In the age of sprawling digital supply chains, third-party risk management has become less of a compliance box to tick and more of a survival strategy. But according to a new 2025 study from Mitratech, many organizations are still trying to manage it all with duct tape and spreadsheets.
The European Securities and Markets Authority (ESMA) is stepping up to ensure that third-party risks don’t get overlooked in the growing complexity of EU securities markets. As more companies turn to third parties for critical functions, ESMA’s new guidelines aim to help supervisors across the EU keep pace with these shifts and ensure a more secure, compliant, and resilient market.
Adidas has disclosed a recent data breach where unauthorized external parties obtained certain consumer data via a third-party customer service provider. While the sportswear giant quickly contained the incident and initiated a comprehensive investigation, the breach raises significant concerns about IT security, data protection, and the role of third-party vendors in safeguarding sensitive consumer data.
Germany has adjusted its earlier position on the European Union’s Corporate Sustainability Due Diligence Directive (CSDDD), softening calls for the law’s outright removal. A spokesperson for the German government, Stefan Kornelius, clarified today that instead of scrapping the law, the government aims to “de-bureaucratize” and “streamline” its implementation, as reported by Reuters and The Economic Times.
French President Emmanuel Macron has added his voice to the growing opposition against the European Union's Corporate Sustainability Due Diligence Directive (CSDDD), aligning with German Chancellor Friedrich Merz’s call to scrap the law entirely. The directive, which was adopted in May 2024, mandates that companies assess, prevent, and mitigate their impacts on human rights and the environment across their supply chains, including issues like child labor, slavery, deforestation, and pollution.
TGP Europe, a prominent gambling operator, has exited the UK market following a series of regulatory breaches uncovered by the UK Gambling Commission. The company, which ran several gambling websites under the branding of other businesses, voluntarily surrendered its UK operating liscence after being informed it would face a £3.3 million penalty unless it made significant improvements to its operations.
As organizations continue to evolve in an increasingly interconnected world, it has become abundantly clear that the way we manage third-party relationships is at the heart of effective governance, risk management, and compliance (GRC). What was once seen as a linear process of managing external partnerships has now transformed into an intricate web of interconnected relationships that extend across global suppliers, contractors, service providers, and more. These third-party connections form what is known as the extended enterprise, and within this ecosystem lies some of the most pressing challenges organizations face today.