As announced on WWDC23 apps and SDKs will have to include a privacy manifest file, which can be added in Xcode 15 and will become mandatory in Spring 2024.
Apps and third-party SDKs — distributed as XCFrameworks, Swift packages, or framework bundles — can contain a privacy manifest file, named PrivacyInfo.xcprivacy.
Source: Documentation
I'm still unsure how this reflects on apps or SDKs containing multiple targets, e.g. an app which contains network layer code in a separate target (but only as code included locally and not developed by some third party).
Do we have to include a separate privacy manifest for each target or is it enough to have one privacy manifest in the "main" target that covers data usage of all targets.