Trust Center

We’re pleased to announce that we recently completed our 2025 Self-Assessment Questionnaire Attestation of Compliance (SAQ-D AOC) for Service Providers. Our SAQ-D AOC and Responsibility Matrix are now available for download.

We’re thrilled to announce that we have completed our 2024 Self-Assessment Questionnaire Attestation of Compliance (SAQ-D AOC) for Service Providers. Our SAQ-D AOC is now available for download and includes transitioning to version 4.0. In addition, we have also made available Vercel's Responsibility Matrix for download.

We’re pleased to announce that we recently completed our Self-Assessment Questionnaire Attestation of Compliance (SAQ-D AOC) for Service Providers! Our SAQ-D AOC report is available for download. For more information, see our blog post at https://vercel.com/blog/pci-compliance-for-ecommerce-teams.

React Server Components Vulnerability (CVE-2025-55182)

A critical vulnerability in React Server Components (RSC) was disclosed on December 3, 2025. Vercel has assessed the issue and there is currently no known impact to Vercel or its customers. The Vercel platform includes safeguards that block the malicious request patterns associated with this vulnerability, significantly reducing exploitation risk for applications hosted on Vercel.

Recommended Actions:

We strongly recommend updating to the patched versions outlined in the Vercel Changelog.

A banner in the Vercel dashboard will indicate any projects running affected versions.

Ongoing Monitoring:

Vercel’s Security and Engineering teams continue to actively monitor the situation and will provide updates if new information emerges. Vercel remains committed to maintaining the confidentiality, integrity, and availability of its systems and customer data.

For questions, please contact the Security Team at security@vercel.com

We’re excited to share that Vercel has successfully completed its TISAX Assessment Level 2 (AL2) assessment, a standard developed by the Association of the German Automotive Industry (VDA) and governed by the European Network Exchange (ENX), an association of European automotive manufacturers. This standard provides the European automotive industry a consistent approach and criteria for assessing information security and the use of cloud services throughout the supply chain.

Vercel customers can access TISAX assessment results through the ENX portal.

To view the assessment details:

• Sign in to your account on the ENX portal
• Search for Vercel or look up the following details:
  • Assessment ID: AMR06H-1
  • Scope ID: SYN3TM

For more details, please visit our blog post.

We have updated our subprocessor list, as it pertains to services utilized for our AI products.

Additional Subprocessor

The following subprocessor is currently engaged to support our v0 product and has been added to the subprocessor list:

• Groq, Inc. to provide AI services.

To review our complete subprocessor list, visit our Trust Center. If you have any questions or require further information, please do not hesitate to contact us at privacy@vercel.com.

We have updated our subprocessor list, as it pertains to services tailored for our customer support services.

Additional Subprocessor

The following subprocessor is currently engaged to support our customer support services and has been added to the subprocessor list:

• Not Just Tickets Ltd, d.b.a Plain, to provide customer support services.

To review our complete subprocessor list, visit our Trust Center. If you have any questions or require further information, please do not hesitate to contact us at privacy@vercel.com.