In this episode of The Third Party Risk Institute Podcast, we take a deep dive into the three landmark regulations set to redefine cybersecurity and third-party risk management (TPRM) in 2025:

• DORA (EU Digital Operational Resilience Act) – binding requirements for financial institutions and ICT providers, including detailed vendor contract clauses, unrestricted audit rights, and concentration risk analysis.
• NIS2 Directive – expanding cybersecurity obligations across 18 critical sectors with strict incident reporting timelines, supplier security expectations, and senior management accountability.
• U.S. SEC Cybersecurity Disclosure Rule – mandating public companies to disclose material cyber incidents within four days and report annually on vendor cyber risk management practices.

Together, these regulations signal a global shift: cyber resilience and third-party risk oversight are now board-level imperatives.

What we cover in this episode:
• Key contract clauses and due diligence steps required by DORA
• How NIS2 expands supply chain risk accountability beyond finance
• Why SEC rules make vendor cyber incidents investor disclosures
• Practical ways to embed vendor oversight into enterprise risk programs
• Actionable steps for CROs, CISOs, and TPRM teams to stay compliant

You’ll walk away with practical guidance on:
• Performing a regulatory gap analysis across DORA, NIS2, and SEC rules
• Updating vendor contracts with notification, audit, and cooperation clauses
• Building a structured supply chain security program aligned with ISO 27001 and NIST CSF
• Preparing disclosure processes and templates to meet SEC 8-K reporting deadlines
• Using certifications like C3PRMP to build in-house expertise and demonstrate readiness

This episode is essential listening for:
• Chief Risk Officers, CISOs, Vendor Risk Managers, and Procurement Leaders
• Cybersecurity, Compliance, and Audit Professionals
• Board Members and Executives overseeing enterprise resilience

By embracing these regulatory changes, you won’t just avoid penalties, you’ll strengthen trust, enhance resilience, and gain a competitive edge in today’s interconnected economy

🎧 Enjoying the podcast?
Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com

📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd.

📬 Have a question or topic you'd like us to cover?
Email us at: info@thirdpartyriskinstitute.com