For most of my career, supply chain risk was something we thought about in the context of adversarial state actors quietly embedding vulnerabilities into hardware, software, and critical systems. It was a counterintelligence problem and not primarily a problem that corporate boards spent time on. Instead, companies focused on maximizing efficiency; they sourced from wherever it was cheapest, manufactured where labor costs were lowest, and delivered just-in-time to reduce overhead costs. And this worked until recently.
In 2026, two events crystallized the risks geopolitical risk practitioners have warned about: the use of interdependency as a tool of economic statecraft and an unexpected conflict bringing global trade to a halt. Together, the convergence of geopolitical competition, AI-driven interdependence, and cascading global crises has made supply chain security one of the most important challenges of this decade. And most organizations are not structured to meet it.
Economic statecraft meets commercial reality
Throughout 2025, we observed several instances of the Chinese export control regime at work. In April, China added seven medium and rare earth minerals to its export control list of dual-use items in response to the Trump Administration’s Liberation Day tariffs. By October, China rolled out a requirement for foreign companies to acquire export control licenses for technologies with parts, components, and assemblies containing or produced using Chinese rare earth technologies. Together, these actions represented escalations that had a direct impact on supply chains across the globe.
Manufacturers that built operational models based on just-in-time procurement were forced to build emergency stockpiles or purchase components locally, at a time when prices in importing countries were nearly six times the cost of Chinese domestic levels. Those price shocks continued to cascade, as some manufacturers chose to absorb margin compression if they were already in highly competitive markets, while others faced prospects of long-term component shortages with no near-term domestic alternative. Others just chose to leave markets altogether.
Earlier this month, China released the Regulations on Industrial and Supply Chain Security, which came into force immediately upon release. These regulations expand Beijing’s powers to impose countermeasures against foreign entities deemed to threaten China’s own supply chain security, including potential investment bans and individual sanctions. It also empowered Chinese officials to investigate and impose countermeasures – special charges, export restrictions, entry bans – against any foreign entity deemed to threaten China’s access to resources or disrupt the flow of goods.
Foreign companies conducting supply chain due diligence that involves scrutinizing Chinese inputs now face the risk of being characterized as engaged in ‘unfair economic coercion.’ This places compliance officers and procurement leaders in a Catch-22: the diligence their boards demand may itself trigger regulatory exposure in China.
This export control architecture is designed to be a durable instrument of economic statecraft; one companies will struggle to navigate as access to components and technologies could retract with limited warning.
The hidden exposure problem
Companies are frequently tempted to assume that if a risk could not be seen clearly nor quantified it, it is unlikely to happen. Global supply chains expose that assumption.
The recent conflict in Iran shines a spotlight on how organizations assess geopolitical risk. Early in the conflict, equity markets in South Korea, Taiwan, France, Germany, and Japan experienced volatility and downward pressure. This was not necessarily due to their direct geographic exposure to the Gulf, but because the energy inputs, revenue streams, and manufacturing supply chains on which they relied were deeply entangled with Gulf Cooperation Council (GCC) economies bearing the brunt of Iranian retaliation. These are the types of things standard geographic classifications can miss.
The immediate first-order exposure was predictable: Asian sectors that are highly reliant on Gulf crude immediately felt the pinch as access was cut off. As the conflict continues, however, that pain spreads downstream through second- and third-order exposure, affecting industries as varied as automotive, manufacturing, and consumer goods.
This is the hidden exposure problem. Most risk functions in commercial organizations are built to see the risks that are obvious and proximate. They’ve invested in understanding their Tier-1 suppliers while optimizing for just-in-time delivery operational models. Fewer have invested in understanding their supplier’s dependencies and planning for the geopolitical shocks that could upend their operations.
AI amplifies both the risk and the opportunity
For years, experts have understood that supply chains can be used as points of access as much as points of delivery. What was once the domain of a small number of highly capable actors is now becoming more scalable.
Artificial intelligence is a force multiplier in both directions. AI can help companies better understand where their supply chain dependencies are and can help reveal vulnerabilities that may have been previously missed. The advent of AI-empowered capabilities such as Anthropic’s Mythos will also reveal hidden cyber supply chain vulnerabilities and equip companies to surface hidden exposures before they become crises, but this is not a panacea. AI systems, on the other hand, also come with their own supply chains and each layer – whether data, models, or infrastructure – provides potential vectors for compromise or disruption.
It will be essential for organizations integrating AI systems to understand the systems behind it. Those that seek to stay ahead will regularly evaluate who controls the individual layers, their resilience, and what happens if any portion of it is stressed.
Looking Beyond Tier-1 Suppliers
Supply chain risk is often framed as a question of visibility. Organizations have made great strides in knowing their suppliers and where they operate, and they’ve invested heavily in monitoring disruptions as they occur. The challenge is that visibility is not the same thing as preparedness and monitoring only one level of suppliers is inadequate in our interconnected world.
The bigger problem is understanding how disruption cascades through a system. Supply chains are dynamic systems that are shaped by events and decisions occurring outside the immediate field of view. These systems are affected by energy flows, global policy decisions, infrastructure constraints, and digital dependencies, and often, a precipitating event may appear wholly unrelated to a supplier, but the effects of these decisions cascade through a system, affecting suppliers, intermediaries and end markets before it shows up in cost, delivery or revenue.
This is where most organizations struggle. They can identify direct relationships, but far fewer have a structured way to understand second- and third-order dependencies—how changes in global tensions shift a supplier’s ability to produce goods or access markets; or how conditions on the ground affect suppliers across a value chain.
Nowhere is this more apparent than in the interaction of geopolitics and supply chains. In recent years, China, the United States, and the European Union have established trade, investment, and export control regimes that have had implications beyond their borders. These decisions have direct implications for cost, availability, and movement of energy, technology, and critical components. These shifts are rarely seen as supply chain disruptions at the outset. They first emerge as policy changes, regulatory actions, or localized instability and later translate into operational constraints.
The main challenge is not that organizations don’t have enough information; it’s that they are not using the information they have to make decisions that can help avoid problems before they happen. When organizations monitor external signals earlier, they’re able to adjust sourcing and inventory strategies or develop alternative logistics pathways before disruptions occur, and in doing so, they create optionality.
The strategic imperative
Fifteen years ago, cybersecurity was a specialist concern. Everyone agreed there was risk, but budgets remained lean and many felt that the likelihood that they would be targeted was slim. In the years since, we’ve seen every industry affected by cyber threats and that will only continue to grow.
Today, supply chain practitioners find themselves in the same place. Organizations track their immediate suppliers and disruptions to their operations, but they often miss opportunities to model the downstream effects of policy decisions, regional crises, or black swan events.
We are at an inflection point. The regulatory environment is hardening across every major economy; geopolitical instability is accelerating; and digital and physical supply chains are more connected than ever, allowing vulnerabilities to propagate faster.
Organizations that prioritize supply chain security and translate early warning signals into operational decisions will be best positioned to handle whatever instability shows up next. That is where meaningful, competitive advantage lies in the years ahead.
