Resilient supply chains are the theme of 2026 and beyond
“Resilience” is clearly the keyword for 2026 – the mantra that must guide every company to face the ongoing turbulence, which, regrettably, we fear will extend beyond December 31, 2026.
“Resilience” rather than “sustainability,” because sustainability has been experiencing an unprecedented backlash since its emergence, unfortunately associated with the idea of a bureaucratic burden. This perception is fuelled by regulations whose extreme sophistication and unreasonable haste have undermined their foundations.
“Resilience” rather than “competitiveness,” because competitiveness has been weaponized to conceal attempts to maintain outdated models through deregulation. Ultimately, this approach will only weaken the global economies and their players against competitors who understand the power of law to impose new perspectives.
Resilience for sustainability and competitiveness, instead, because sustainability and competitiveness are truly effects, not causes. A company can only be sustainable and competitive – one doesn’t happen without the other – if it rests on a secure foundation, enabling it to develop despite geopolitical, economic or regulatory hazards and obstacles. A company can only be sustainable and competitive – one doesn’t happen without the other – if it rests on a resilient foundation, enabling it to develop despite geopolitical, economic or regulatory hazards and obstacles.
From this perspective, the supply chain is a significant stake. It can be a pillar of strength or the company’s Achilles’ heel, depending on the company’s ability to ensure its integrity. Integrity, in this context, means ensuring every link in the chain is sufficiently robust. The fragility of any single link can indeed compromise the proper functioning of the entire chain and, consequently, the long-term viability of the company whose activity relies on it.
The difficulty lies in identifying these fragilities. In this regard, considerably blurred the lines by issuing directives that are sometimes contradictory and adopted within short intervals. In this regard, lines can be considerably blurred by issuing directives that are sometimes contradictory and adopted within short intervals. In this context of permanent shifts – in this uncertain landscape that will, at best, only partially clear up during 2026 – companies can legitimately feel lost.
They can also see this as an opportunity for a genuine, strategic groundwork effort, moving past the minor vicissitudes of the literal text of the regulations and the confusion they create. Instead, they can focus on the spirit of the regulations, which possesses a genuine rationality: the company must know and understand its supply chain to both control it, and thus ensure its integrity.
Top 10 Compliance Trends: Preparing for 2026’s New Rules of Risk
Explore expert predictions for the year ahead in compliance. This NAVEX webinar covers AI regulation, enforcement updates, and emerging global standards shaping the next era of ethics and risk …
Knowing your supply chain
The banking sector, as well as certain service providers (e.g., accounting or legal professionals), have an obligation to Know Your Customer (KYC), notably to avoid being unwitting accomplices in illicit operations. Knowing your customer requires tracing the chain of financial flows to identify the ultimate beneficial owner of the transaction.
Increasingly, due to the risks they face, companies have a similar obligation to know their suppliers and subcontractors, not only Tier 1 but also those below, right up to the initial source of supply.
This obligation is one of the significant issues associated with adopting the Corporate Sustainability Due Diligence Directive (CSDDD) and determining its final content following the 2024 reform of its initial text in the “omnibus” draft directive.
However, other texts impose a similar obligation and are scheduled to come into effect progressively starting in 2026. This is particularly the case with regulations aimed at combating deforestation and forced labor.
The first requires that palm oil, soy, wood, cocoa, coffee, cattle and rubber, as well as products derived from these commodities, entering, circulating within, or being exported from the European market, must be “deforestation-free” and have complete traceability ensured. Consequently, this means the different links in the supply chain must be known, and each link must possess this information.
The second regulation prohibits the placing on the European market, circulation within it, and export from it of products resulting from forced labor. This text indicates that it “does not create additional due diligence obligations for economic operators other than those already provided for by Union or national law.” In other words, the issue of forced labor is a subject that companies subject to due diligence obligations under their national or European law must integrate into their implementation. The regulation is thus intended to fit within the framework established by the CSDDD and be applied in accordance with its provisions.
The regulation applies to all companies, regardless of their legal nature, form, or size. The regulation applies to all companies, regardless of their legal nature, form or size. However, not all companies are legally obligated to undergo due diligence. Therefore, while the regulation does not formally create any obligation for companies to exercise due diligence regarding forced labor, it indirectly creates such an obligation, nonetheless.
This is also the case with the CSDDD. Article 8 of the directive requires subject companies to carry out mapping of their own activities, those of their subsidiaries, and, when linked to their chains of activities (value chain), those of their business partners. Although the text does not explicitly state it, this implies the company must know its suppliers and subcontractors at various tiers.
The current discussions on the omnibus draft directive demonstrate this. As the objective of this text is to simplify the mechanism, the proposals aim to clarify specific provisions of the CSDDD, particularly Articles 8 through 11. Specifically, the text adopted by the Council of the European Union for trilogue negotiations includes a provision in Article 8 stating that the company must map its chain of activities to identify its indirect business partners.
Admittedly, this mapping must be carried out using reasonably accessible information. The directive only establishes best-effort obligations, but it clearly states an obligation to know your supply chain.
Given that a company can only know this chain by tracing it upward, this obligation will indirectly fall on every company member of a supply chain. Each company must be able to communicate to its higher-ups in the chain – particularly the one directly above it – which links are situated below it.
The adjustment of thresholds currently being discussed by the European legislator will not alter this fundamental principle: all companies must be aware of their supply chain.
Controlling your supply chain
Why is it necessary to know your supply chain? It is not a bureaucratic requirement. It is an indispensable precaution that allows for discerning strengths and weaknesses, thus enabling the necessary measures to be taken to control it. This ensures it is managed as efficiently as possible while preventing the risks it may generate.
This highly strategic knowledge constitutes a trade secret for many companies, protected as such by the European Directive of June 8, 2016, and the implementing laws of the member states. The company is therefore not required to make it public; only the results of risk analyses performed based on this data may be published. This point is affirmed by the CSRD (Corporate Sustainability Reporting Directive) and is expected to be even clearer in the revised version of the omnibus directive.
However, this protection is conditional on the existence of measures intended to maintain the secrecy of this information. The company’s information system must therefore ensure that access to this data is limited to those who need to know and that these individuals are subject to confidentiality obligations.
Similarly, when a company communicates this information to other links in the supply chain, either in execution of a legal obligation or to comply with contractual obligations, it is imperative that it expressly state its confidential nature and impose its preservation through adapted clauses.
This necessary control over the supply chain, which pertains to the company’s strategy, is not explicitly mandated by the texts. The CSDDD, the regulations on deforestation or forced labor, or similar texts only require risk prevention. Control of the value chain is a means of this prevention, the content and methods of which are left to the company’s discretion.
Nevertheless, the regulation provides companies with legal avenues to ensure this control. This is notably the case with the CSDDD, specifically Articles 10 and 11, which mention obtaining contractual guarantees as possible measures.
The contract is indeed the principal instrument for managing the supply chain, as the chain itself consists of a series of agreements between multiple companies that link them within the same productive and/or commercial process. Control of the chain thus necessarily involves inserting clauses into these various contracts, either to prohibit certain activities or behaviors, or to impose certain practices or the communication of information. These clauses can also help ensure a certain homogeneity within the chain by requiring the dissemination of prohibitions or obligations to the different links.
The CSDDD favors the use of these contractual tools, as stated in Articles 10 and 11, which stipulate that “Member States shall provide for the possibility to temporarily suspend the commercial relationship or terminate it in contracts governed by their law, except for contracts which the parties are legally required to conclude.”
This provision opens an interesting avenue for companies to insert stipulations into contracts that allow them to manage the value chain, as it legalizes a leverage tool that might otherwise be considered abusive under general contract law. The directive expressly provides for the possibility of the company using or increasing its leverage by temporarily suspending commercial relations, which, without this provision, could be considered abusive conduct.
This possibility can be an effective way to integrate a code of conduct into the supply chain. The difficulty with the supply chain lies in the potential disparity in the contracts that comprise it. Referencing a single code of conduct in each of these contracts helps prevent this disparity. However, the clauses referencing the code must stipulate not only adherence to the code but also the renewal of this adherence when the code is updated, to avoid different versions applying to other links in the chain.
In periods of legal uncertainty, such as the one we are currently experiencing, the contract serves as an effective and convenient tool for establishing a stable and harmonized framework that can compensate for the fragmentation and variability of legislation.
2026 prediction
In conclusion, supply chain integrity appears to be essential for businesses to remain resilient in the face of growing risks. By equipping themselves with the means to understand and control their supply chain, organizations can transform a constraint into a strategic lever, capable of securing their operations and strengthening their long-term competitiveness. This approach should not be seen as a sterile compliance exercise. It is an essential investment for facing 2026 and the years to come.
This article is part of our 2026 Top 10 Risk & Compliance Trends eBook. Check out the full eBook for more expert predictions for the year ahead.
Top 10 Risk & Compliance Trends for 2026
Stay ahead of AI regulation, cultural pressure, and global governance change with insights that prepare you for what’s next.
