2026: The new reality of supply chain management – even without regulatory pressure

Global supply chains are under immense strain in 2026, and the challenges facing companies are accelerating faster than the regulatory landscape. While the final form of the CSDDD or national due-diligence laws is still being debated (as of November 2025), risks are emerging elsewhere: through cyberattacks, geopolitical tensions, natural disasters, supply shortages, and rising transparency expectations.

The data is clear: disruptions are surging, partners are demanding stronger proof of compliance, insurers are raising premiums, and international rules increasingly apply to European companies – whether or not they fall directly under the German LkSG or the CSDDD. Companies that do not track their suppliers, assess risks, or collect ESG data in a structured way are quickly falling behind.

At the same time, new opportunities are emerging. Those who create transparency, use risk scores, and actively involve suppliers are strengthening the resilience of their supply chain and securing a tangible competitive edge.

This environment makes one thing clear: taking action is no longer about regulatory compliance, but about safeguarding stability, profitability, and market position. The following article explains why the threat landscape of 2026 sets new standards, why companies without direct obligations must still act, and how modern supply chain management leads to greater security, efficiency, and long-term viability.

The threat landscape: Why supply chains are more vulnerable today than ever

Global supply chains were under more pressure in 2025 than they have been in years. Geopolitical tensions, trade barriers, and economic uncertainty caused instability, while technological risks and climate-related disruptions were rising sharply. Data from international analyses reveals a clear pattern: supply chains are becoming more complex, more fragile, and significantly more susceptible to external shocks. What is particularly alarming is that many of these risks are intensifying simultaneously, directly affecting costs, stability, and supply security.

The most important developments at a glance:

• 10.6% of all globally recorded cyber threats target supply chains directly or indirectly (ENISA Threat Landscape, 2025)
• 29% of managers report cyberattacks in their own supply chain in recent months (The Guardian / Manager Survey, 2025)
• Up to 12% potential GDP loss due to aggressive reshoring strategies and geopolitical fragmentation (OECD Economic Outlook, 2025)
• +38% supply chain disruptions year-over-year (Resilinc EventWatch, 2024)
• For the 6th consecutive year, factory fires are the most frequent cause of disruptions (Resilinc EventWatch, 2024)
• +119% increase in extreme weather events, such as floods or heat stress in production regions (Resilinc EventWatch, 2024)

Why companies need to act now – even without the CSDDD or LkSG

Even if regulations such as the German LkSG are softened or the CSDDD is delayed, companies face a much more powerful force: the market is professionalizing faster than legislation.

Customers, investors, banks, and international partners now expect transparency, risk control, and ESG-aligned processes long before governments require them. The pressure is shifting from minimum legal compliance to an operational and strategic must-have that determines whether companies remain competitive, retain market access, or secure stable supplier relationships.

At the core are three major forces – and they affect almost every company, regardless of size, industry, or reporting obligations.

1. Market and partner requirements

Large buyers such as Siemens, BMW, and BASF as well as international OEMs have drastically expanded their procurement and supplier requirements in the past two years. They now demand:

• Reliable ESG data (e.g., environmental and social indicators)
• Structured risk analyses across the entire supply chain
• Product- or site-specific emissions data
• Compliance and due-diligence documentation
• Audit-ready supplier documentation including proofs and certificates

These expectations arise because companies within global value chains are themselves facing rising demands from regulators, investors, industry standards, and sustainability ratings. Large corporations must demonstrate how stable, sustainable, and compliant their supply chains are – and they consistently pass these expectations on to their suppliers.

The result is clear: suppliers that cannot provide structured data, transparency, or documented measures are considered high-risk and lose attractiveness.

“In practice, this means that companies without reliable ESG and supply chain information are increasingly excluded from tenders, lose partnerships, or are no longer listed as suppliers. And not because of legal requirements, but because the market sets higher standards than regulation.” – Julian Göbel, Chief Sustainability Manager & Managing Director, Envoria

2. Insurance and financing costs

Beyond market expectations, the finance and insurance sectors are also playing a growing role in assessing supply chain risks. Climate-related damages, geopolitical tensions, and global production failures are prompting insurers to price risks more aggressively and banks to integrate ESG factors into lending decisions. Companies are therefore under pressure to make their supply chain not only sustainable, but demonstrably manageable.

The economic backdrop illustrates how severe the burden has already become: According to Munich Re, natural disasters in 2024 caused

• 140 billion USD in insured losses
• and over 320 billion USD in total losses.

These enormous sums are triggering significant adjustments in insurance risk models. The effects are being felt across industries. Insurers are responding with:

• Rising premiums, especially for companies with high exposure or complex global supply chains
• Reduced coverage if a company cannot document clear risk-mitigation measures
• Risk surcharges where transparency is lacking, such as incomplete supplier data or missing ESG information

For companies, this means: missing or poorly documented supply chain processes not only raise operational risk, but directly increase insurance and financing costs. Conversely, companies with documented risk assessments, structured supplier evaluations, and reliable ESG data benefit from better terms, both with insurers and banks that increasingly integrate ESG into risk modeling.

3. Indirect impact of international regulations on European companies

While European regulations like the CSDDD or LkSG are still being negotiated or revised, global regulatory frameworks are advancing rapidly. Many countries now link market access, import rights, or financing eligibility to verifiable supply chain and ESG data. As a result, European companies face pressure not because they are directly regulated, but because their customers, trading partners, or target markets must comply with stricter rules.

This makes ESG transparency and data readiness essential for maintaining global competitiveness.

The following regulations in 2025 and 2026 are particularly relevant for companies in Germany and Europe, even indirectly:

• EUDR (EU Deforestation Regulation, expected late 2025 or possibly 2026): Mandatory geolocation, origin tracing, and risk assessments for commodities such as wood, coffee, cocoa, beef, soy, and rubber
• CBAM (Carbon Border Adjustment Mechanism, fully mandatory from 2026): Collection and reporting of product-specific CO₂ data for imports; also affects suppliers providing components to CBAM-obligated companies
• India – SEBI BRSR Core: Comprehensive disclosure of the entire supply chain, including foreign suppliers; European companies must provide ESG and risk data to remain listed
• USA – UFLPA (Uyghur Forced Labor Prevention Act): Import bans without full documentation of the supply chain to prevent forced labor; effectively applies to all exports to the U.S.
• Japan (mandatory from FY 2025): Disclosure of climate-related financial and risk data in line with TCFD standards, also covering supplier networks
• Australia – Climate-Related Financial Disclosure Regime: Climate reporting requirements increasingly integrated into procurement processes
• Canada – Fighting Against Forced Labour and Child Labour in Supply Chains Act: Strict reporting obligations on working conditions in global supply chains, including European suppliers

The key implication: even companies not directly covered by the CSDDD or LkSG must provide the same level of data quality and transparency – because their customers abroad need these proofs by law. Those unable to deliver this information risk losing market access, export eligibility, or established business relationships.

Building resilient supply chains: What companies should do now

Given rising global risks, increasing transparency expectations, and growing interdependencies, building a resilient supply chain has become a strategic priority. Companies that systematically map suppliers, assess risks transparently, and document processes digitally benefit from greater security, fewer disruptions, and a clear competitive and time advantage. The priority is not simply collecting data, but creating structures that enable continuous improvement and reliable evidence.

Building a resilient supply chain involves three essential steps:

1. Create supplier transparency

Transparency is the foundation of any effective risk or ESG assessment. Without a clear view of the supply chain and all relevant data points, risk management remains reactive, costly, and error-prone. Companies should therefore systematically capture:

• Locations, industries, tier levels (e.g., direct vs. indirect suppliers, critical regions)
• Geopolitical risks (political instability, trade barriers, sanctions, etc.)
• Sustainability data (energy use, emissions, social standards, waste management, etc.)
• Certificates and documentation (ISO standards, audit reports, code-of-conduct confirmations, etc.)

The more comprehensive and consistent this information is, the easier it becomes to identify potential weaknesses, such as suppliers in high-risk regions or those with missing ESG documentation. Transparency also enables faster crisis response by showing which supplier is affected, which products are at risk, and which alternatives exist.

2. Assign risk scores

Based on the collected data, companies should develop risk scores that allow for objective and comparable supplier assessments. A score serves as a single source of truth: it highlights risk levels at a glance and shows where action is needed. A score typically evaluates:

• Country and industry risks (e.g., political instability, labor rights, climate risks)
• ESG standards (environmental performance, social responsibility, governance structures)
• Working conditions (occupational safety, social standards, human rights compliance)
• Emissions data (Scope 1/2/3 values, decarbonization strategies, product-level intensity, etc.)
• Compliance maturity (documentation, audit reports, management systems, code-of-conduct compliance, etc.)

These risk scores enable supplier, regional, and category comparisons while helping prioritize actions (e.g., focusing on high-risk suppliers) and guiding procurement, sustainability, risk, and reporting teams. Assessments become data-driven, transparent, and audit-ready. The score also serves as a communication tool, setting clear expectations for suppliers.

3. Enable continuous improvement

Sustainable supply chain management works only if suppliers are actively involved and have the opportunity to improve their performance – and thus their risk score – over time. Transparency is not an end in itself; it should drive development, reduce risks, and strengthen shared standards.

Suppliers should therefore be able to:

• Submit additional data (e.g., emissions, certificates, location information)
• Document improvements (new processes, training, optimization measures)
• Provide certifications (ISO 14001, ISO 45001, SA8000, energy management, etc.)
• Prove measures (e.g., CO₂ reductions, safety measures, social programs)

This approach strengthens individual suppliers and improves the supply chain as a whole. Companies benefit from more stable partnerships, reduced risks, and deeper data insights. It can also encourage positive competition among suppliers: those with strong performance and positive risk scores become preferred partners.

Conclusion: Act before risks become reality

Developments in recent years show that supply chain risks now go far beyond compliance. Cyberattacks, climate-related disruptions, geopolitical uncertainty, and international regulations directly affect operational stability and business performance. At the same time, market partners, insurers, and financial institutions are raising expectations for transparency and data-driven management far more quickly than lawmakers.

Companies that systematically map their supply chain, assess risks, and document processes – using software providers like Envoria – gain more than security. They establish the foundation for competitive pricing, stable relationships, and a measurable advantage in an increasingly data-driven economy. Those who take these steps early strengthen their position and become reliable partners in a global market where stability and verifiable performance are becoming essential prerequisites.