Governments cannot build economic resilience alone. Companies sit on the front line of economic security: They operate the supply chains, hold the data, manage the customer relationships, and absorb the operational impact of sanctions, export controls, tariffs, and industrial-policy measures. Without corporate buy-in, strategies of de-risking and supply-chain resilience will remain largely aspirational.
This realization has begun to take hold across Europe. As Stéphane Séjourné, European Commissioner for Prosperity and Industrial Policy, put it: “Too few businesses in Europe integrate the geopolitical risks, the supply chain risks into their thinking. We are really calling businesses to modernize their business plans.” Yet, a gap remains between awareness and action. European companies have become more concerned about geopolitical risk, but many are still not prepared to manage it.
The global pandemic, Russia’s invasion of Ukraine, intensifying US-China rivalry, and the war in Iran have all elevated geopolitics from a background concern to a boardroom issue. The number of references to geopolitics in earnings calls has risen sharply since 2022, and economic resilience has become a permanent feature of corporate discussions. But many companies continue to treat geopolitical shocks as episodic disruptions rather than structural conditions. They prepare for the crisis of the day, then revert to business as usual once it fades from the headlines.
The European business response to China illustrates this tension. According to the latest survey by the European Union Chamber of Commerce in China, many European companies are maintaining or even expanding their supply chains in mainland China to preserve global competitiveness. Nearly one-third of respondents said they were onshoring further in China, while 37 percent had not changed their supply-chain strategy over the previous two years.
German firms, particularly in automotive manufacturing and semiconductor equipment, have also increasedtheir absolute exposure to China. Many continue to see the Chinese market as a “gym”—to learn about technological advances, efficiency, and scale. This message of continued commercial engagement was reinforced last week by the visit of German Economy and Energy Minister Katherina Reiche, accompanied by a delegation of 35 business representatives, including from SAP, Siemens, and ThyssenKrupp.
This is not irrational. For many companies, China remains central to competitiveness. But it reveals the core challenge: Managers are being asked to de-risk in a world where commercial incentives often still point in the opposite direction. The result is not a simple retreat from China, but a more complex environment in which companies must juggle exposure, dependency, and geopolitical risk simultaneously.
Evolution of Geopolitical Risk
Although companies have long operated amid geopolitical risk, decades of relative stability have weakened the organizational muscle needed to navigate today’s more fragmented and coercive environment. Three developments make today’s geopolitical risk more difficult for companies to manage.
First, the economic statecraft toolkit is becoming more integrated. Sanctions, export controls, anti-money laundering rules, tariffs, investment screening, and supply-chain policies increasingly overlap. Measures that were once treated as separate regulatory domains are now being used together. Sanctions intersect with export controls; export controls intersect with trade policy; tariffs are used as leverage; and supply-chain resilience is becoming an economic-security objective.
Second, these tools increasingly have extraterritorial effects. The United States has long used the global role of the dollar and US technology to project regulatory power beyond its borders. But the EU and the United Kingdom are also beginning to redefine jurisdictional nexus and adopt measures with wider external effects. For companies, this means that compliance can no longer be assessed only in relation to the country where they are headquartered or where a transaction takes place. Risk now travels through ownership structures, technology inputs, financial flows, customers, suppliers, and end users.
Third, non-Western economic statecraft is becoming more assertive. China is no longer focused only on shielding itself from foreign coercion or building a “fortress economy.” Since 2020, Beijing has built the legal foundations for a more offensive toolkit, including sanctions, export controls, and supply chain regulations. Its measures are increasingly calibrated to impose costs on adversaries while limiting blowback for Chinese firms. Recent actions against European defense companies and Japanese entities show that Beijing is becoming more willing to use formal economic coercion tools.
Together, these trends make supply-chain visibility indispensable. Companies need to know not only their direct suppliers and customers, but also deeper tiers of production, technology dependencies, end users, and exposure to jurisdictions where economic statecraft may be deployed. Whether managing sanctions, export controls, investment restrictions, or tariffs, companies will need to collect and integrate data across legal, compliance, procurement, government affairs, risk management, and security..
From Crisis Response to Structural Adaptation
Most companies are not yet organized for this reality. Many have improved their ability to monitor geopolitical developments, conduct scenario planning, or build risk dashboards. But too often these efforts remain detached from business strategy, investment decisions, and operational planning.
A common pattern has emerged: Once a crisis passes and business returns to normal, plans to transform supply chains are delayed or shelved. The lessons of the COVID-19 pandemic have not been fully absorbed. Companies still tend to optimize for efficiency in normal times rather than resilience in volatile ones.
To stay ahead of the curve, companies need to build a geopolitical muscle. This means moving from reactive crisis management to structural preparedness. It requires early-warning systems, supply-chain mapping, cross-functional governance, and sustained engagement with policymakers. It also requires a shift in mindset—from “just in time” to “just in case,” where redundancy is not viewed only as a cost, but as an investment in economic security.
The starting point should not be: “Where can we still grow?” or “How do we protect ourselves after a shock?” but “What do we need to know, who needs to know it, and how quickly can we act when the geopolitical environment changes?”
Some companies are responding by creating geopolitical risk units or strengthening government-affairs and risk-management functions. Since 2025, there has also been a rise in board-level government affairs appointments. But institutional form is less important than function. A geopolitical risk unit is useful only if it can influence strategy, access relevant data, and reach the C-suite before a risk becomes a crisis.
In many companies, geopolitical risk remains fragmented across compliance, procurement, legal, internal security, and government affairs. This reflects the complexity of the challenge, but it also creates organizational blind spots. Sanctions may be understood by legal and compliance teams; supplier dependencies by procurement; political intent by government affairs; and operational vulnerabilities by business units. Unless these perspectives are integrated, companies will struggle to see the full risk picture.
The more economic statecraft tools converge, the more geopolitical risk must be treated as a cross-functional discipline. What matters is not whether a company has a dedicated geopolitical team, but whether information flows across the organization, priorities are set clearly, and senior leadership trusts the analysis enough to act on it.
Japan offers a useful comparison. Japanese companies have long been exposed to economic coercion and have therefore thought about economic security more systematically. For example, Mitsubishi Electric created an economic security division that was designed to function as an internal command center—to gather and centralize information from across all relevant departments to foster a unified understanding of evolving risks. According to Japan’s 2026 white paper on manufacturing industries, the share of firms working on economic-security measures rose from around 40 percent in 2024 to around 60 percent in 2025. Yet even there, progress remains uneven. Many firms focus primarily on information collection rather than substantive measures such as supplier diversification or cybersecurity.
Supply-chain Resilience Is Becoming Mandatory
Resilience is no longer simply a voluntary business objective. In many sectors, it is becoming a regulatory requirement.
EU policymakers are developing new tools to map supply-chain vulnerabilities, encourage sourcing from within Europe, and push companies toward greater diversification. Earlier due-diligence requirements focused mainly on environmental and human-rights concerns, including the Corporate Sustainability Due Diligence Directive, the Carbon Border Adjustment Mechanism, and the EU Deforestation Regulation. The next generation of measures is different. It is designed to identify strategic bottlenecks that could be weaponized during geopolitical conflict.
The EU is considering rules that could require companies in strategic sectors, such as chemicals and industrial machinery, to source critical components from at least three different suppliers. Proposed ceilings of around 30–40 percent from a single supplier would mark a significant shift from previous thresholds, including the 60 percent dependency level identified in the EU’s Economic Security Strategy as a high-risk benchmark. New supply-chain auditing requirements could also be linked to the Industrial Accelerator Act, making access to public procurement conditional on sharing supply-chain information.
In parallel, the EU is exploring emergency powers that would allow Brussels to intervene in industrial supply chains during shortages. Companies that fail to provide information on supply-chain capacity in key sectors—including semiconductors, medical devices, weapons, and digital infrastructure—could face fines. Additionally, the EU’s foreign service, the European External Action Service (EEAS), is also seeking to strengthen its intelligence-analysis capacity on economic security.
This means companies will face growing pressure to disclose supply-chain information to their own governments.
At the same time, they are also facing pressure from China. Beijing has long identified technological chokepoints as strategic vulnerabilities and has made their elimination a policy priority. Its own de-risking agenda is now becoming more coercive. Following Chinese export controls on critical minerals in April 2025, many Western firms have been required to provide sensitive supply-chain information to obtain export licenses. These requests reportedly go beyond end use and end user, extending to customer lists, annual production data and forward projections. Such information could give Chinese authorities insight into production dependencies, stockpiling strategies, and customer relationships.
This creates a difficult asymmetry. Many companies are reluctant to share sensitive information with their own governments, yet may be compelled to disclose it to the Chinese authorities as the price of market access or export approvals. European governments are therefore trying to understand what Beijing knows about critical supply chains, often with limited cooperation from industry.
China’s new Supply Chain Security Regulation issued in April 2026 adds another layer of complexity. It targets foreign firms seeking to shift supply chains out of China or reduce reliance on Chinese partners. Companies that diversify in ways seen as harming Chinese commercial or national interests could face legal scrutiny or penalties. Much like Beijing’s recently activated Blocking Statute, these rules could force firms into difficult choices between competing legal and political demands from the US, the EU, and China.
The New Operating Environment
The private sector is entering an era of triple pressure. The US, the EU, and China are each building legal and regulatory tools to secure, control or leverage global supply chains. Companies are increasingly caught between tariffs, export controls, localization requirements, trade investigations, sanctions, investment restrictions, and supply-chain disclosure obligations.
For companies, the central challenge is no longer whether geopolitics matters. The real question is whether they can build the organizational capacity to manage geopolitical risk before it becomes operational disruption.
That requires three shifts. First, companies need better visibility over supply chains, including deeper supplier tiers, customer exposure, technology dependencies, and jurisdictional risk. Second, they need internal structures that connect compliance, procurement, legal, government affairs, and business strategy. Third, they need sustained engagement with policymakers, not only to understand policy intent, anticipate enforcement, and prepare for future obligations, but also to influence regulation.
Geopolitical resilience is therefore not a communications exercise, a compliance checklist or a crisis-response function. It is becoming a core component of corporate strategy. Companies that recognize this early will be better positioned to manage fragmentation, coercion, and regulatory divergence—and to turn geopolitical awareness into commercial advantage.
Dr. Maria Shagina is the Diamond-Brown Senior Fellow for Economic Sanctions, Standards, and Strategy at International Institute for Strategic Studies, based in Berlin. . Her article draws on her forthcoming book, The Rise of Economic Statecraft.
