Diligent is making a decisive move into one of the fastest-growing pressure points in governance, risk, and compliance. The GRC SaaS provider has acquired 3rdRisk, an AI-native third-party risk management platform based in the Netherlands, strengthening its position as a dominant player in enterprise risk technology.

The deal expands Diligent’s ability to help organizations manage increasingly complex vendor ecosystems—an area that has quickly escalated from an operational concern to a board-level priority. It also reinforces Diligent’s rare status as the only GRC vendor recognized as a “Leader” by all five major analyst firms: Gartner, IDC, Forrester, Chartis, and Verdantix.

Why Third-Party Risk Is Now a Boardroom Issue

Third-party risk management, particularly IT vendor risk, has become one of the fastest-growing segments within GRC. Enterprises today rely on sprawling networks of software providers, cloud platforms, data processors, and outsourcing partners—each introducing new regulatory, cyber, and operational risks.

Rising regulatory scrutiny, escalating cyber threats, and deeper digital dependencies have exposed the limits of manual vendor assessments and spreadsheet-driven oversight. Many organizations struggle to maintain real-time visibility into how external partners affect their overall risk posture.

That’s the gap Diligent is aiming to close with this acquisition.

What 3rdRisk Brings to the Table

Founded with an AI-first approach, 3rdRisk focuses on automating the most time-consuming aspects of third-party risk management. Its platform uses AI to handle vendor profiling, assessment workflows, and document analysis across contracts, certifications, and compliance artifacts.

Instead of quarterly review cycles, 3rdRisk is designed to give organizations a near real-time view of vendor performance and risk exposure. Diligent says this can help teams achieve audit readiness in weeks rather than quarters—a meaningful advantage as regulatory expectations continue to rise.

By integrating 3rdRisk into its broader platform, Diligent is extending risk visibility beyond internal controls to the full external ecosystem of suppliers and partners.

From the Boardroom to the Vendor Network

Diligent’s leadership frames the acquisition as a way to unify governance and execution. According to Scott Bridgen, General Manager of Risk and Audit at Diligent, combining Diligent’s AI platform with 3rdRisk’s capabilities creates a more holistic view of risk—one that spans from board oversight down to vendor-level dependencies.

That end-to-end perspective is increasingly important as boards demand clearer answers to questions about supply chain resilience, cyber exposure, and regulatory compliance tied to third parties.

Rather than treating vendor risk as a siloed function, Diligent is positioning it as an integral part of enterprise governance.

AI as an Enabler, Not a Replacement

3rdRisk’s leadership emphasizes that AI is meant to augment—not replace—human judgment. The platform is designed to eliminate manual processes that consume risk teams’ time, allowing professionals to focus on evaluating what actually matters.

According to Bram Ketting, co-founder and CEO of 3rdRisk, joining Diligent accelerates that vision by bringing global scale while preserving the domain expertise that customers expect. It also signals a broader industry trend: AI in GRC is moving beyond experimentation into core infrastructure.

Building on a Year of AI Expansion

The acquisition follows a year of rapid AI-driven product expansion at Diligent. Recent launches include:

• GovernAI, aimed at streamlining governance workflows

• AI Risk Essentials, focused on strengthening enterprise risk management

• AI-enhanced Diligent Entities, modernizing entity and subsidiary management

• ACL AI Studio, delivering faster, data-driven insights for audit and compliance teams

Adding third-party risk management to this lineup extends Diligent’s AI strategy into one of the most operationally complex areas of GRC.

Competitive Implications

The GRC market has become increasingly crowded, with vendors racing to bolt AI onto legacy platforms. Diligent’s approach—acquiring an AI-native specialist rather than retrofitting existing tools—suggests a push toward deeper, purpose-built capabilities.

As regulators and boards demand more continuous, defensible risk oversight, platforms that can unify internal and external risk data are likely to gain an edge. The Diligent–3rdRisk combination puts pressure on rivals that still treat third-party risk as an add-on module rather than a core capability.

The Bigger Picture

For enterprises, the message is clear: third-party risk is no longer peripheral. It’s central to governance, compliance, and resilience. By bringing 3rdRisk into its ecosystem, Diligent is betting that AI-driven, real-time visibility into vendor risk will become a standard expectation—not a premium feature.

As digital dependencies continue to grow, so will scrutiny. This acquisition positions Diligent to meet that moment with a broader, more integrated view of risk—one that extends well beyond the organization’s own walls.

Get in touch with our MarTech Experts.