They won't prove they're not taking.
Inability or refusal to provide evidence supporting compliance claims. The vendor claims GDPR compliance but won't provide a DPA. They claim SOC 2 but gate the report behind NDA. They claim privacy-first but won't answer specific technical questions about data flows.
How This Escalates BTI-C Findings
Escalates any BTI-C finding into an assurance failure. If technical evidence exists AND the vendor refuses to address it, the refusal itself becomes evidence of knowing misconduct.
Related Advisories
No published advisories reference this code yet.
Investigations are ongoing.
Blackout uses security frameworks to protect AGAINST vendors, not FOR them. We do not notify vendors. We do not provide remediation windows. If you're using a vendor flagged by this code, the advisory is your evidence.