial off-the-shelf technology. No SAM.gov debarment, CMMC certification, or FedRAMP authorization specific to NVIDIA was identified in publicly available records. No confirmation of FedRAMP status, DFARS compliance posture, or CMMC certification level was found through open-source research; these elements should be addressed through direct inquiry if the requester has government contract flow-down obligations. No government contract suspension or debarment was identified.
h) AI/EMERGING TECH
NVIDIA is the dominant supplier of hardware and software infrastructure for generative AI globally. The French Competition Authority's June 2024 market study expressed concern over the AI industry's dependence on NVIDIA's CUDA programming software as the only system totally compatible with GPUs that have become crucial for accelerated computing.
This lock-in dynamic has attracted regulatory attention across multiple jurisdictions as detailed in Sections 5 and 6.
NVIDIA has not been subject to a confirmed AI ethics enforcement action, algorithmic bias finding, or facial recognition controversy in publicly available records. The company's AI safety and ethics posture was not the subject of material adverse media beyond the copyright training data litigation discussed above. Autonomous driving systems under the NVIDIA DRIVE platform are subject to evolving regulation but no confirmed enforcement actions were identified.
a) QUALITY & MANAGEMENT SYSTEMS
No confirmed ISO 9001, ISO 45001, ISO 14001, or ISO 22301 certification for NVIDIA Corporation was identified through publicly available sources. NVIDIA publishes an annual Sustainability Report addressing environmental management and occupational health practices, but formal ISO certification status for these standards is not publicly disclosed. Absence of public certification information does not necessarily indicate non-compliance for a company of NVIDIA's operational scale, but independent confirmation should be sought for any integrated supplier relationship that requires quality management assurance.
b) INFORMATION SECURITY
NVIDIA's SEC disclosures state that its information security management program generally follows processes outlined in the ISO 27001 international standard for information security.
This represents a stated alignment with the standard, but no confirmed third-party ISO 27001 certification issued by an accredited certification body was identified in publicly available sources. No SOC 2 Type I or Type II attestation for NVIDIA's enterprise information security systems was identified through open-source research. The requester should request current certification documentation directly, particularly given the integrated nature of the contemplated relationship and likely access to requester systems and proprietary data.
c) INDUSTRY-SPECIFIC CERTIFICATIONS
No confirmed PCI-DSS, HIPAA, or HITRUST certification was identified. NVIDIA's DGX Cloud and AI Enterprise services operate under commercial cloud service agreements that include data processing addenda, but formal compliance certifications specific to these offerings were not confirmed through available public sources. As noted in Section 9(g), CMMC and FedRAMP status require direct inquiry.
d) PROFESSIONAL ACCREDITATIONS & MEMBERSHIPS
NVIDIA is a member of major industry bodies including the Semiconductor Industry Association (SIA) and participates in standards bodies relevant to its products. NVIDIA holds numerous active patents and maintains membership in academic and professional partnerships supporting AI research. No BBB accreditation or adverse BBB record was identified.
e) CERTIFICATION CURRENCY
No formal certifications with confirmed issuance dates were identified through open-source research. ISO 27001 alignment is stated in SEC filings; formal certification currency is Undetermined. SOC 2 attestation status is Undetermined. Quality management (ISO 9001) certification status is Undetermined. The requester should request current certification documentation as a condition of onboarding.
a) SELF-DEALING
No confirmed instances of self-dealing by NVIDIA management or owners were identified in publicly available records.
Derivative actions pending in U.S. District Court for the District of Delaware allege breach of fiduciary duty, unjust enrichment, insider trading, and misappropriation of information by NVIDIA and certain officers related to channel inventory and cryptocurrency mining GPU demand.
These are pending shareholder derivative claims without confirmed judgment; they are not confirmed findings of self-dealing.
b) RELATED PARTY TRANSACTIONS
NVIDIA's SEC filings disclose related party transaction policies consistent with standard public company governance requirements. No specific non-arm's-length related party transactions creating compliance concerns were identified beyond those disclosed in routine proxy filings.
c) GOVERNANCE CONCERNS
Jensen Huang's combined roles as co-founder, President, CEO, and largest individual shareholder create an inherent concentration of authority.
NVIDIA's governance practices include regular stockholder outreach, annual director elections, and independent board leadership.
Institutional investors have raised governance concerns through shareholder proposals;
Trillium Asset Management sought shareholder support in 2025 for a proposal requesting that NVIDIA enhance workforce public reporting to include gender and race data across EEOC-defined job categories. The Board recommended a vote against this proposal. This represents an ESG governance friction point but not a material compliance violation.
d) OWNERSHIP CONFLICTS
No undisclosed beneficial ownership relationships or competing ownership interests among key executives were identified. CEO Jensen Huang's equity interest aligns his financial incentives with shareholder value, reducing agency conflict risk.
e) RELATIONSHIP-SPECIFIC CONCERNS
NVIDIA's dominant market position means that the requester's dependence on NVIDIA as an integrated supplier could limit the requester's negotiating leverage, ability to switch suppliers, and access to pricing transparency. This commercial dependency risk β highlighted by competition regulators globally β is a structural feature of the NVIDIA supplier relationship that the requester should factor into contract terms, including pricing stability provisions and technology access continuity protections.
a) PARENT COMPANY NVIDIA
Corporation has no parent company. It is an independent publicly traded entity.
b) SUBSIDIARIES
The significant subsidiaries of NVIDIA Corporation as of January 26, 2025, all 100% owned, are Mellanox Technologies, Ltd. (Israel), NVIDIA International, Inc. (Delaware, U.S.), and NVIDIA Singapore Pte Ltd (Singapore).
NVIDIA also operates through numerous additional wholly owned subsidiaries globally that are not individually significant for SEC reporting purposes.
c) AFFILIATES & JOINT VENTURES
Recent acquisitions integrated into the NVIDIA operating structure include Run (AI and machine learning optimization, April 2024), Deci AI (AI model deployment, April 2024), and Shoreline.io (cloud management, June 2024).
No material active joint ventures with third parties that create compliance risk for the requester were identified. NVIDIA has made strategic minority investments in various AI-focused cloud service providers, including CoreWeave, which has been cited by competition regulators as a potential conflict of interest concern in the context of the antitrust investigations discussed in Section 5.
d) SIGNIFICANT SHAREHOLDERS
As of March 2025, Vanguard held 8.36%, BlackRock held 7.38%, and Jensen Huang held 3.77% of outstanding shares. A Vanguard Schedule 13G filed in January 2026 reported beneficial ownership rising to 9.32% as of December 31, 2025.
No shareholder holding 10% or more of outstanding shares was identified. No state-owned enterprise, sanctioned party, or foreign government entity with material ownership stake was identified.
NOTE: This section identifies structural relationships only. All risk findings in this report pertain exclusively to NVIDIA Corporation and not to related entities unless explicitly noted.
13a) Litigation & Legal Exposure
The primary securities class action against NVIDIA asserts claims under Sections 10(b) and 20(a) of the Securities Exchange Act of 1934 on behalf of investors who purchased NVIDIA stock between May 10, 2017, and November 14, 2018. The class was certified on March 25, 2026, with the case proceeding toward trial.
This is a Tier 1-confirmed proceeding in U.S. federal court. The class action alleges the company concealed over $1 billion in cryptocurrency mining revenue.
No judgment has been entered.
Pending derivative actions filed in U.S. District Court for the District of Delaware and in the Court of Chancery of the State of Delaware allege breach of fiduciary duty, unjust enrichment, insider trading, and misappropriation of information by NVIDIA and certain officers related to channel inventory and cryptocurrency mining GPU demand.
These are ongoing shareholder derivative proceedings without confirmed findings. The AI copyright class actions described in Sections 6 and 9(e) β including the book scraping and YouTube scraping lawsuits β are active in the U.S. District Court for the Northern District of California. No judgment has been entered in any of these matters.
An additional lawsuit filed in December 2025 alleges NVIDIA tracks online visitors' browsing activity despite explicit opt-out selections. The pattern of concurrent litigation across securities disclosure, AI training data copyright, and privacy categories represents a broad legal exposure portfolio. No confirmed criminal convictions, consent decrees, injunctions, or Corporate Integrity Agreements were identified. No evidence of a serial litigation pattern as plaintiff was identified; NVIDIA's litigation posture is primarily defensive.
13b) Technology, IP & Data Risk
In February 2022, the Lapsus$ data extortion group claimed to have stolen 1TB of data from NVIDIA's network and leaked a 20GB archive containing data stolen from NVIDIA's systems and employee password hashes.
This is a confirmed historical breach of NVIDIA's internal infrastructure. No recurrence of equivalent severity has been identified in publicly available sources since 2022.
A critical vulnerability in NVIDIA's Container Toolkit (CVE-2024-0132) was disclosed, with an incomplete patch noted in April 2025; successful exploitation could lead to unauthorized access to sensitive host data and theft of proprietary AI models.
This vulnerability is material for any requester operating AI workloads using NVIDIA's container infrastructure. The AI training data copyright lawsuits present IP contamination risk for integrated partners.
If NVIDIA bypassed technical access controls to obtain YouTube content, the question of whether training on that content constitutes fair use becomes secondary, as unlawful access cannot be defended through fair use.
If NVIDIA's AI models incorporate infringing training data and the requester uses NVIDIA's AI tools in its own products or service delivery, downstream IP liability exposure warrants legal assessment.
No OFAC cybersecurity nexus β entity involvement in cyber-enabled sanctions evasion β was identified. Export-controlled technology classification for NVIDIA's products is addressed in Section 9(a).
13c) Reputational & Media Coverage
NVIDIA's media coverage volume over the 24-month lookback period (May 2024 β May 2026) is extraordinary in scale and predominantly positive in tone, driven by its position at the center of the global AI investment cycle. Adverse coverage is concentrated in four thematic areas: antitrust and market power, AI training data practices, chip diversion and export compliance, and governance.
NVIDIA has received antitrust scrutiny from international authorities, including the French Competition Authority and a 2003 European Commission investigation into an acquisition, and China launched an antitrust probe into NVIDIA's 2019 acquisition of Mellanox for $7 billion. The breadth of multi-jurisdictional regulatory attention is itself a reputational signal that the company's market practices invite sustained public and regulatory scrutiny. The AI training data allegations β particularly the shadow library and YouTube scraping claims β have received coverage in major technology media outlets and international wire services. No consumer product recall, safety incident, or public consumer safety alert was identified. Glassdoor employee sentiment data indicates no pattern indicating internal dysfunction or leadership failures; employee reviews note absence of layoffs and positive compensation practices.
No confirmed executive misconduct, personal scandal, or public controversy involving CEO Jensen Huang or other named senior executives was identified beyond their roles in the disclosed litigation and regulatory proceedings.
13d) Geopolitical & Regulatory Risk
NVIDIA operates across all major global markets, with material exposure to U.S.-China trade tensions, European regulatory activism, and Taiwan manufacturing concentration risk β all addressed in detail in Section 8 and Section 9(a).
Approximately 20 countries, including China, Russia, Iran, North Korea, and Sudan, are classified as Tier 3 (prohibited) destinations for NVIDIA's advanced GPU exports. The requester must ensure that no component of its engagement with NVIDIA involves facilitation of technology transfer to these jurisdictions, even indirectly through legitimate intermediary markets. As of January 2026, a new regulation permitting the sale of advanced AI chips to China codified a major policy change, loosening restrictions on the export of NVIDIA H200 chips which had previously been banned for export to China, while acknowledging that exporting advanced AI chips to China poses serious national security risks.
This regulatory volatility requires active monitoring by any organization with contractual obligations dependent on NVIDIA's China-related product availability.
NVIDIA operates in no FATF black-listed jurisdiction through its primary legal structure. The Israeli subsidiary (Mellanox) operates in a region with elevated geopolitical risk, but Israel itself is not subject to U.S. or multilateral sanctions. No evidence of foreign government ownership or significant state influence over NVIDIA was identified. NVIDIA does not appear on the U.S. Department of Commerce's Military End User list or equivalent restricted lists.
13e) Compliance Vulnerability
The SEC's May 2022 enforcement action against NVIDIA for inadequate disclosures resulted in a cease-and-desist order and a $5.5 million penalty, which NVIDIA paid.
This matter is resolved. The cease-and-desist order remains relevant as a marker of prior disclosure compliance failure; any new investor disclosure violations would carry elevated enforcement risk given this precedent. In September 2024, the DOJ escalated its scrutiny by sending NVIDIA a subpoena seeking evidence as to whether the company violated antitrust laws.
No consent decree, compliance monitorship, or Corporate Integrity Agreement has been entered as a result of any investigation; all antitrust investigations remain in the pre-charge or pre-filing stage.
No OIG exclusion, SAM.gov debarment, or World Bank debarment was identified. No voluntary self-disclosure history to regulatory agencies was identified in publicly available records. No regulatory license revocation or suspension was identified. The compliance vulnerability profile is characterized by a resolved SEC action, concurrent active antitrust investigations across multiple jurisdictions, and active litigation in multiple substantive areas β a portfolio that is elevated but does not yet reflect confirmed systemic compliance program failure.
| SECTION | RISK INDICATOR |
|---|---|
| 1. ENTITY INFORMATION | GreenEntity positively identified through multiple Tier 1 sources; no ambiguity in entity identity |
| 2. OWNERSHIP & STRUCTURE | YellowMellanox Technologies Israel subsidiary introduces geopolitical continuity considerations; Chinese market exposure creates ongoing diversion monitoring obligations despite operational foreclosure; no sanctions exposure identified at subsidiary level |
| 3. KEY PERSONNEL | YellowKey person dependency risk concentrated in CEO Jensen Huang; management tenure is strong; no adverse personnel findings identified |
| 4. SANCTIONS & CONTROLS SCREENING | GreenNo sanctions matches identified for NVIDIA Corporation or its key executives across screened databases as of screening date |
| 5. REGULATORY & LEGAL | OrangeActive DOJ antitrust investigation with subpoenas issued; active French competition authority with formal charges pending; active certified securities class action; resolved SEC enforcement action presented as historical context |
| 6. ADVERSE MEDIA | OrangeMaterial adverse media identified across multiple independent Tier 2 sources; antitrust scrutiny is multi-jurisdictional and ongoing; AI training data litigation represents active reputational exposure; chip diversion concerns are structurally embedded |
| 7. FINANCIAL ASSESSMENT | GreenExceptional financial health; record revenues; strong margins; no going concern indicators; export control charges material but absorbed without structural impairment |
| 8. GEOPOLITICAL RISK | OrangeTaiwan manufacturing concentration creates critical single-point supply chain disruption risk; U.S.-China export control policy volatility represents active continuity risk for integrated delivery relationships; multi-jurisdictional antitrust inquiries add regulatory environment uncertainty |
| 9. INDUSTRY-SPECIFIC RISKS (Technology) | OrangeActive export licensing restrictions on China market; H20 mid-cycle licensing requirement imposed April 2025; chip diversion risk identified by U.S. government commission; no BIS Entity List listing confirmed for NVIDIA |
| 10. CERTIFICATIONS & ACCREDITATIONS | Insufficient DataISO 27001 alignment stated in SEC filings but third-party certification and SOC 2 attestation not publicly confirmed; direct inquiry required for certifications relevant to integrated supplier relationship |
| 11. CONFLICTS OF INTEREST | YellowPending shareholder derivative actions alleging governance failures (no judgment); ESG workforce disclosure concerns raised by institutional shareholders; CEO concentration of authority is structural; no confirmed self-dealing findings |
| 12. RELATED & ASSOCIATED ENTITIES | GreenNo parent company; significant subsidiaries in low-risk jurisdictions (Delaware, Singapore) and one moderate-risk jurisdiction (Israel); no sanctioned or state-owned enterprise ownership identified; no concentration ownership concerns |
| 13. AREAS OF SPECIAL INTEREST | OrangeActive certified securities class action with no judgment; active AI copyright class actions with no judgment; concurrent derivative proceedings; no confirmed judgments or consent decrees |
Key Risk Factors:
β’ Active DOJ antitrust investigation with subpoenas issued; formal antitrust charges being prepared by the French Competition Authority.
β’ Taiwan manufacturing concentration through TSMC creates a single-point supply chain disruption risk for integrated technology delivery.
β’ Multiple active AI copyright class actions alleging unauthorized and potentially pirated training data for NVIDIA's AI models.
β’ Rapid, unpredictable U.S.-China export control policy reversals have caused material mid-cycle product restrictions affecting NVIDIA's product availability.
β’ Securities class action certified in March 2026 arising from cryptocurrency disclosure failures, with unresolved financial exposure.
β’ CEO Jensen Huang represents a key person dependency; strategic direction and company identity are closely associated with a single individual.
β’ Critical vulnerability (CVE-2024-0132) in NVIDIA Container Toolkit disclosed with incomplete patch; relevant for requester AI infrastructure environments.
β’ Chip diversion through third-party intermediaries to restricted jurisdictions represents an export compliance risk flowing through the supply chain.
β’ Mellanox Technologies Ltd. (Israel subsidiary) introduces regional geopolitical continuity risk for NVIDIA's networking product stack.
β’ Exceptional financial strength ($215.9 billion FY2026 revenue, 71% gross margins) indicates no counterparty default or going-concern risk.
Recommendations:
1. Conduct direct inquiry with NVIDIA to confirm current ISO 27001 certification status, SOC 2 Type II attestation, and any applicable CMMC or FedRAMP authorizations before formalizing the integrated supplier relationship.
2. Incorporate export control compliance flow-down provisions in all contractual agreements, including representations regarding product end-use, end-user screening, and diversion prevention obligations, given NVIDIA's documented exposure to chip diversion risks.
3. Obtain legal assessment of downstream IP liability exposure arising from NVIDIA's AI model training data litigation before deploying NVIDIA AI tools or model outputs in the requester's own products or client deliverables.
4. Establish contract provisions addressing business continuity planning for a Taiwan manufacturing disruption scenario, including lead time commitments, inventory buffer obligations, and notification requirements.
5. Insert contractual provisions requiring NVIDIA to promptly notify the requester of material export control changes affecting product availability, and include pricing and delivery commitment protections against mid-cycle licensing restrictions equivalent to the April 2025 H20 event.
6. Monitor the DOJ antitrust investigation and French Competition Authority proceedings for escalation to formal charges or consent decree proceedings, which could affect NVIDIA's commercial terms, product bundling practices, and competitive ecosystem.
7. Require NVIDIA to provide a current Data Processing Agreement and confirm data handling practices for any scenario in which NVIDIA's platforms or personnel access the requester's systems, proprietary data, or customer information.
8. Conduct independent OFAC, BIS, and applicable state/agency sanctions list screening directly against NVIDIA Corporation, its key executives, and its significant subsidiaries before finalizing the relationship, and establish a periodic re-screening schedule.
Monitoring Needs:
β’ DOJ antitrust investigation status and any escalation to formal charges or indictment.
β’ French Competition Authority formal charge proceedings and any fine assessment.
β’ EU Commission antitrust inquiry progression toward formal investigation status.
β’ Securities class action (cryptocurrency disclosure) trial schedule and any settlement negotiations.
β’ AI copyright class actions (book scraping, YouTube scraping) β judicial rulings on fair use defenses and any settlement outcomes.
β’ U.S.-China export control policy changes affecting NVIDIA product availability, particularly for H200 and Blackwell-family products.
β’ Taiwan-China geopolitical developments affecting TSMC's ability to manufacture NVIDIA's advanced chips.
β’ CVE-2024-0132 Container Toolkit vulnerability β confirmation of complete patch and requester environment remediation.
β’ Jensen Huang executive continuity and any succession planning disclosures.
β’ NVIDIA quarterly SEC filings (10-Q, 8-K) for material legal proceedings updates and export control charge disclosures.
Based on the findings in this report, the following questions should be addressed through direct inquiry with the entity or additional research:
1. What is NVIDIA's current ISO 27001 certification status β specifically, has a third-party accredited certification body issued a current certificate, and what is the certification scope? Please provide a copy of the current certificate and any SOC 2 Type II attestation reports covering NVIDIA's enterprise cloud and AI platform environments relevant to the contemplated relationship.
2. Given the active AI copyright class actions alleging use of unauthorized training data (including the NeMo shadow library claims and the Cosmos YouTube scraping claims), what is NVIDIA's current position on the training data provenance for AI tools and models that would be deployed in or made accessible to the requester's environment? What indemnification protections does NVIDIA offer against downstream IP liability for requester organizations using these models in product delivery?
3. What specific contractual protections does NVIDIA offer to integrated partners against mid-cycle export control changes of the type experienced in April 2025 (H20 licensing requirement), including delivery commitments, inventory reservation, pricing stability, and advance notification obligations?
4. In the event of a disruption to TSMC's Taiwan manufacturing operations β whether from natural disaster, geopolitical conflict, or regulatory action β what is NVIDIA's formal business continuity plan for its most critical product lines? What alternative manufacturing pathways exist, and what lead times would be involved?
5. What is NVIDIA's formal chip diversion compliance program for managing distribution through third-party resellers and cloud partners in jurisdictions adjacent to restricted markets? What end-use monitoring, contractual flow-down, and audit mechanisms are in place, and what was the outcome of the Megaspeed facility review conducted in late 2025?
6. Has NVIDIA been formally charged, and has any consent agreement, compliance monitorship, or remediation obligation been imposed by the French Competition Authority, the DOJ, or the European Commission in connection with the active antitrust investigations? If formal charges have been issued, what is the current procedural status?
7. Does NVIDIA maintain a Data Processing Agreement applicable to integrated partners who access NVIDIA platforms, DGX Cloud services, or AI Enterprise tools as part of their operational delivery? What certifications underpin NVIDIA's data security commitments under that agreement, and how does NVIDIA handle cross-border data transfers to ensure GDPR compliance for European customer data?
8. What is the current status of the CVE-2024-0132 vulnerability in the NVIDIA Container Toolkit, and has a complete patch been validated by an independent third party? For integrated partners running NVIDIA Container Toolkit in production AI environments, what specific remediation guidance does NVIDIA provide?
9. Given that Jensen Huang's continued leadership is material to NVIDIA's strategic direction, what succession planning exists at the Board level, and has NVIDIA disclosed any formal succession framework applicable to the CEO and President roles?
10. What CMMC certification level has NVIDIA achieved or is actively pursuing, and does NVIDIA hold any FedRAMP authorization for its cloud and AI platform services that would apply to work performed on behalf of the requester in government-adjacent contexts?
Government & Regulatory Databases:
β’ SEC EDGAR (sec.gov/edgar) β NVIDIA Corporation CIK 0001045810; 10-K (FY2026, FY2025), 10-Q (Q1 FY2027), 8-K filings, DEF 14A proxy statements, Exhibit 21.1 subsidiaries; returned results
β’ SEC Certificate of Incorporation filings β NVIDIA Delaware reincorporation records; returned results
β’ SEC Litigation / Enforcement β NVIDIA Corporation cease-and-desist order, May 2022; returned results
β’ SCOTUSblog β NVIDIA Corp. v. E. Ohman J:or Fonder AB, Case No. 23-970; returned results
β’ U.S. Department of Justice β antitrust investigation coverage via Tier 2 corroboration; no direct DOJ database match identified
β’ OFAC SDN List (via web research) β no matches identified
β’ BIS Entity List (via web research) β no matches identified
β’ SAM.gov exclusions (via web research) β no matches identified
β’ OIG LEIE (via web research) β no matches identified
β’ World Bank Debarment List (via web research) β no matches identified
β’ UN Sanctions List (via web research) β no matches identified
β’ EU Consolidated Sanctions List (via web research) β no matches identified
β’ UK HM Treasury Sanctions List (via web research) β no matches identified
Court & Legal Records:
β’ U.S. District Court, Northern District of California β Nazemian v. NVIDIA Corporation (No. 24-01454); copyright class action
β’ U.S. District Court, Northern District of California β YouTube scraping class action (NovemberβFebruary 2026)
β’ U.S. District Court, District of Delaware β Lipchitz v. Huang derivative action
β’ Court of Chancery of the State of Delaware β Horanic v. Huang (filed October 2023)
β’ Ninth Circuit Court of Appeals β E. Ohman J:or Fonder AB v. NVIDIA; affirmed and cert. dismissed December 2024
β’ Bernstein Litowitz Berger & Grossmann LLP case page β securities class action docket summary
β’ ClassAction.org β NVIDIA litigation docket overview
News & Media:
β’ Reuters (Tier 2, Free press) β antitrust, export controls, French regulator coverage
β’ Bloomberg (Tier 2, Free press) β DOJ subpoena, antitrust, financial results
β’ Financial Times (Tier 2, Free press) β market and regulatory coverage
β’ Bloomberg Law β IP litigation coverage
β’ The Register (Tier 2, Free press) β DOJ antitrust subpoena
β’ Fortune (Tier 2, Free press) β chip smuggling and export enforcement
β’ Council on Foreign Relations β AI chip export policy analysis
β’ BleepingComputer (industry cybersecurity press) β Lapsus$ breach, GeForce NOW partner breach
β’ SecurityWeek β NVIDIA Container Toolkit CVE-2024-0132
β’ Trend Micro Research β CVE-2024-0132 incomplete patch disclosure
β’ Tom's Hardware β Megaspeed/export control diversion
β’ SC Media β GeForce NOW partner breach confirmation
β’ Times of Israel (Free press) β Mellanox acquisition
β’ American Action Forum β DOJ antitrust analysis
β’ TechPolicy.Press β NVIDIA antitrust comprehensive analysis
β’ The D&O Diary β Supreme Court dismissal; securities litigation
β’ Goodwin Law β 2024 technology antitrust year in review
β’ Esya Centre β French Competition Authority analysis
β’ The NextWeb β French antitrust charges
β’ PYMNTS β French antitrust charges
β’ Dechert OnPoint β SEC settlement analysis
β’ JURIST β SEC settlement
β’ CNN Business β SEC settlement
β’ Charles Russell Speechlys β NeMo copyright lawsuit analysis
β’ Captain Compliance β YouTube scraping lawsuit analysis
β’ SaveriLawFirm.com β NeMo litigation
β’ PC Gamer β amended NeMo copyright complaint (January 2026)
β’ TradingKey β securities class action certification
β’ Trefis β Taiwan/TSMC geopolitical risk analysis
β’ Ainvest β TSMC supply chain analysis
β’ Built In β AI chip export control
β’ FinTech Weekly β U.S.-China chip controls
Business Registries & Financial:
β’ SEC EDGAR 10-K FY2026 (nvda-20260125.htm) β financial statements, subsidiary list
β’ SEC EDGAR 8-K Q4 FY2026 and Q1 FY2027 earnings releases
β’ SEC EDGAR DEF 14A FY2025 proxy statement
β’ SEC EDGAR Exhibit 21.1 (FY2025) β subsidiaries of registrant
β’ Industry Source: The EnergyMag, Eqvista, IndustryTap, The Street β ownership structure data corroborated against SEC filings
β’ DigitalDefynd, Craft.co, Bullfincher.io, Simply Wall St β executive identification (Tier 4 aggregators; corroborated against SEC filings)
Industry-Specific Sources:
β’ BIS.doc.gov framework research β export control EAR/ECCN methodology
β’ Baker McKenzie Sanctions Blog β BIS Affiliates Rule
β’ Introl Blog β AI export control tiering
β’ Goodwin Law technology antitrust review
β’ Common Sense Privacy β NVIDIA privacy practices assessment
β’ NVIDIA Cloud Services Data Processing Addendum β data security commitments (Tier 3 company source)
β’ NVIDIA Privacy Policy (Tier 3 company source β for identification only)
This report is based on publicly available information accessible through web search. The following limitations apply:
Information Not Accessible:
β’ Proprietary databases (e.g., LexisNexis, World-Check, Dow Jones Risk & Compliance)
β’ Non-public court records and sealed proceedings
β’ Confidential regulatory examination results
β’ Real-time direct sanctions database queries (independent verification required)
β’ PACER direct access β litigation identified through corroborated secondary sources including law firm case pages and court orders published in news coverage
β’ NVIDIA's internal compliance program documentation, audit results, and third-party security assessments
β’ Non-English language sources (limited coverage) β French Competition Authority proceedings partially covered through English-language wire service reporting; French-language source materials not reviewed directly
β’ Confidential settlement terms in any resolved matters
β’ International jurisdiction coverage: French, EU, South Korean, and Chinese regulatory proceedings were researched through English-language Tier 2 wire service reporting; direct regulator database access was not conducted for non-U.S. authorities
Recommended Additional Due Diligence:
1. (Most Urgent) Conduct direct inquiry with NVIDIA requesting current ISO 27001 certification, SOC 2 Type II attestation, Data Processing Agreement, and evidence of GDPR compliance program β these are essential prerequisites for any integrated supplier relationship involving access to the requester's systems or customer data.
2. Obtain legal analysis from qualified IP counsel on the downstream liability exposure for the requester arising from NVIDIA's active AI training data copyright class actions, and assess contractual indemnification terms before deploying NVIDIA AI tools in client-facing delivery.
3. Request NVIDIA's current export compliance program documentation, including its diversion prevention procedures, third-party distributor monitoring protocols, and any BIS voluntary self-disclosures or compliance commitments made in connection with the government's chip diversion enforcement environment.
4. Commission a business continuity risk assessment specific to the TSMC Taiwan manufacturing dependency, including scenario modeling for supply disruption and identification of alternative sourcing or buffering strategies within the contractual framework.
5. Monitor the French Competition Authority and DOJ antitrust proceedings on a quarterly basis; if formal charges result in a consent decree, compliance monitorship, or remediation requirements, assess whether the resulting obligations or product restrictions materially affect the contemplated relationship.
6. Engage NVIDIA's legal or compliance team directly to obtain the current procedural status of the securities class action (cryptocurrency disclosure) and the AI copyright class actions, and assess whether any material judgment or settlement in these cases would affect NVIDIA's financial obligations or operational priorities within the engagement period.
7. Verify sanctions status through direct OFAC/BIS database query.
This report is valid as of the report date. Circumstances may change. Periodic re-screening is recommended based on risk indicator and relationship type.
FirstCheck.App is a first-level third party intelligence and risk assessment tool. It is not a substitute for formal investigation, professional review, or expert compliance determinations. Report findings should be evaluated by business managers, subject matter experts, and professionals in the context of the organization's risk tolerance, policies, directives, and approaches. FirstCheck.App reports may be retained as part of the organization's third-party risk management program, including its applicable record-keeping practices.
Β© 2026 FirstCheck.App. All rights reserved.
This report reflects research conducted across the following databases. Individual databases are identified in Section 4 only when a match or potential match is found.
TIER 1 β Direct Web Research (Conducted on Every Report)
| 1. | OFAC | Specially Designated Nationals (SDN) List |
| 2. | OFAC | Non-SDN Lists (SSI, FSE, NS-MBS, PLC, and related) |
| 3. | BIS | Entity List |
| 4. | BIS | Denied Persons List |
| 5. | BIS | Unverified List |
| 6. | U.S. State Department | Debarred Parties List (ITAR) |
| 7. | OIG | List of Excluded Individuals/Entities (LEIE) |
| 8. | GSA SAM.gov | System for Award Management Exclusions |
| 9. | DEA | Controlled Substances Act Exclusions |
| 10. | CMS | State Medicaid Exclusion Lists (composite) |
| 11. | FDA | Debarment List |
| 12. | SEC | Enforcement Actions Database |
| 13. | CFTC | Enforcement Actions |
| 14. | FinCEN | Enforcement Actions |
| 15. | FBI | Most Wanted |
| 16. | Interpol | Red Notices |
| 17. | UN Security Council | Consolidated Sanctions List |
| 18. | European Union | Consolidated Sanctions List |
| 19. | UK HM Treasury | Sanctions List |
| 20. | World Bank | Debarment List |
| 21. | Asian Development Bank | Sanctions List |
| 22. | OpenSanctions | Consolidated Database |
TIER 2 β Web Research Based (Conducted Where Relevant)
| 1. | FATF | Grey List (Jurisdictions Under Increased Monitoring) |
| 2. | FATF | Black List (High-Risk Jurisdictions β Call for Action) |
| 3. | SECO | Sanctions List (Switzerland) |
| 4. | MAS | Sanctions List (Singapore) |
| 5. | DFAT | Sanctions List (Australia) |
| 6. | Global Affairs Canada | Sanctions List |
| 7. | Japan METI/MOFA | Sanctions and Export Control Lists |
| 8. | France TRESOR | Direction GΓ©nΓ©rale du TrΓ©sor Sanctions |
| 9. | Germany BAFA | Export Control and Sanctions Lists |
| 10. | UAE | Sanctions List |
| 11. | Israel | Sanctions List |
| 12. | ICIJ | Offshore Leaks Database (Panama Papers, Pandora Papers) |
| 13. | Transparency International | Corruption Perceptions Index (CPI) |
| 14. | Basel Institute | AML Index |
| 15. | ACAMS | Watchlist (open-source tier) |
| 16. | South Korea MOFAT | Sanctions List |
| 17. | Inter-American Development Bank | Sanctions List |
Tier 1 databases are researched on every report. Tier 2 databases are researched based on entity jurisdiction, industry, and risk profile. This screening is conducted through open-source web research and does not constitute direct real-time database queries. Independent verification against all applicable databases is required before entering into any business relationship or transaction.
Risk ratings reflect a qualitative assessment of the severity, recency, and regulatory relevance of identified issues.
| Report ID: | FC-20260526-085928 |
| Date Generated: | May 26, 2026 |
| FirstCheck Version: | v2.12.34 |
| Entity Analyzed: | NVIDIA |
| Jurisdiction: | US |
| Relationship Type: | Integrated Supplier / Subcontractor |
| Client Industry: | Technology |
| Reason for Inquiry: | Periodic Review |
This report is valid as of the date generated. Circumstances may change. Periodic re-screening is recommended based on risk indicator and relationship type.
The undersigned has reviewed this Third Party Risk Assessment Report and confirms that the risk decision and recommendations above are based on the information provided and professional judgment.
This form should be completed by the designated compliance reviewer and retained with the FirstCheck report as part of the organization's due diligence records.