Third-Party & Supply Chain

In today’s hyper-connected world, businesses rarely operate in isolation. Instead, they form part of intricate webs of suppliers, vendors, and third-party partners. These extended enterprise relationships offer a wealth of opportunities—streamlined operations, cost efficiencies, and specialization—but they also come with inherent risks. Managing these risks effectively requires a firm commitment to environmental, social, and governance (ESG) standards, operational resilience, and robust compliance strategies.

The Council of the European Union has adopted a new regulation that bans products made with forced labour from the EU market. The decision, finalized on November 19, 2024, marks a turning point in global trade standards, with Europe sending a resounding message: forced labour has no place in its supply chains.

Earlier this month, Maersk released a report indicating that three out of four shippers operating in Europe have dealt with disruptions in their supply chain over the past 12 months. Even more alarming is that more than half of those affected are experiencing a serious impact on costs.

The European Union has decided to postpone the enforcement of its landmark deforestation regulation by one year. Originally set to take effect on December 31, 2024, this new timeline will allow companies, traders, and third countries additional time—until December 2025 for large operators and until mid-2026 for small businesses—to meet the stringent requirements set by the law. This decision comes after widespread concerns voiced by various stakeholders, including EU member states, international trade partners, and industry groups, who warned that the original deadline was too ambitious for full compliance.

The clock is ticking for Europe’s financial sector as the Digital Operational Resilience Act (DORA) prepares to go live on 17 January 2025. To pave the way, the European Supervisory Authorities (EBA, EIOPA, and ESMA—collectively, the ESAs) have announced how they’ll collect the vital information needed to designate Critical ICT Third-Party Providers (CTPPs). The message is clear: start preparing now, or risk falling behind.

The UK has escalated its pressure on Vladimir Putin, announcing its largest package of sanctions since May. This new wave targets the Kremlin’s sprawling web of military supply chains and the shadowy mercenary groups doing Moscow's bidding from Ukraine to Africa. With these measures, the UK aims to choke off Putin’s lifelines, hitting Russia where it hurts most: its ability to sustain the prolonged—and increasingly desperate—war in Ukraine.

Supply chains have become a high-stakes frontier in the world of cybersecurity. BlueVoyant’s State of Supply Chain Defense report for 2024 reveals that companies are no longer just talking about third-party cyber risk—they’re taking action. Across industries from healthcare to finance, leaders are focusing on practical, proactive ways to defend against the rising tide of supply chain threats.