Usually in these kind of situations I fall back to sharing a OneDrive / Teams (SharePoint) folder out to the external vendor. Anyone can say that they can’t receive the encrypted email and there could be legitimately good reasons for that, but if they don’t know how to login to 365 to access a shared folder that’s on them.
If they absolutely refuse to allow you to share or email an individual vs. a distro group then I’d do it that way, but not using an “anyone with the link” share depending on the sensitivity of the information. If it’s something that isn’t as sensitive sure, but otherwise they’ll need to setup credentials with that distro group and use it to login to access the shared folder.