The past few years have tested the limits of modern manufacturing supply chains, pushing the industry to focus more on agility and resilience than ever before. Despite overall demand and production capacity hitting record highs since 2022, the manufacturing sector still faces challenges ahead.
In addition to stubborn levels of inflation, economic uncertainty, and supply chain issues like labor shortages and sourcing concerns, supply chain professionals-particularly those in automotive and aerospace & defense-have a number of new compliance and regulatory risks to manage.
These regulations span a range of risk domains, including environmental, social, and governance (ESG), cybersecurity, foreign ownership concerns, and safety and product compliance.
Here are some of the top regulations in each category to be aware of and how to mitigate risk and comply with each of them.
ESG and Forced Labor
In recent years, governments have started taking action to curb human rights violations and other negative impacts-particularly environmental-within global supply chains. Manufacturers and their supply chain leaders need to be aware of these regulatory trends to ensure compliance now and in the future.
The following regulations establish reporting and documentation requirements across environmental and ethical concerns. They emphasize monitoring and mitigating Scope 3 emissions (emissions that are not directly produced by the parent company but by business activities down the value chain).
Corporate Sustainability Reporting Directive (CSRD): The CSRD passed the E.U. Council in November 2022 and establishes sustainability reporting requirements for covered companies (mainly large E.U. and non-E.U. companies with E.U. subsidiaries). This reporting framework standardizes non-financial reporting procedures and expands the disclosure requirements originally outlined under the Non-Financial Reporting Directive (NFRD).
Corporate Sustainability Due Diligence Directive (CSDDD): The CSDDD, adopted by the European Commission in June 2023, imposes a due diligence mandate for covered companies. Companies are now responsible for the negative human and environmental impacts (across a range of ESG risk factors such as pollution, labor violations, and human rights abuses) that occur as a result of the businesses’ activities. Companies that fail to comply will be fined up to 5% of total revenue.
German Supply Chain Due Diligence Act: Germany adopted the Due Diligence Act in 2021, requiring companies and their n-tier suppliers to conduct a risk analysis of their supply chains and take preventative action to ensure suppliers comply with ESG standards. This includes mandated documentation, risk analysis, a formal policy statement, preventative and remedial efforts, and the appointment of a human rights officer to monitor compliance and risk management.
These reporting and due diligence requirements are designed to help curb some of the issues and scandals that have recently plagued companies like Toyota. Toyota Industries twice admitted to falsifying data reports between 2022 and March 2023. Toyota Industries Corp, the leading forklift manufacturer, falsified the results of parts testing, halting some shipments. And in March, Toyota officials admitted to falsifying emissions tests on gas and diesel engines.
These revelations underscore the importance of due diligence and risk management in preventing scandals like this. In fact, the company President Akira Onishi attributed the cause of falsification to “insufficient knowledge and experience about legal regulations.”
Forced Labor Regulations
Uyghur Forced Labor Prevention Act (UFLPA): The UFLPA went into effect in June 2022 in response to increasing evidence of forced labor in China. It prohibits any goods that have been mined, produced, or manufactured in the Xinjiang Uyghur Autonomous Region (XUAR) in northwestern China from entering the U.S. The XUAR is a manufacturing hub with significant production capacity for multiple sectors, including automotive, agriculture, and oil and gas. Companies will need to monitor their supply chains to ensure their sources are compliant or risk having their products seized by U.S. customs.
The clothing company Uniqlo learned this the hard way in 2021 when a shipment of shirts was blocked from entering the U.S. on suspicion the raw cotton used to make the products was manufactured with forced labor. While the company argued that the cotton was sourced from Australia, the U.S., and Brazil, the U.S. Customs and Border Patrol Agency said Uniqlo failed to provide enough evidence, citing a lack of production records and information.
Canada’s Modern Slavery Act: The Modern Slavery Act goes into effect in 2024 and requires annual due diligence reporting on covered companies’ efforts to identify, prevent, and address forced labor in their supply chains. The law applies to most multinational corporations that operate in Canada, as well as any “Canadian-linked” entities, such as companies on the Canadian stock exchange, and companies that conduct business or have assets in Canada.
E.U. Forced Labor Ban: In September 2022, the European Commission proposed a ban on products made using forced labor in the European Union. It covers all products made available in the E.U. market, including products made in the E.U. for domestic consumption as well as for export, and imported goods. The ban would apply to any type of product across all industries.
Generally, there are lots of sanctions and concerns in both the U.S. and E.U. on sourcing materials, goods, and services from certain nations of concern, including Russia, China, and North Korea.
But where goods come from is not the only issue. Who owns your suppliers is also relevant. For instance, you may be working with a supplier from Australia. However, if that supplier is owned by another foreign entity, that can be a risk-to the U.S. and your parent operations.
Inflation Reduction Act (US)
The Inflation Reduction Act has broad impacts on U.S. industries and markets. One of the key areas of focus is electric transportation and renewable energy. The legislation includes consumer tax credits for electric vehicles to drive EV adoption, as well as sourcing restrictions on EVs to push companies to increase U.S. manufacturing and weaken the U.S. reliance on China and other regions of concern in the auto industry supply chain. For example, by 2029, 100% of the value of the components of the EV battery must be manufactured or assembled in North America.
Enhanced Scrutiny on Foreign Ownership & Investments within the Government
Foreign ownership and investments are a key risk factor for government security. For instance, where materials and products come from-and who the ultimate foreign owner is-is particularly relevant for suppliers to aerospace & defense firms, who are government contractors and thus have strict due diligence requirements. In other words, you don’t want your adversaries in your supply chain.
That’s why the government is making efforts to increase its supply chain monitoring and conduct more robust risk assessments of its vendors. Contractors with sanctioned foreign-owned suppliers (i.e., nations of concern), will be found non-compliant and at risk of losing their contract.
Cybersecurity has become an increasingly high priority for supply chain risk managers and governments. With rising threats of ransomware and other cyber attacks targeting supply chains, governments have issued new regulations and directives to try to shore up supply chain cybersecurity and resilience.
For example, the Cyber Incident Reporting Act, which went into effect in March 2022, requires organizations in critical infrastructure sectors like energy, industrial defense, and critical manufacturing to report certain cyber events to CISA. Organizations must report incidents within 72 hours and ransom payments within 24 hours.
Regulations and initiatives like these come in response to incidents like the ransomware attack on defense firm Elbit Systems of America in September 2022. The data breach impacted 369 people, potentially exposing sensitive personal information, including addresses, social security numbers, and banking info.
Cyber attacks can have grave consequences for businesses, individuals, and governments-especially in sectors with government contracts. If attackers are able to breach the government supply chain, that poses a significant risk to national security if sensitive information is stolen or shared or operations are interrupted.
Safety & Product Compliance
PFAS Chemicals: PFAS (perfluoroalkyl and poly-fluoroalkyl substances), aka forever chemicals, persist in the environment for hundreds of years, contaminating our soil, water, and even our bodies. Concern for their long-term impact on humans and the environment, regulators are increasingly focused on reducing the production and proliferation of PFAS in everyday manufacturing. Various legislation across the U.S., Canada, and the E.U. have been implemented to institute reporting requirements, consumer warning labels, manufacturing bans, and procurement policies to limit PFAS in the supply chain.
E.U. Batteries Directive: The E.U. Council adopted a new directive in July 2023 regulating the entire life cycle of batteries from production to recycling. The goal is to ensure batteries are safe and sustainable and that the manufacturing industry remains competitive as the E.U. works to transition to a greener future.
The directive applies to all manufacturers, producers, importers, and distributors of all battery types in the E.U. market. It also implements a due diligence requirement to address the ESG risks inherent in sourcing and processing the raw materials to produce batteries. In particular, companies must clearly communicate to suppliers and the public their due diligence policies for sourcing cobalt, lithium, natural graphite, and nickel, in accordance with international standards like the OECD Due Diligence Guidelines.
How to Ensure Compliance Across All Risk Domains
As global supply chains grow in complexity-and regulations increase-manufacturers must be more diligent than ever in monitoring and addressing risks within their supply chains. Work with your suppliers to strengthen cybersecurity health and ensure ESG compliance through education, training, policy, and robust contracts. And stay on top of monitoring and risk management with a centralized supplier risk management platform.
Craft’s supplier risk management platform tracks all your suppliers in one place with comprehensive monitoring, n-tier mapping, risk assessment, and more:
- N-tier mapping: Map your whole supply chain, including downstream suppliers, to get a full picture of your supplier network down to raw materials.
- Foreign ownership: Determine if suppliers are affiliated with countries of concern, whether that is via their investments or ownership.
- Real-time, customized alerts: Make sure you receive alerts right away when, for example, a cybersecurity or ESG score decreases significantly or when a supplier is in the news that could impact your firm.
- Case management and documentation: Current regulations largely center around documenting potential risks/violations in your supply chain. Use a supplier risk management platform to document potential flags and outline a plan of action with internal and external stakeholders.
- Data on various risk domains: Don’t use separate platforms for different risk domains-use one, centralized platform that can track regulatory compliance across a wide range of issues, from cybersecurity to ESG risks.
Transform risk into resilience with Craft’s comprehensive supplier risk management platform.