Njordium Cyber Group Launches Vendor Management System to Slash Europe’s Multi-Billion-Euro Third-Party Risk Exposure

Stockholm, Sweden – 4 March 2026 – Njordium Cyber Group AB, the Nordic specialist in cyber intelligence, governance, risk and compliance, today launches its Vendor Management System (VMS) — a single platform that eliminates the costly duplication of third-party assessments under Europe’s overlapping regulations.

Seventy per cent of European organisations suffered a data breach in the past three years; 77 per cent of those breaches originated with a vendor or third party (Whistic, Third-Party Risk Management 2025 Impact Report). The average third-party risk team now spends more than 37 hours a week on repetitive administration — and is still falling further behind.

For banks, insurers and payment firms operating under NIS2, DORA, the Cyber Resilience Act and GDPR — and now the newly operational European Anti-Money Laundering Authority (AMLA) — the same vendors are assessed four or five times in parallel. This creates disconnected evidence trails that regulators increasingly regard as a compliance failure.

Njordium VMS addresses the issue at its root. One vendor assessment, performed once, simultaneously satisfies the requirements of NIS2, DORA, the Cyber Resilience Act, GDPR Article 28 and ISO 27001 — while automatically generating aligned outputs for supply-chain (ISO 28001) and enterprise risk (ISO 31000) standards. Built-in modules for ultimate beneficial ownership screening, politically exposed persons monitoring and suspicious activity reporting connect directly to regulatory workflows, helping organisations prevent compliance gaps before they arise. All data remains on-premise or in the client’s private cloud; no information ever leaves the client’s infrastructure.

“Whistic, KPMG and Gartner — three independent research bodies — arrived at the same structural diagnosis in the same twelve-month window in 2025: the architecture, not the effort, is broken,” said Mads Becker Jørgensen, CEO of Njordium Cyber Group. “We didn’t add another layer of complexity — we removed it. One assessment, seven regulatory outputs, one immutable audit trail. That is the new standard.“

Kim Haverblad, Senior Advisor at Njordium, added: “With AMLA now live, every obliged entity must ask whether its AML team and its vendor intelligence team are looking at the same reality. In most organisations they are not. Njordium closes that gap before the regulator does it for them.”

Key features include:

• Multi-framework engine — one assessment satisfies NIS2, DORA, CRA, GDPR, ISO 27001, implemented in accordance with ISO 31000 and ISO 28001 out of the box

• Risk-proportionate tiers — 30, 80 or 114 controls scaled to vendor criticality, with full nth-party mapping

• Preventive compliance module — UBO screening, PEP monitoring and SAR reporting to FI, designed to stop regulatory exposure at source

• Full data sovereignty — on-premise or private cloud deployment; every AI decision fully auditable

About Njordium Cyber Group

Njordium Cyber Group AB is a Nordic cybersecurity and GRC firm headquartered in Stockholm, with offices in Malmö. The company specialises in third-party risk management, preventive compliance solutions, cyber intelligence and regulatory alignment across EU frameworks. By fixing foundational architecture rather than adding complexity, Njordium helps Europe’s largest organisations meet regulatory demands without multiplying cost and effort.

Media Contact: Kim Haverblad, Senior Advisor, Njordium Cyber Group, +46 760 046 232 or via email: media@njordium.com.