Skip to main content

Beyond the pandemic: rethinking the supply chain

Technology and data

Technology can help manufacturers better anticipate and rectify problems in their supply chain. But this can mean adopting new tools and processes that raise some unfamiliar issues.

For example, manufacturers wishing to employ data analytics/AI will need a large data set for their algorithms to work with across all ‘links’ of the supply chain.

To do this, they could require their suppliers to share data with them, for example, via electronic data interchange agreements. Alternatively, they could collect the data using decentralised blockchain technology. 

Blockchain on the supply chain

Blockchain allows the end-to-end status of an item and each interaction with it to be recorded, tracked and verified in a way that is highly resistant to falsification, not controlled by any single party and can be made visible to some or all parties with an interest in that item. This makes blockchain a highly compelling technology for use in supply chains and one that now has multiple active use cases.

Take the automotive and pharmaceuticals sectors. Carmakers need to be confident that parts are as expected and will arrive just in time. Meanwhile, drugmakers want to know where their products end up and that their products bought and sold down the supply chain (and later, if returned) are not counterfeit.

Both are use cases that are in real-world operation. An example of in the automotive sector is BMW’s PartChain, which, through the participation of 10 BMW suppliers, aims to improve the transparency and traceability of components. A pharmaceuticals example is the MediLedger blockchain, where a number of the world’s highest-profile pharmaceutical companies have joined together to create a blockchain-based system on which products are tracked and verified as genuine at each step in the distribution network.

Blockchains coupled with smart contracts can go further still, for example by initiating automatic payments for goods once verified information is recorded on a blockchain that an item has been delivered in accordance with agreed requirements (such as timing or temperature). This offers the chance of new avenues of automation in supply chains, in which not just the logistics but also the commercial aspects are objectively measured and automated accordingly.

Nevertheless, manufacturers considering the use of blockchain technology should be aware that its integration into the supply chain may bring its own legal as well as practical challenges. Issues surrounding contractual execution and enforcement where something goes wrong on a blockchain (for example, an automated payment initiated by a smart contract) remain largely untested. Likewise, a desire for transparency of data may not always align with data privacy, confidentiality and antitrust considerations. Manufacturers may also have to work hard to convince their suppliers that transparency can work in the interest of the supplier, as opposed to merely exposing the supplier to greater risk of its failings being highlighted.

Some of the principal issues for manufacturers to consider when digitising their supply chains are outlined below.

Data rights

It is widely believed that data can be 'owned', which is not the case. However, parties may still have certain rights in relation to data under statute and/or contract. 

In the agreements that govern the exchange of data with suppliers, manufacturers will need to ensure that they have sufficient rights to use the data provided for the full scope of their anticipated use and, potentially, prevent others from using the same data.

Among the principle terms they should focus on include:

  • access to data (Which party controls access to the data?); 
  • permitted uses (What can be done with the data? Can it be aggregated with other data?);
  • third-party restrictions (eg it may not be possible to use – for commercial purposes – data that is available online, or published by third parties or public authorities, without a paid licence);
  • exclusivity (Can others use the same data for the same purpose?);
  • territory (Where can the data be used?);
  • termination (Are there obligations to purge the data? Can either party continue to use the data after termination of the relationship? If so, for how long?);
  • sub-licensing (Can the data be licensed to others?);
  • liability (Who is liable for the accuracy of the data?); and
  • derived data (Who owns the output from the AI systems?).

Data protection

Tracking items will often include personal data. If this data is to be shared, it’s essential to consider data privacy regulation from the very start (‘privacy by design’)

For example, the designed process would have to consider:

  • who will collect the data:
  • how and for what purpose will the date be collected;
  • where the collected data will be stored/processed;
  • how the data will be protected;
  • who will have access to the data;
  • whether the collected data is required for the intended purpose; and
  • whether the data can be anonymised/pseudonymised.


Control over data is being increasingly scrutinised by antitrust authorities. While the big tech players have received most attention in this regard, businesses in other sectors could face scrutiny too.

Before implementing a digital system that relies heavily on data collection and exchange, manufacturers should ensure they have appropriate safeguards with respect to competition laws. Otherwise they may have to grant competitors access to their data sets to avoid ‘data dominance’.

Trade secrets

To be protected by law, trade secrets must be not only kept secret but also subject to reasonable steps to keep them secret. But protecting trade secrets gets more difficult as more information is exchanged and the supply chain becomes more transparent.

Therefore, a careful balance needs to be found between sharing the right amount of information so that the data is fit for purpose and not exposing the company to the risk of disclosing its trade secrets, or even risks from insider threats and espionage.

In this respect, setting up the right legal, technical and organisational measures is key. For example, manufacturers could require their suppliers to adapt their security arrangements to ensure that access to the information is adequately restricted.

Ultimately information sharing is a two-way street, so it’s critical to be aware of what information is being shared – and to double-check whether it actually should be.

Export control

If critical information is exported from certain countries, export control may become more relevant, especially since, in times of crisis, states often increase their scrutiny of export-control regimes.

The types of items/information controlled via such regimes come in various forms. So before exchanging any information, there should be a process in place to confirm whether export controls apply.

Among the most highly controlled items are those designed for military use, commercial satellites, technical data and 'dual-use' items (ie items that have both a civil and military application).

In order to avoid the consequences of breaking export laws, which can range from fines to prison sentences, it is important to pay close attention to the relevant legal framework for technology transfers. In many cases, the appropriate course of action is to obtain and operate under an export licence from the relevant authority.