Njordium Cyber has launched a new Vendor Management System (VMS) designed to help organisations manage third-party risk more efficiently under Europe’s expanding regulatory environment.
The launch comes as organisations across Europe face growing pressure to manage vendor risk amid increasingly complex regulatory requirements. According to industry research, 70% of European organisations have suffered a data breach in the past three years, with 77% of those incidents originating from vendors or third parties.
At the same time, third-party risk teams are spending an average of more than 37 hours each week on repetitive administrative tasks while still struggling to keep up with oversight demands.
Njordium Cyber Group focuses on cyber intelligence and governance, risk and compliance services that help financial institutions and other organisations strengthen their security posture while meeting regulatory expectations. The company’s work centres on helping firms navigate complex compliance frameworks and improving the efficiency of risk management processes.
The new Vendor Management System is designed to address inefficiencies in how organisations assess and monitor vendors. Financial institutions operating under regulations such as NIS2, DORA, the Cyber Resilience Act and GDPR often assess the same vendors multiple times to meet different regulatory requirements, resulting in duplicated effort and fragmented evidence trails.
Njordium VMS aims to eliminate this duplication by allowing organisations to perform a single vendor assessment that simultaneously satisfies multiple frameworks. According to the company, the platform aligns requirements across NIS2, DORA, the Cyber Resilience Act, GDPR Article 28 and ISO 27001, while also producing outputs aligned with supply-chain security standard ISO 28001 and enterprise risk management standard ISO 31000.
The system also includes integrated compliance tools such as ultimate beneficial ownership screening, politically exposed persons monitoring and suspicious activity reporting capabilities that connect directly to regulatory workflows. These tools are intended to help organisations identify potential compliance issues earlier and prevent gaps before they become regulatory problems.
A key element of the platform is its focus on data sovereignty. The Vendor Management System can be deployed on-premise or within a client’s private cloud environment, ensuring that sensitive vendor and compliance data remains within the organisation’s own infrastructure.
The platform also introduces a multi-framework assessment engine with risk-proportionate tiers ranging from 30 to 114 controls depending on vendor criticality. This approach enables organisations to scale due diligence according to risk while mapping nth-party relationships across the supply chain.
Njordium Cyber Group CEO Mads Becker Jørgensen said, “Whistic, KPMG and Gartner — three independent research bodies — arrived at the same structural diagnosis in the same twelve-month window in 2025: the architecture, not the effort, is broken. We didn’t add another layer of complexity — we removed it. One assessment, seven regulatory outputs, one immutable audit trail. That is the new standard.”
Njordium senior advisor Kim Haverblad added: “With AMLA now live, every obliged entity must ask whether its AML team and its vendor intelligence team are looking at the same reality. In most organisations they are not. Njordium closes that gap before the regulator does it for them.”
Keep up with all the latest RegTech news here
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
