Weaponized Supply Chains: Geopolitical Market Risks in an Era of Economic Warfare

Author: Andrea Little Limbago, PhD, SVP, Applied AI 

Over a decade ago, mutual assured economic destruction (MAED) defined the unprecedented interdependence between US and China economies. Based on the growth pace of China’s economy, there was concern that within a decade or two, the power dynamics would shift, and China would no longer be as dependent on the rest of the world as the world is on China.  

That scenario may be coming to fruition. The US-China trade war is escalating with a series of tit-for-tat export controls, tariffs, and commercial agreement realignments threatening an accelerated bifurcation of global supply chains.  

DeepSeek’s announcement last month, and the subsequent plummeting of US semiconductor stocks, is largely viewed as an inflection point in geopolitical technology competition.  

Geopolitical market risks are taking center stage, redefining supply chains, and entering the board room.  

Organizations that fail to integrate and monitor these market signals risk extreme shocks as economic warfare reshapes the global economy, corporate technology stacks, and the regulatory landscape. 

Global Buyer-Supplier Dependencies 

Since joining the World Trade Organization in 2001, China’s exports have increased five-fold and its economy is now eleven times larger. China surpassed Germany in 2009 as the world’s largest exporter and now contributes almost 15% of global exports, followed by the United States with 8.3%. China’s top export destinations are the United States at almost 15% share, followed by Hong Kong, Japan, Germany, and South Korea.     

In contrast, the US leads all global importers, with a 13.5% share of global imports, followed by China at 8.8%. Top US import destinations are China, Mexico, Canada, Japan, and Germany.  

US goods imports continue to rise, totaling $3.2 trillion in 2022, almost a 15% increase from 202, with China accounting for 16.5% of total goods imports.  

In short, China has the upper hand in supply side trade, while the US’ strength lies in its purchasing power. 

Those statistics demonstrate extreme interdependency among the economies but mask the underlying retaliatory dynamics.  

Since in 2016, over four thousand Chinese companies have been added to various US commercial and financial restrictions. China’s Unreliable Entity List continues to expand, with two new US entities added on February 4th, and unparalleled detentions of corporate executives in recent years, and anti-trust lawsuits against US tech companies. 

Moreover, last week’s US tariffs on China were quickly followed by their own tariffs as well as an expansion of control exports on critical minerals used for weapons development, including tungsten and molybdenum.  

Critical raw materials affected by the latest tariff-war between the US and China.

Referred to as China’s ‘assassin’s mace’ of economic warfare, it is a continuation of China’s demonstration of power and control over the raw materials the power global technology and weapons systems. The interdependent system decades in the making is undergoing tectonic shifts and wreaking havoc on supply chains ranging from steel and aluminum to AI. 

The Growing Convergence of Economic Warfare and AI 

At this week’s Paris AI Summit, geopolitics – and not AI technologies – seemed to take center stage.  

Governments are doubling down on sovereignty-first AI strategy and national champions following DeepSeek’s announcement. French President Emmanuel Macron contended, “The future of AI is a political stake, of sovereignty and strategic dependence.” US Vice President JD Vance agrees, noting, “We will safeguard American AI and chip technologies from theft and misuse, work with our allies and partners to strengthen and extend these protections and close pathways to adversaries attaining AI capabilities that threaten all of our people.” 

Anthropic CEO Dario Amodei called the Paris AI Summit a “missed opportunity”. While stressing AI’s benefit to humanity, it missed the urgent need for democratic societies to lead in the innovation, fully address the security risks, and account for the disruptions.  

For instance, DeepSeek quickly jumped to the number one app download, but within days revelations emerged of its publicly accessible database that exposed private data. Additional concerns over its training data as well as censorship over politically sensitive topics in China further demonstrate the AI divide between authoritarian and democratic governments. 

The US and China are asserting their supplier side and purchasing power, respectively, across all aspects of the AI supply chain. For instance, the US continues to tighten AI restrictions based on geopolitical affinity with the US.  

Despite questions surrounding the efficacy of US export controls targeting AI, they continue to cause disruption to supply chains. In response, the Taiwan Semiconductor Manufacturing Company (TSMC) has decided to halt shipping orders to China unless directly approved by the US, regardless of whether they are on a banned list or not.  

In contrast, China continues to ban or limit key high-tech materials to the US that are essential for semiconductors and weapons development. A move that caused shares of those producers to rally following the announcement.  

The Shift is On 

The potential risk of supply chain bifurcation and realignment is not decades away, but already underway.  

In 2023, Mexico surpassed China as the US’ largest importer for the first time in two decades. New supply chain agreements across allies in the Pacific, the Quad’s Supply Chain Resilience Initiative, and Minerals Security Partnership are just a few examples of global cooperative supply chain agreements focused on ally shoring and near-shoring.  

In contrast, for over a decade, China’s Belt and Road Initiative (BRI) has been a force for extending economic and political influence, and more recently has shifted to technology transfers and integration. However, the United State’s purchasing power is behind Panama’s recent decision to decline the renewal of an infrastructure agreement with China, striking a blow to China’s hallmark initiative.  

As this economic warfare continues to escalate – with each side exerting their market powers – companies of all sizes that ignore these market pressures may become collateral damage.  

For instance, small and medium businesses may face the largest adverse consequences of the retaliatory tariffs, while tech giants are now thrust into geopolitics over both competition and security concerns.  

If the first month of the year is any indication, geopolitical market risks are going to be the redefining feature of global supply chains in 2025 and must be elevated in corporate risk strategies and in the board room. 

For more on the geopolitical risk landscape in 2025, download our 2025 Predictions Report:  

Retaliation and Economic Uncertainty: The High Stakes of Trump’s Tariff Policies

Author: Andrea Little Limbago, PhD, SVP, Applied AI  

Not with a Whimper, but with a Bang 

The rules-based system and international collaboration that has guided the global economy for decades – and quite possibly produced the greatest reduction in worldwide poverty in history – may have come to an end.  

With the strike of a pen, the United States is implementing 25% tariffs on allies Mexico and Canada (10% on Canadian energy), coupled with a 10% tariff increase on China.  

The delay and uncertainty around the timing and implementation of the tariffs adds an additional level of disruption, that if comes to fruition, would likely mark the end of a global economic system that already was feeling the weight of trade wars, geopolitics, and import controls.  

However, this is not simply continuity of the shifts underway since the beginning of the U.S.-China trade war almost a decade ago. The tariffs are an escalation of trade barriers aimed at the U.S.’ top three trade partners, but also two of its closest allies. In fact, President Trump has identified other U.S. allies – the European Union and United Kingdom – as potential upcoming targets of tariffs as well. This is a dramatic shift from the ongoing re-globalization of the global economy and supply chains along geopolitical fault lines and is a much more aggressive adoption of the economic nationalism and the mercantile policies that undermined globalization almost a century ago. 

Supply Chain Disruptions, Again 

Geopolitics has driven the global restructuring of supply chains, leading to the expansive and unprecedented implementation of industrial policy. However, ally or friend-shoring remained at the heart of this restructuring, with both the U.S. and China building out their economic spheres of influence along with like-minded countries.  

These tariffs – if fully implemented – would be a huge blow to post-World War II alliance structures. 

Moreover, the tariffs come at a time when China is shaking up the AI and technology landscape and is strengthening collaboration with many of the U.S. geopolitical adversaries.  

Given the hyperspecialized, complex, and geographically dispersed nature of supply chains, one country alone cannot simply provide all parts and components for emerging technologies, let alone less strategic industries.  

At a time of heightened strategic competition and technological shifts, the tariffs would introduce yet another major disruption to supply chain risk.  As the next section details, given the size of the trade flows, very few companies will be immune from the impact of these tariffs. 

Products and Industries at the Greatest Risk 

The 25% tariff impacts goods flowing into the U.S., serving as a tax on the price of these goods domestically. Based on trade data from Canada and Mexico combined since January 2024, and leveraging interos.ai’s product and industry categorization that are based on self-attestations of a company’s industry and products, the following tables highlight the key products and industries at risk across the 10.5 million number of import shipments into the US.  

The major industries impacted range from software and IT to retail and banking and financial services, while products generally include underlying components such as plastic, rubber and iron and steel, indicative of the economy-wide impact of the tariffs. 

Both Mexico and Canada have vowed retaliation, and highlight similar dependencies across industries and products, demonstrating the hyperspecializing and interdependency of the three economies. 

In contrast, the major industries and products impacted by the additional 10% tariffs on Chinese imports highlight a consumer-facing impact as well, with consumer goods and retail among the top industries impacted, although industrial equipment and construction clearly demonstrate the diverse range of industries that will be affected. 

 

The top 10 products imported by US companies from Canada and Mexico make up over 40% of all 10.5 million shipments in total.

Preparing Supply Chains in a Volatile Setting 

As of this writing, the tariffs on Mexican and Canadian imports are delayed one month, in return for additional troops along the border. There is no word yet on a similar delay to those imposed on China. The shifting nature adds to global uncertainty, which only fuels greater risk and market fluctuations.  

The only certainty here is on-going change and disruption, as these tariffs upend decades of rules-based order that has driven globalization and supply chains. 

Across the globe, markets fell in response to the weekend’s tariffs news and impending trade war expansion.  

For supply chains, decisions made now often take years, not minutes, to implement. 

Whether or not to shift operations, for example, has a long-term impact and therefore this growing uncertainty is forcing many to reassess their global footprint amid such potential shifts.  

Overhauling supply chains, yet again in some cases, is expensive and time intensive. The unpredictability presented by the tariffs only adds to supply chain risks, especially in geographies until very recently deemed stable and less risky.  

From higher prices to operational disruptions to economic shocks, interos.ai is closely monitoring the situation and how it is impacting supply chains and the global economy. 

For more on our take on how geopolitics, tariffs, trade, cyber and poised to wreak havoc on supply chains in 2025, read our latest report.  

Get your copy of the 2025 Supply Chain Predictions Report Today:  

5 Supply Chain Predictions You Need to Know in 2025

2024 was a transformative year – reshaping how we view supply chain risk. Supply chains make the world go round – and can also bring it to a screeching halt.  

Specifically, we saw the nonreversible merging of the physical and digital supply chain.  

Supply chains are not simply the shipping of goods but the underpinning of sharing information. No one will forget how the Crowdstrike outage grounded flights, locked banking transactions and impeded business operations – showing it’s not just a physical supply chain that we need to be concerned with, or how the Hezbollah device attacks showed a sophisticated weaponization of the physical supply chain, signaling a new era of modern warfare.  

interos.ai’s inaugural Predictions Report walks through key highlights from 2024 as well as  markers to be on the lookout for as we move into 2025. 

Geopolitical 

2024 was the year of democracy – there were over 80 elections globally, and half of the world’s population voted bringing global election security to the forefront of cybersecurity and disinformation professionals, worldwide.  

US Sanctions ramped up with more entities being added by the U.S. Department of Homeland Security ‘s Uyghur Forced Labor Prevention Act (UFLPA) entity list, bringing the total to over 100 organizations and more than $3.4 billion worth of goods being reviewed in two years. Separately, though just as significant, the Office of Foreign Assets Control (OFAC) sanctioned the last of the top three Russian financial institutions as part of the U.S. efforts to aid Ukraine in the Russia-Ukraine war.  

Trade, Ports and Labor Strikes 

Labor strikes loomed in Canada, India and the US, with talks resuming for the International Longshoreman’s Association (ILA) in 2025. 40% of goods traded to the U.S. on any given day go through ILA controlled ports with trade increasing 25x since the last full ILA strike in 1977. The economic fallout of a full labor strike could be catastrophic.  

The Baltimore bridge collapse added significant cost and congestion to the automobile, energy and manufacturing sectors as imports were diverted to other ports. Baltimore is the top port in the nation for automobile shipments and a crucial hub for coal exports. 

The ripple effects of damage to just one U.S. port shows the fragility of supply chains and underscores the need for proactive risk management.  

Climate-Induced Supply Chain Disruptions 

Historic storms Hurricane Helene and Milton bore down on the U.S. in 2024 impacting core manufacturing, aerospace, agriculture and medical industries with extended supply chains comprised of over 2 million businesses.  

Supply chains have seen the competitive rise of ESG and sustainability. Global legislation is requiring organizations to focus on ethical and environmental practices or face steep fines and reputational damage. The impending EU’s Deforestation Regulation has upped the ante for businesses to have visibility and eliminate ties to risky products in their supply chains. Globally governments continue to mandate ESG and climate reporting, such as Australia’s recent legislation for climate-related financial disclosures.  

As we look ahead to 2025, two things are certain:  

  • Supply chains are the vast and sprawling connective tissue powering our economy 
  • Eliminating risks in supply chains is more than ad hoc risk management, it is a requirement for healthy business. 

Get your copy of the 2025 Supply Chain Predictions Report Today:  

Salt Typhoon Telecom Hack Rattles Critical Infrastructure

Salt Typhoon: What Happened and Why Does it Matter?  

Salt Typhoon was the “Worst telecom hack in our nation’s history,” Senator Mark Warner, Chair of the US Senate Intelligence Committee.  

Salt Typhoon, a Chinese affiliated hacker group, compromised at least 8 U.S. telecom providers – stealing a large amount of data, including records of government officials and political figures.

The attack was unprecedented in scope and began in 2022. 

The extent of the breach is still unknown, with Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) saying it would be impossible to predict when the hackers would be fully removed from the systems.

Watch our take on the events below:  

 

Downstream Supply Chain Impact 

Jessica Rosenworcel, Chairwoman of the Federal Communications Commission announced the need for “a modern framework to help companies secure their networks and better prevent and respond to cyberattacks in the future.” 

In our interconnected world, this extends to vulnerabilities in your supply chain.  

Using interos.ai’s data, we see the Salt Typhoon attack impact could ripple out to 3.3 million distinct companies in the extended supply chain of 4 of the largest telecom companies in the US.

We estimate that the affected telecom companies represent a significant portion of the U.S. economy, serving over 350 million wireless customers collectively and generating more than $334 billion in annual revenue.  

If even a fraction of these systems remains compromised, the downstream impact on businesses reliant on secure communications could reach into the tens of billions in economic losses. 

Ted Krantz, interos.ai’s CEO Discusses New Era of Cybersecurity  

“Beyond the immediate blast radius, we must consider the future ramifications. Cyberattacks like this can fuel cascading effects we aren’t yet prepared for—whether that’s enabling more sophisticated surveillance of private citizens or jeopardizing critical infrastructure. Each stolen record costs the economy an average of $169, according to industry data. Multiplied by the potential number of affected individuals, the total economic cost could exceed $15 billion in direct and indirect damages within the next year alone.”

– Ted Krantz, CEO, interos.ai discusses.  

“The FCC’s proposed clarifications and certification requirements are steps in the right direction, but we must also prioritize collaboration between the private sector, regulators, and intelligence agencies to build a modern cybersecurity framework.” 

“This includes leveraging advanced technologies like AI to improve threat detection and response, increasing transparency across supply chains, and fostering global partnerships to address cross-border cyber threats.” 

“The Salt Typhoon attack may be unprecedented in scope, but it is not surprising. We’re in a new era of attacks targeting critical infrastructure.”  

“This is a battle we’ve been preparing for, and one we must pre-empt with innovation and data-fueled risk intelligence.” 

Defend Against Digital Threats

Before disaster hits, Interos’s critical risk intelligence platform helps companies mitigate the financial impacts of multi-tier risks like cyber attacks by continuously mapping and monitoring extended supply chains at speed and scale.  

Learn how you defend against digital threats.

 

It’s That Time of Year Again: US Government Releases New Restrictions List

Authors: Andrea Little Limbago, PhD, SVP, Applied AI and Mackenzie Clark, Senior Computational Social Scientist 

Annual Tradition: End of Year Sanctions and Restrictions

Last week’s release of UFLPA and OFAC restrictions follows a recent trend where widespread export controls are released en masse prior to the new year.  

For instance, in December 2023, the Departments of Treasury and State issued sweeping sanctions targeting Russia’s energy production and export capacity. This was followed a few weeks later by an Executive Order (E.O. 14114) that issued another round of sanctions against financial institutions supporting Russia’s military-industrial base. It was also preceded by two different rounds of Russia-related sanctions on December 1 and November 16. 

Similarly, in December 2022, Treasury issued several sanctions targeting Russia’s financial sector, very much in alignment with those issued last Thursday. This continued the trend from December 2021, when Treasury issued distinct sanctions targeting Belarus and entities associated with human rights abuses.  

The UFLPA also made some end of year additions in 2023, although those were much fewer than the 29 companies added last week, which increased the overall entity list to over 100 Chinese companies connected to forced labor.  

We recently covered two of the latest additions and the potential impact it could reap on global steel and aspartame (a sugar substitute) supply chains (spoiler: tens of millions of companies could be impacted).  

If the past week is any indication of what is to come, organizations should expect more restrictions to follow the path of the recent updates focused on Russian financial institutions and human rights abuses.  

 

The following analysis will answer:  

  • How far do the OFAC and UFLPA-sanctioned companies reach globally?  
  • Which industries are most at risk for potential future sanctions?  
  • How do you react to these and prepare for future sanctions?  

The Latest Round of OFAC Restrictions on Banks and Financial Services in Russia: Who is Impacted?

The latest sanctions announcements from the United States Department of the Treasury and Department of Homeland Security target a wide array of companies in Russia and China. The extended impact of these restrictions, however, have the potential to cascade to companies across the globe. 

On November 21, the addition of Gazprombank — and almost 100 other international subsidiaries and affiliates — to OFAC’s Specially Designated Nationals (SDN) List marked the designation of “Russia’s largest remaining non-designated bank.”  

With Russia’s largest financial institutions sanctioned by not only the United States, but other major countries such as Canada and the United Kingdom, it is important to understand where the risk of exposure to these sanctioned banks may still exist. 

Using Interos data, we analyzed the extended supply chains of Gazprombank, VTB Bank, and Sberbank and identified over 7,500 companies across three tiers of supplier relationships that are either directly or indirectly supplied by one of the banks.  

These numbers are relatively low compared to other supply chain propagation, likely due to decreasing integration of Russian banks with the Western economies since the invasion of Ukraine.  

Nevertheless, the scale is by no means trivial and indicates the stickiness of these relationships. 

Of the potentially exposed companies with supplier-buyer relationships linked to the new sanctioned entities, almost 60% of them are located either in the United States or the United Kingdom.  

When leveraging Interos’ Industry Categories designations, we identified the top three sectors represented across the sanctioned companies as Software and IT Services, Banking and Financial Services, and Business Management Services.  

29 Million Companies Could Face Fines from UFLPA Entity List Additions: Agricultural Products, Metals, and Polysilicon in China

Just one day after the new restrictions targeting the Russian banking industry, 29 new companies were added to the Uyghur Forced Labor Prevention Act (UFLPA) Entity List, bringing the total number of companies on the list to over 100.  

This action primarily targeted companies that produce agricultural goods, specifically tomato paste and tomato products, walnuts, red dates and raisins. Other newly restricted companies include exporters of materials and products derived from aluminum, nonferrous metals, and polysilicon. 

Interos conducted an analysis on the extended supply chain of these companies and identified over 29 million companies across three tiers of supplier relationships that are either directly or indirectly supplied by one of the newly restricted UFLPA entities.  

These companies could be subject to UFLPA fines.  

Again, most of the companies that could be impacted — over 34% of them — are located in the United States, followed by the United Kingdom (9%), India (8%), Germany (4%), and Italy (3%) – and thus could be subject to UFLPA fines. 

Leveraging Interos’s Industry Categories reveal the top three sectors among this group of exposed companies include Business Management Services, Software and IT Services, and Consumer Goods.  

These two scenarios, while distinct, highlight the importance of continuously monitoring suppliers of both services and physical goods to avoid potential fines, seizure of imports and reputational damage.  

Which Industries are Most at Risk Looking Ahead?

Given the ongoing implementation of export controls and industrial policy, organizations should plan for future additions to these and dozens of other restrictions lists. Fortunately, there are a few insights to help look ahead and begin de-risking from future regulatory risks. 

For instance, in September, the Department of Commerce’s Bureau of Industry and Security (BIS) introduced worldwide export controls on critical technologies.  

These include: additive manufacturing items, advanced semiconductor manufacturing equipment, quantum computing items, and gate all-around field-effect transistor (GAAFET) technology.  

A presumption of denial affects countries deemed a national security concern, including Armenia, Belarus, Cuba, Iraq, North Korea and Russia.  

Companies in these industries, as well as other critical and emerging technology industries, and from those countries are at immediate regulatory risk.

Similarly, BIS also has a high priority list focused on Russian products believed to fuel Russia’s military-industrial complex.  

Companies associated with these products, as well as those across a wide range of critical technologies, are much more likely to appear on a restrictions list in the future than those in other product or industry categories. 

Monitoring Risk Exposure with Risk Intelligence Data

Geography is another means for assessing future restrictions risk.  

In addition to companies in those countries, the BIS Country Groups D and E, companies located in – or have a supply chain connection to – the XUAR are also at significantly greater risk of future restrictions inclusion.  

Using Interos data, we identified over 231,000 other companies located in XUAR that may pose future compliance risks in global supply chains.  

When analyzing three tiers of supplier relationships for these companies, Interos data shows the following industries at the highest risk for potential disruptions if restrictions on XUAR companies continue to expand.  

These are the industries with the greatest frequency across companies in XUAR:  

  1. Business Management Services  
  2. Software and IT Services 
  3. Consumer Goods 
  4. Architectural, Engineering, and Design Services 
  5. Building and Civil Engineering Construction  

In short, last week’s additions to the OFAC and UFLPA restrictions lists are consistent with regulatory updates from the past few years.  

Moreover, by leveraging industry, product, and geographic risk management information, organizations can be more proactive in preparing for export controls against companies that meet those criteria listed above.  

Product and industry categories not only provide value for proactively addressing restrictions risk, but also have several other benefits, such as benchmarking and product tracing throughout supply chains.  

Keep an eye out for a forthcoming blog that will detail these new features and how they impact the full lifecycle of supply chain intelligence. 

Have questions today?

New Additions to UFLPA Entity List Show Forced Labor in Supply Chains of 79,000 Companies

Authors: Andrea Little Limgbago, PhD and Mackenzie Clark 

Steel and Aspartame Companies Join UFLPA Entity List 

Last week, the U.S. Department of Homeland Security announced two new additions to the Uyghur Forced Labor Prevention Act (UFLPA) Entity List. Although the law has been in effect for several years, it marks the first inclusion of a steel or aspartame company on the UFLPA Entity List.  

This reflects the expansion of the UFLPA since its inception, as well as the growing concern and risks associated with forced labor in the supply chain.  

Interos has been closely monitoring the UFLPA since it came into effect, along with dozens of other critical sanctions and prohibitions lists and helps illuminate connections to these companies deep within complex supply chains. 

Cracking Down on Forced Labor in Supply Chains 

The UFLPA aims to eliminate forced labor from supply chains through the prohibition on the importation of goods made in part or entirely from forced labor. The law specifically focuses on the Xinjiang Uyghur Autonomous Region of China, but it also applies to all forced labor in all of China. A review of these companies highlights how important it is to maintain visibility across the entire supply chain ecosystem, as small relationships grow exponentially as you move to the outer tiers of a supply chain.  

Two Companies Identified Puts 79,000 Companies at Risk

The two new additions to the UFLPA Entity List are Baowu Group Xinjiang Bayi Iron and Steel Co. Ltd and Changzhou Guanghui Food Ingredients Co. Ltd.  

According to Interos data, these two companies directly supply over one hundred companies (Tier 1), who in turn supply almost 2,500 companies (Tier 2). Those companies, in turn, supply approximately 79,000 companies, and represent almost 280,000 distinct buyer-supplier relationships (Tier 3). 

Importantly, the UFLPA not only consists of an Entity List, but also prioritizes seven industries for enforcement:  

  1. Apparel 
  2. Cotton and cotton products 
  3. Silica-based products 
  4. Tomatoes and downstream products 
  5. Polyvinyl chloride (PVC) 
  6. Aluminum 
  7. Seafood 

The last three industries were added earlier this summer and represent the first new addition of key sectors since 2022.  

With last week’s inclusion of steel and aspartame companies on the UFLPA Entity List, we should prepare for the potential expansion of those key industries in the near future.  

What Would that Impact Look Like on the Chinese Steel and Aspartame Industries?  

Interos data highlights the widespread impact of the Chinese steel industry. There are over 66,000 companies in China that sell steel or steel products. Globally, over 655,000 unique companies buy from those companies (Tier 1), a number that grows to over 2.6 million companies when looking at the buyers from those companies (Tier 2).  

These numbers pale in comparison to the number of buyer-supplier relationships stemming from those 66,000 companies in China that sell steel or steel products. There are 4.4 million relationships stemming from those companies (Tier 1), which balloons out to over 23 million relationships one hop out (Tier 2), and almost 64 million relationships to the next level of the supply chain (Tier 3). Across these tiers, over a third of the companies are located in the United States, followed by India, the United Kingdom, Germany, and France. 

A similar ripple effect appears when looking at producers of aspartame and aspartame-containing products. There are almost 3,000 companies in China that produce aspartame and aspartame-containing products. The impact balloons to over 200,000 companies that buy from those companies (Tier 1), and over two million companies that buy from those 200,000 companies (Tier 2). 

We again see the number of unique buyer-supplier relationships exponentially increase across the companies that sell aspartame and aspartame-containing products. Globally, there are over 500,000 buyer-supplier relationships linked to those companies in China (Tier 1). Those, in turn, are connected to almost 12 million distinct relationships (Tier 2), which explodes to over 60 million relationships at the next tier (Tier 3).  

Again, over a third of the companies are in the United States, highlighting a potential significant risk if the UFLPA expands to include either of these industries as a key sector for investigation. 

Not Just the US: Global Supply Chain Examination is a New Reality 

The United States is not alone in sanctioning human rights violators within supply chains. The European Union, United Kingdom, and Canada, along with the United States, all initially coordinated sanctions in 2021. As Homeland Security Secretary Alejandro Mayorkas explained, “The UFLPA is catalyzing American businesses to fully examine and assess their supply chains….” The same is true elsewhere, as earlier this year the European Parliament adopted a new law aimed at eliminating all forced labor, not just from China, in the supply chain. 

In return, China is taking steps toward enforcing its own law introduced four years ago that creates an ‘Unreliable Entity List’ for companies evading the Xinjiang Uyghur Autonomous Region and exhibiting discriminatory measures against products made there. This puts companies in a dilemma of conflicting regulatory practices between China and the United States, European Union, and other Western democracies. 

Major Regulatory and Financial Risks at Stake 

Aside from the regulatory and reputational implications, there also are growing financial risks. Almost $3.6 billion worth of goods have been seized under UFLPA enforcement, highlighting the financial as well as reputational and humanitarian risks at stake.  

At Interos, we continue to monitor the regulatory landscape, as well as those industries and companies associated with key sectors or products at risk. Flagging the UFLPA alone is not enough to minimize human rights violations within the supply chain. 

Identification is Not Enough: Compliance Requires a Regional View and Cross-Examination of Human-Rights Violation Lists 

 In addition to the UFLPA, Interos also denotes any company located within the Xinjiang Uyghur Autonomous Region, since the UFLPA specifies the additional scrutiny applied to any goods stemming from that region, whether they are on the Entity List or not.  

Moreover, Interos also specifically flags whether a company is on a human rights-related violations list because other restrictions, such as the Global Magnistky Act, address human rights violations and must be integrated into a broader strategy of eliminating human rights violations from the supply chain and addressing the associated regulatory and reputational risks. 

Take Action:  Root Out Forced Labor from Your Extended Supply Chain 

Interos’ continuous monitoring alerts quickly identify the potential impact of additions to new restricted entities lists across their extended supply chain. This visibility empowers companies to get ahead of potential violations both upstream and downstream in their supply chain. 

To identify if you are at risk of using a restricted entity, speak to an expert today.  

 

Midnight Deadline Approaches for ILA Labor Negotiations

The International Longshoremen’s Association (ILA) negotiations loom large as the countdown to midnight marches on. In 2023, the US imported $3.83 Trillion of products. This is more than 25x the size of imports ($151 billion) in 1977 – the last time we saw a full ILA strike commenced.   

Interos data showed direct impacts at top ports could be far-reaching with over 200,000 domestic companies at risk from direct missed imports.  

However, additional analysis from Interos indicates the scale dramatically increases when you look at the extended supply chain outside of top ports. 

ILA Strike: Devastating Consequences Beyond Direct Radius of Impact  

Additional analysis highlights the staggering impact of a strike across extended supply chains. Over 2.2 million companies are supplied by at least one of the companies that import commodities directly from any port facility heading for a strike.  

When extending our analysis to encompass the potential ripple effects of the strike, Interos data reveals over 3.7 million companies that, in turn, have trade relationships with those companies, and an additional 4 million companies one more tier out.

When looking at these three tiers in addition to the direct importers, over 11 million companies will be impacted, representing over 152 million unique relationships, and all their suppliers across the globe. 

In fact, globally, the countries with the most companies impacted by a strike will be the United States, India, United Kingdom, Germany, and Italy.  

Real-Time Monitoring of Extended Supply Chain Impacts 

These insights have been added in real time, and Interos will continue to closely watch these and all supply chain events as they unfold. 

Interos has created the world’s largest supply chain database, dynamically powered by AI, with over 11 billion relationships of more than 400 million businesses – to help companies manage supply chain risk in real time.  

To keep on top of potential supply chain disruptions, especially those from your indirect, extended supply chain relationships, speak to an expert today.  

Impending ILA Strike Threatens Economic Normalization

Author: Corey Ray, Senior Manager, Operational Resilience 

 

This summer, Interos alerted customers to the threat of labor strikes by various global unions that posed risk to the international movement of goods. These risks included actions by Canada’s freight rail workers, Canadian border services officers, and Indian port workers. Although more minor in scale, as of publication grain terminal workers at the Port of Vancouver are currently striking in an action that hinders agricultural exports while Boeing workers at U.S. West Coast factories remain on strike. 

We are now less than two days away from a far more significant disruption to the flow of global trade as reports suggest negotiations to prevent a strike on October 1st by the International Longshoremen’s Association (ILA) at East and Gulf Coast ports are unlikely to break the impasse.

Adding to the poor outlook for averting a shutdown of ports, Biden administration officials have yet to employ powers under the 1947 Taft-Harley Act to force workers to remain on the job during arbitration despite growing calls to exercise executive authority.  

The disruption would be far-reaching in scope as the ILA represents workers at major ports including the Ports of New York, New Jersey, Savannah, Houston, Charleston and Miami that combined account for 40% of goods shipped to and from the U.S.  

ILA Strike: A Magnitude Unknown 

There is little precedent for an ILA action of this magnitude. The last full strike by the union was in 1977, before the era of globalization when the U.S. imported only $151 billion in goods annually. That figure pales in comparison to the $345.4 billion imported in July of this year alone. Despite an 11-day port lockout in 2002 and ILA strike threats more recently, the impact of a shutdown of East and Gulf coast ports does not have a complete historical analogue that can guide businesses, especially if the strike persists for weeks.   

Global Implications of the ILA Strike 

According to Interos data, there are over 67 million trade records at the top ports alone, impacting more than 200,000 domestic companies that would be at risk of disruption from missed imports. These, in turn, are sourcing from approximately 74,000 foreign suppliers providing more than 5,684 different product types. The scope of impact is broad and would leave very few sectors of the economy untouched. 

Interos data further identifies more than 1,300 industries at risk of disruption due to sourcing goods through potentially impacted ports. The top 10 industries are highlighted below.  

The manufacturing sector would be disproportionately affected and at risk of cost pressures, just as prices for domestic producers have finally cooled from inflationary pressures.  


Consumer Retail Goods to Be at Risk Ahead of Holiday Shopping Surge

Leveraging proprietary Interos product category data, the table below highlights the top 10 most common product categories received by US entities specifically through the impacted ports on the U.S. East and Gulf Coast in the last five years. This data is also specific to goods imported in the month of October to reflect potential seasonality in impacted goods during an October 2024 ILA Strike. October also often sees a surge of imports ahead of the holiday shopping season. 

Overall impact is concentrated on consumer retail, medical supplies, automotive, and unfinished manufacturing goods. 

Note “NOS” stands for Not Otherwise Specified and is used across product category taxonomies. 

Threat to Economic Normalization: 

Global trade, and the post-Covid economic recovery, are already under threat from both trade wars and kinetic wars on multiple continents.  Additional threats to global trade range from Houthi attacks on shipping in the Red Sea to drought-induced reductions on Panama Canal shipping traffic.  

Within that context, the potential strike comes at a time in which global trade is under strain and thus puts a brief period of economic normalization at risk as U.S. inflation cools 

Port shutdowns would represent a classic supply-side shock to the economy, raising costs as the Federal Reserve is actively shifting away from its anti-inflation fight.  

Businesses should expect price increases on impacted goods and extended lead times.  

Meanwhile, congestion and cost increases should be expected on alternate shipping methods such as air freight and West Coast ports.  

If the strike persists for days or weeks, upstream supply chains will come under strain including Chinese exports, which already face additional catastrophic risk from Typhoon Bebinca 

The impact of the ILA strikes will be far-reaching. It is vital businesses have a plan in place and the ability to monitor if any of their direct or indirect suppliers stand to be affected. Anticipation and speed are the key to averting a costly disruption.  

Get Ahead of Future Labor Strikes with Interos: 

Interos’ continuous monitoring alerts quickly identify the potential impact of disruptions across their extended supply chain. This visibility empowers companies to get ahead of potential disruptions both upstream and downstream in their supply chain.  

For example, Interos users were alerted to previous trade disruptions such as the recent Red Sea attacks as well as cascading global factory disruptions impacting everything from German chemical facilities to European automotive plants at Tesla, Suzuki and Volvo. 

For a more detailed analysis of the potential impact of recent labor strikes, such as those in Canada and India, download our report below, or speak to an expert today.  

EU Deforestation Regulation Approaching: Fines for Non-Compliance are Steep

Author: Julia Hazel, PhD, Lead Computational Climate Scientist and Nicolas de Zamaroczy, PhD, Lead Computational Social Scientist

Companies can no longer ignore the urgency to reduce their deforestation impact- especially if they want to continue doing business in the European Union.   

Update on Nov 14, 2024:

As of November 14, 2024 the European voted to postpone the EU Deforestation Regulation (EUDR) compliance deadline by 12 months to December 30, 2025. Companies must certify that their supply chains are free of companies linked to deforestation or risk significant fines. Similar to the EU’s General Data Protection Regulation (GDPR), this law is not limited to EU companies, but rather to any companies doing business within the EU. 

The postponement gives companies a chance to get in front of the upcoming regulations. The extension does not remove the need to act swiftly but rather allows companies runway to get it right in the face of rising global legislation such as Australia’s Mandatory Climate-Related Financial Disclosures.

Unfortunately, despite numerous global treaties and corporate attestation supporting deforestation-free supply chains over the past decade, deforestation rates have not fallen.  

Too often corporate disclosures are aspirational and lack the visibility required to identify potential supply chain linkages to deforested locations and commodities.  

The EUDR is arguably the first major global initiative requiring corporate accountability for any connections to deforestation. With other similar regulations proposed or under review, this new regulatory risk shows no signs of retreating and will require companies to quickly gain that visibility or risk significant financial and reputational damage. 

What is the EU Deforestation Regulation? 

The EUDR has three main goals:  

  1. to prevent deforestation 
  2. to cut greenhouse gas emissions, and  
  3. to prevent further agricultural expansion and biodiversity loss.   

The EUDR regulation stipulates that any operator or trader of seven large key commodities – palm oil, cocoa, cattle, coffee, timber, soy, and rubber – as well as their derived products, must provide evidence that these commodities and products did not originate from recently deforested regions or contribute to forest degradation.   

Additionally, operators and traders must certify that their products comply with all relevant laws of the source country, including labor, anti-discrimination, indigenous rights, and pollution regulations.   

Failure to comply could result in: 

  • fines of up to 4% of a company’s revenue in an EU member state 
  • criminal charges, and  
  • reputational damage 

Beyond Direct Commodities: Far-Reaching Impact Throughout the Supply Chain 

The goal of the EUDR is to limit demand for products grown in recently deforested areas, thereby reducing a primary incentive for forest loss.  Scientists agree that deforestation is a major cause of climate change, with tropical deforestation accounting for roughly 20% of annual Greenhouse Gas (GHG) emissions worldwide.   

One of the primary reasons forests are cleared is for agricultural expansion, and the seven key products targeted by the EUDR were chosen based on scientific evidence linking their production to logging activity and illegal deforestation.   

While stipulations involving sourcing these commodities directly impact the food and agriculture industries, their derived products involve a wide array of industries.  For example, most lumber and natural rubber by-products will be included in the legislation, affecting everything from office furniture to rubber gaskets and from cardboard to air bags.  Textiles, automobiles, finance, fuel and energy represent just a handful of the industries that would be impacted by deforestation regulations.   

Moving Beyond the Say-Do Gap 

The EUDR is a landmark regulation that requires action beyond corporate disclosures and zero-deforestation commitments.  Zero deforestation commitments are a crucial part of corporate governance around deforestation, and 60% of corporations with the largest exposure to deforestation have set at least one policy on deforestation.  However, while zero-deforestation commitments represent a good step towards addressing corporate deforestation risks, their success in mitigating large-scale deforestation has been minimal.   

These commitments often lack immediate or near-term deadlines, clear implementation plans, and traceability to indirect suppliers, to name a few drawbacks.  Global Canopy’s Forest 500’s most recent report, which lists and ranks the policies and performance of 350 companies and financial institutions with greatest exposure to deforestation risk, reveals that two-thirds of companies with commitments are not publishing evidence of their implementation. This underscores the fact that policies and commitments are only useful if they are implemented and achieve results.   

More Than Just a “Box-Ticking Exercise” 

The EUDR underscores the fact that addressing deforestation at the corporate level is complex and requires a data-driven, multi-faceted approach. As PWC reports, “EUDR Compliance is much more than a box-ticking exercise” and “regulatory scrutiny will be intense.”   

One crucial component surrounds supply chain transparency and traceability.  To properly perform due diligence, companies must have insight into their direct and indirect suppliers to track products back to their origin, which allows for the identification of potential risks.  

Products need to be mapped to their source plot of land using precise geospatial information, such as in the form of satellite and remote sensing data, to ensure deforestation did not occur in the recent past where at-risk commodities were sourced.  

The country of origin is also significant as certain countries are higher risk for producing goods sourced from deforested areas.   These diverse pieces of information are necessary and provide actionable insights for corporations to mitigate deforestation risks. 

Beyond the EUDR – US Deforestation Due Diligence on the Horizon 

Corporate supply-chain due diligence will become commonplace as regulations such as the EUDR become the norm.

For instance, similar legislation to the EUDR is being proposed in the US with the Fostering Overseas Rule of Law and Environmentally Sound Trade (FOREST) Act, which would prohibit the import of palm oil, soya, beef, cocoa and rubber products linked to illegal deforestation.  

With the December compliance deadline fast approaching, corporations must act swiftly to invest in solutions that give them insight into their supply chain to mitigate risks and remain compliant.  

Interos is ahead of the game in mapping deforestation risks throughout the entire supply chain.

Hezbollah Device Explosions: A Stuxnet Moment for Supply Chain

Author: Dr. Andrea Little Limbago 

An Inflection Point

Almost six years ago, Bloomberg published a report on Chinese government infiltration of 30 US companies through the technology supply chain. This report was highly controversial within the cybersecurity community and remains openly disputed regarding the validity of inserted ‘spy chips’. Since then, there has been less focus on infiltrated technology supply chains, as the pandemic and trade wars shifted attention away from espionage and toward more traditional industrial policy and risky businesses within the supply chain ecosystem. 

On September 17 and 18, 2024, infiltrated pagers and walkie talkies exploded across Lebanon, escalating the decades-long conflict between Israel and Hezbollah. While investigations remain ongoing, reports point to Israel infiltrating a complex supply chain of devices sold in Hungary, and authorized to sell on behalf of a Taiwanese company, Gold Apollo. While the company sold devices to the broader population, those sold to Hezbollah contained the explosive PETN. As more information becomes available, a picture will likely unfold of complexity and extremely targeted backdoor infiltration of a technology supply chain.  

This past week’s attacks in Lebanon are an inflection point, expanding technology supply chain risks toward supply chain sabotage, and shifting all rules of engagement in supply chain security and modern warfare. Whether or not ‘spy chips’ occurred in the past, given the shift in norms, a line has been crossed, rendering technology supply chain infiltration a growing supply chain security risk in a tenuous geopolitical environment. 

New Rules of Engagement in Modern Warfare 

The supply chain infiltration behind the attacks is on such a distinct scale and scope, it is reminiscent of the turning point from the Stuxnet cyber attacks, described as the world’s first digital weapon. In 2010, reports surfaced that several zero days exploits simultaneously sabotaged Iranian nuclear enrichment facilities. Most research identifies U.S. and Israeli intelligence as the creators of the exploits, which weren’t widely noticed until they spread beyond the Natanz facility.  

Viewed as the first digital weapon to cause physical damage, it shifted all cyber norms and rules of engagement and opened Pandora’s Box to the modern cyber threat landscape. From the 2012 Saudi Aramco attacks where wiper malware destroyed over 35,000 computers to Russia’s BlackEnergy cyber attacks on the Ukrainian energy grid in 2015 and 2016 to Saudi Aramco to Iran’s failed penetration of New York’s Rye dam, physical infrastructure by cyber attacks is no longer unexpected or unprecedented. In fact, earlier this year FBI director Christopher Wray detailed how China is burrowed deeply within US infrastructure.  

The Tipping Point for Security Risk 

In a similar manner, just as Stuxnet upended the norms of cyber behavior and physical destruction, the explosive devices used against Hezbollah will upend all norms behind supply chain infiltration and destructive effects. There already has been a growing national and economic security concern over risky businesses within the supply chain ecosystem. Since 2016, the US has added thousands of companies to a range of sanctions lists, many of which are deemed national security risks.  

Five years ago, the Pentagon blocked military from purchasing phones made by Huawei and ZTE due to national security risks. This has been a growing trend across the globe, as India blocked Chinese apps, China blocked Kaspersky and Semantic, Australia removed Chinese security cameras and so on. These have often been coined backdoor risks, as companies legally enter a supply chain ecosystem without any need for obfuscation. 

These have generally focused on software, not hardware, backdoors into systems. Last week, we may have witnessed the tipping point for hardware backdoor supply chain security risk based on the insertion of illegal or unknown physical parts. While distinct in its execution, there has been growing concern over the security of the hardware supply chain. 

The US CHIPS and Science, in part, targets this risk by incentivizing the manufacturing of semiconductors domestically. Nevertheless, the exploding devices manifest the real-world impact when foundational technologies are used as Trojan horses to carry out military objectives. As we have seen with Stuxnet, once that Pandora’s box is opened, it is a game-changer in the risk landscape and global norms. 

How Can Companies Protect Themselves in this New Norm? 

To prepare for yet another significant disruption shaping the new normal, there are several steps organizations can take.  

First, foundational risk approaches still hold true but require even greater diligence. Perfunctory risk processes are inadequate for this risk landscape. Know your supplier (KYS) takes on even greater importance, not just within direct suppliers but across the entire supply chain ecosystem. This, in turn, requires augmented visibility across your supply chain, a difficult feat due to the hyperspecialized and complex supply chains built over the last few decades where geopolitics was not taken into account. 

Gaining that visibility is just the start, additional context is required. For instance, are any of the thousands of restricted companies present several tiers within your supply chain? In many cases, these companies have already been linked to data exfiltration, it is not a great leap to consider hardware infiltration from these same technology companies.  According to Interos data, 148 (~30%) S&P 500 companies have a direct supplier relationship with a banned company, risking severe civil and criminal penalties, 19% of which are in the Computer and Electronic Product Manufacturing industry.  Beyond these direct (tier-1) suppliers, virtually every S&P 500 company has sub-tier (tier-2, tier-3 and beyond) supplier relationships with at least one at-risk or restricted company.  

This has always posed a regulatory risk, but the national and economic security risks must also feature in supply chain security risk assessments. While last week’s attacks were not via a restricted company, those technology companies on restricted lists represent a more probable pathway to hardware infiltration and warrant heightened alert. 

Tracking the latest in restricted companies is difficult as there is no single consolidated list across all U.S. and international organizations. Fortunately, Interos simplifies this process by surfacing several dozen restrictions lists across the US, Five Eyes, and international governmental organizations, extended across the entire supply chain ecosystem. These companies, especially those in technology, are at the highest risk of technology supply chain infiltration. These companies do not only pose a regulatory risk but could also interdict data or sabotage on behalf of adversaries. 

The stark reality of this new era is that the geopolitical risk stems much broader than restrictions – companies and governments need visibility into all areas of supply chain risk: financial, cyber, ESG, geopolitical and catastrophic risk.

In short, the globalized era of entangled supply chains absent geopolitical considerations is over. 

Supply Chain Security: Time to Double Down 

Almost a decade ago, the fictional political thriller Ghost Fleet imagined a future war beginning with supply chain infiltration. In this futuristic scenario, China hacks the U.S. electronics supply chain, disrupting everything from navigation systems to fighter jets. The digital revolution – or the fourth industrial revolution – continues to shorten the time frame between futuristic scenarios and modern reality.  

As Stuxnet demonstrated almost fifteen years ago, the shifting cyber attack landscape quickly expanded beyond governments and into the public sector. The device explosions in Lebanon similarly crossed a new line and will accelerate the pace at which the technology supply chain is exploited by government and non-government actors alike. Whether the Bloomberg report proves valid or not, the supply chain infiltration of the devices introduces similar supply chain security risks – it’s no longer a matter of if, but when a technology supply chain infiltration will occur again.  

Just as software backdoors have increased in prevalence, the same may soon be true of hardware backdoors, making it all the more critical for a fresh look and reprioritization of supply chain security. 

We are here to help.