Resources
Expert insights on NIS2, DORA, and third-party risk management for EU organisations.
Your Vendors All Depend on AWS: The Fourth-Party Concentration Risk Nobody Is Measuring
We scraped the GDPR subprocessor pages of 10 major SaaS vendors. Every single one depends on AWS. 90% use Google Cloud. 80% use Twilio for notifications. Here is what that means for your organisation.
When 100 Million Weekly Downloads Get Weaponised: The Axios Attack and Your NIS2 Obligations
North Korea's Lazarus Group compromised the Axios npm package — present in 80% of cloud environments. If you are an EU entity under NIS2, here is exactly what you must do and by when.
NIS2 Supply Chain Security: The Art. 21(2)(d) Guide
Article 21(2)(d) makes supply chain security a legal obligation for 160,000+ EU entities. Third-party breaches cost USD 4.91M on average. This step-by-step guide covers classification, contracts, and monitoring.
You Are Not Regulated. You Are Still Exposed: Why Every Company Needs Vendor Risk Management
30% of breaches now involve third parties. 97% of organisations experienced a supply chain incident in 2025. You do not need NIS2 or DORA to need TPRM — you just need vendors. Here is the data-backed case for managing vendor risk before a regulation forces you to.
When Your Security Scanner Turns Against You: Supply Chain Lessons from the Trivy Compromise
In March 2026, attackers compromised Trivy, Checkmarx KICS, and LiteLLM in a cascading supply chain campaign that hit 1,000+ enterprise environments. Here is what NIS2 entities can learn about vendor risk, fourth-party exposure, and incident response.
Get NIS2 Insights Weekly
Stay ahead of EU compliance requirements. Practical guidance on NIS2, DORA, and third-party risk management delivered to your inbox.