The round, and what it signals

The money went to a model, not a product feature. Risk Ledger, a London company, confirmed on 15 July 2026 that it had raised 24 million pounds in a Series B round led by Axiom Equity, with Mercia Ventures returning from the Series A. The raise takes the company's total funding to roughly 34 million pounds and will pay for a deeper UK network, AI-assisted assessment tools, and a push into the United States.

Jonathan Organ, founding partner at Axiom Equity, said the company is creating a category rather than competing in an old one. That is investor language, but it points at something real: the thing Risk Ledger sells is not a better questionnaire. It is the argument that the questionnaire itself is the wrong shape for the problem, and that a shared network is the right one.

Why the questionnaire model is the target

Most supplier risk today is a point-in-time snapshot. A buyer sends a supplier a security questionnaire, files the answers, and moves on. The next review might be a year away. Risk Ledger's chief executive, Haydn Brooks, frames the alternative as organisations that defend as one, sharing intelligence and reducing risk together rather than each re-interviewing the same suppliers in isolation.

The weakness of the old model is not effort, it is timing and duplication. A supplier that was secure when it answered your form can be breached the next week, and you would not know until your next scheduled review. Meanwhile ten of your peers are sending that same supplier the same questions, and none of the answers are shared. A network assesses the supplier once and shows the result to everyone who depends on it.

The law turned supplier risk into your liability

This raise lands on top of a legal shift, not a marketing trend. Under the EU's NIS2 directive and, for financial firms, the DORA regulation, a security failure inside your supply chain is now your accountability to manage and evidence, not a private matter for the supplier. Boards can be held responsible for third-party risk they cannot show they controlled.

That is the quiet reason a supply-chain risk platform can raise at this scale. Regulators converted supplier due diligence from a procurement courtesy into a documented obligation with named owners. The market has now priced that obligation, and it decided the annual spreadsheet is not what satisfies it.

What a shared network changes

The network's value is that it removes the re-collection tax. With more than 16,000 organisations on the platform, spanning financial services, insurance, critical national infrastructure and government, a supplier records its security posture once and every connected buyer sees it. The buyer's job shifts from chasing forms to reading a live picture.

There is a trade to name honestly. A shared network concentrates a lot of sensitive supplier data in one place, and it is only as current as the suppliers keep it. But against a status quo of stale, siloed questionnaires, a continuously updated shared view is a genuinely different instrument, which is what the category claim rests on.

Where this leaves you

The action is not to buy this specific product, it is to check your model. Ask whether your organisation can show, today, that a critical supplier is secure, or whether the most recent evidence is a questionnaire someone filed months ago. Under NIS2 and DORA, that gap is now a compliance exposure, not just an operational one.

Funding rounds are usually noise for an owner. This one is a signal, because the investors are betting on a regulatory reality you already live under. The question the raise puts to you is simple: is your third-party risk process built for the law as it is now, or the law as it was five years ago?