PVH Facing the Risk of Being Placed on China’s Unreliable Entities List

On September 24, 2024, China’s Ministry of Commerce (MOFCOM) announced that the Working Mechanism of the Unreliable Entities List (the “Working Mechanism”) had initiated an investigation of the PVH Group, a global clothing company and owner of brands such as Tommy Hilfinger, Calvin Klein, Warner’s, Olga and True & Co.

The action was taken pursuant to the Provisions on the Unreliable Entities List (UEL), a relatively new law in China that allows the Chinese government to impose countersanctions against foreign entities, including companies, organizations or individuals. The Working Mechanism indicated that PVH Group is being investigated for suspected violation of normal market transaction principles, suspension of normal transactions with Chinese enterprises, organizations or individuals, and adoption of discriminatory measures with respect to products from the Xinjiang Uygur Autonomous Region.

You can read the full insight prepared by D. Michael Kaye, Sarah K. Rathke, Ludmilla L. KasulkeJeremy W. Dutra, and Shawn Harwood here:

U.S. House Of Representatives Passes The BIOSECURE Act During “China Week”

On September 9, 2024, the U.S. House of Representatives commenced “China Week,” during which the House passed 25 bills intended to limit the influence of the Chinese Communist Party in the United States.[1]  Among these was the BIOSECURE Act—a piece of legislation that would prohibit federal funding for equipment or services provided by a “biotechnology company of concern.”[2]  The House voted in favor of the bill by a vote of 306 to 81 on Monday, and it will now move to the Senate.[3] 

A brief history of the BIOSECURE Act, a summary of its provisions, and an analysis of its supply chain implications are described in the following post.

Continue Reading

Supply Chain Legislation On The Horizon

On May 15, the U.S. House of Representatives passed the Promoting Resilient Supply Chains Act of 2023 by a vote of 390 to 19.  The bill, authored by Rep. Lisa Blunt Rochester (D-Del.) and Rep. Larry Bucshon M.D. (R-Ind.), is a bi-partisan effort and collaboration between the federal government and private entities to “map[], monitor[], and proactively strengthen[] American supply chains, bringing manufacturing jobs back home, and lowering costs for American consumers.”[1]

Continue Reading

Supply Chains Are The Next Subject of Cyberattacks

The cyberthreat landscape is evolving as threat actors develop new tactics to keep up with increasingly sophisticated corporate IT environments. In particular, threat actors are increasingly exploiting supply chain vulnerabilities to reach downstream targets.

The effects of supply chain cyberattacks are far-reaching, and can affect downstream organizations. The effects can also last long after the attack was first deployed. According to an Identity Theft Resource Center report, “more than 10 million people were impacted by supply chain attacks targeting 1,743 entities that had access to multiple organizations’ data” in 2022. Based upon an IBM analysis, the cost of a data breach averaged $4.45 million in 2023.

What is a supply chain cyberattack?

Supply chain cyberattacks are a type of cyberattack in which a threat actor targets a business offering third-party services to other companies. The threat actor will then leverage its access to the target to reach and cause damage to the business’s customers. Supply chain cyberattacks may be perpetrated in different ways.

  • Software-Enabled Attack: This occurs when a threat actor uses an existing software vulnerability to compromise the systems and data of organizations running the software containing the vulnerability. For example, Apache Log4j is an open source code used by developers in software to add a function for maintaining records of system activity. In November 2021, there were public reports of a Log4j remote execution code vulnerability that allowed threat actors to infiltrate target software running on outdated Log4j code versions. As a result, threat actors gained access to the systems, networks, and data of many organizations in the public and private sectors that used software containing the vulnerable Log4j version. Although security upgrades (i.e., patches) have since been issued to address the Log4j vulnerability, many software and apps are still running with outdated (i.e., unpatched) versions of Log4j.
  • Software Supply Chain Attack: This is the most common type of supply chain cyberattack, and occurs when a threat actor infiltrates and compromises software with malicious code either before the software is provided to consumers or by deploying malicious software updates masquerading as legitimate patches. All users of the compromised software are affected by this type of attack. For example, Blackbaud, Inc., a software company providing cloud hosting services to for-profit and non-profit entities across multiple industries, was ground zero for a software supply chain cyberattack after a threat actor deployed ransomware in its systems that had downstream effects on Blackbaud’s customers, including 45,000 companies. Similarly in May 2023, Progress Software’s MOVEit file-transfer tool was targeted with a ransomware attack, which allowed threat actors to steal data from customers that used the MOVEit app, including government agencies and businesses worldwide.

Continue Reading

Supply Chain Disruptions: Drafting Contract Clauses to Mitigate Risks, Navigate a Breach, Avoid Litigation”

Alexis Chandler will be participating in a CLE webinar on April 2, 2024 from 1pm-2:30pm EDT titled “Supply Chain Disruptions: Drafting Contract Clauses to Mitigate Risks, Navigate a Breach, Avoid Litigation.”  The panel will discuss the following:

  • What are the recent trends in supply chain litigation?
  • What should supply chain contracts include regarding the timing of deliverables in light of global or other disruptions?
  • How can a force majeure provision be drafted to provide an enforceable defense?
  • When should companies abandon commercial negotiations and pursue litigation when suppliers default?
  • What are the latest trends in relation to ESG and supply chain risk management?

Squire Patton Boggs has ten complimentary passes for the webinar.  If you would like to attend, please contact Kristi Vitaz (kristi.vitaz@squirepb.com) by 5pm today, April 1, 2024.  As a bonus, you will receive CLE credit!

You may also register for the webinar here.

White House Issues Executive Order to Strengthen Cybersecurity at US Ports

This is an legal insight prepared by D. Michael Kaye, Sarah K. Rathke, Bridget McGovern, Michael J. Wray, Shea Leitch, John P. Flynn, Darien Flowers, and Michelle Story. Please contact one of the authors with any questions.

On February 21, 2024, the White House issued an executive order implementing various measures to bolster the security of US ports by expanding the US Coast Guard’s authority to regulate maritime cybersecurity, requiring the reporting of cyber incidents and investing in the US port critical infrastructure.

Read the full insight here.

Forced Labor Legal Developments in Europe: EU Council and Parliament Negotiate Final Text for Proposed Regulation

This is a legal insight prepared by colleagues Ludmilla L. Kasulke, D. Michael Kaye, Thomas Delille, Christina Economides, Amjad Wakil, María Vara Pitarch. Please contact the authors with any questions.

While many have focused in recent months on the US enforcement of the forced labor import ban (19 U.S.C. 1307) and the Uyghur Forced Labor Prevention Act (UFLPA) (Public Law No. 117-78), the EU is working on its own set of regulations prohibiting products made with forced labor from entering the EU market.

Read the full insight here.

FMC Announces Hearing on Shipping Conditions in the Red Sea

As Yemen’s Houthi rebels have increased attacks against vessels sailing through the Red Sea and the Gulf of Aden, global trade stakeholders have responded. It has been announced in the media that oil majors and large global shipping lines are suspending shipping operations in the Red Sea.

In light of the current geopolitical climate, the Federal Maritime Commission (FMC) announced that it will hold an informal public hearing on February 7, 2024, to examine how conditions in the Red Sea and Gulf of Aden regions are impacting commercial shipping and global supply chains. The hearing will allow stakeholders in the supply chain to communicate with the FMC on how operations have been disrupted by attacks on commercial shipping emanating from Yemen, steps taken in response to these events, and the resulting effects.

The full insight was prepared by colleagues Michael Wray (Houston), Michael Kaye (DC), John J. Reilly (NY), Darrien Flowers (DC), John P. Flynn (DC), and Jack Kingston (DC).

Council On Supply Chain Resilience Tasked With Strengthening Domestic Supply Chains And Limiting Reliance On Foreign Medical Supplies

November 27, 2023 marked the inaugural meeting of the White House Council on Supply Chain Resilience, a cabinet-level council focused on building and advancing the success of America’s critical supply chains.  The meeting commenced the Biden-Harris Administration’s initiative to provide American citizens with domestic access to medicine and vaccines that have previously been inconsistently available.

Continue Reading

Canada’s Fighting Against Forced Labour and Child Labour in Supply Chains Act Goes Into Effect Soon

On May 11, 2023, Canada passed the Fighting Against Forced Labour and Child Labour in Supply Chains Act(Bill S-211), which will take effect on January 1, 2024 (the “Act”).

The purpose of this Act is to implement Canada’s international commitment to fighting forced and child labor through reporting obligations on (a) government institutions[1] producing, purchasing, or distributing goods in Canada or elsewhere; and (b) entities[2] producing goods in Canada or elsewhere or importing goods produced outside of Canada.

Continue Reading

LexBlog