Third-Party & Supply Chain

The European Union has decided to postpone the enforcement of its landmark deforestation regulation by one year. Originally set to take effect on December 31, 2024, this new timeline will allow companies, traders, and third countries additional time—until December 2025 for large operators and until mid-2026 for small businesses—to meet the stringent requirements set by the law. This decision comes after widespread concerns voiced by various stakeholders, including EU member states, international trade partners, and industry groups, who warned that the original deadline was too ambitious for full compliance.

The clock is ticking for Europe’s financial sector as the Digital Operational Resilience Act (DORA) prepares to go live on 17 January 2025. To pave the way, the European Supervisory Authorities (EBA, EIOPA, and ESMA—collectively, the ESAs) have announced how they’ll collect the vital information needed to designate Critical ICT Third-Party Providers (CTPPs). The message is clear: start preparing now, or risk falling behind.

The UK has escalated its pressure on Vladimir Putin, announcing its largest package of sanctions since May. This new wave targets the Kremlin’s sprawling web of military supply chains and the shadowy mercenary groups doing Moscow's bidding from Ukraine to Africa. With these measures, the UK aims to choke off Putin’s lifelines, hitting Russia where it hurts most: its ability to sustain the prolonged—and increasingly desperate—war in Ukraine.

Supply chains have become a high-stakes frontier in the world of cybersecurity. BlueVoyant’s State of Supply Chain Defense report for 2024 reveals that companies are no longer just talking about third-party cyber risk—they’re taking action. Across industries from healthcare to finance, leaders are focusing on practical, proactive ways to defend against the rising tide of supply chain threats.

The U.S. Department of Homeland Security (DHS) has announced the addition of several textile companies from the People’s Republic of China (PRC) to the Uyghur Forced Labor Prevention Act (UFLPA) Entity List. This action, effective November 1, 2024, will prevent goods from 78 PRC-based companies from entering the United States, reinforcing the U.S. commitment to fighting forced labor and the atrocities against Uyghurs and other ethnic minorities in the Xinjiang Uyghur Autonomous Region (XUAR).

As businesses increasingly depend on external partners, the concept of a "self-contained" organization has become outdated. From suppliers and service providers to contractors and consultants, third-party relationships now form the backbone of modern operations. However, with this expansion into vast networks of external entities comes an equally vast landscape of risks—many of which businesses fail to fully grasp, often resulting in costly mistakes that could have been avoided.

The U.S. Department of Commerce has introduced a cutting-edge supply chain risk assessment tool at its first-ever Supply Chain Summit. The event, held on Tuesday, September 10, 2024, marked a significant shift from reactive measures to proactive strategies in managing global supply chain disruptions.