US supply chain regulations for European-based companies

Supply chain regulations

EU-US relations in the last 70 years have been a fruit of the decision to bring peace and the rule of law. One of the main drivers behind was the economic cooperation between both giants. In 2022 the total exports from EU countries to the US surpassed 500 billion US dollars, which speaks volume about the enormous EU-US potential realized. What often goes under the radar are the different set of rules and regulations which European companies must follow strictly. We can take a very simple example in the food industry with the FDA requirements for nutrition values, which completely differ from those in Europe. However, if you want to sell your goods on the US market, you must provide the technical requirements exactly as requested. If you refuse or forget to comply, there are serious penalties you and your distributor/partner could face.  

The supply chain business is very complex and difficult to manage. Cyber threats are increasing, and compliance with cyber compliance standards is a continuous process. However, there are few issues, which pertain to it:

  • Investments in cybersecurity are expensive and complex. Therefore, it is understandable that small and medium businesses have not given a lot of attention to this. Corporate / Fortune 500 companies invested in their infrastructure and security, and are hard to penetrate. The risk comes when most of the larger corporations use many SMBs as suppliers. The large gap between both sides is a significant vulnerability and is yet to be properly addressed. 
  • Although this has not been the case so far, regulations will touch the supply chain cybersecurity through various tools. Risk assessment, incident response, network security, policies are just part of the whole set of measures companies will need to adopt. Besides the regulators, corporations will gradually also force similar rules and guidelines for work. 

US Cybersecurity regulations

Complying with federal regulations may not be very typical for EU companies, but gradually this business will open up, as the supply chain becomes more interconnected. Although the rules and controls may seem a bit obscure and the abbreviations can confuse the readers, it should be noted that most of them have a very practical meaning. This comes as the big difference between EU and US cyber laws – those on the Old Continent are filled with legislative and rather unclear terms, while the latter ones are strictly guided by NIST best practices. 

DFARS (Defense Federal Acquisition Regulation Supplement) includes specific requirements for contractors doing business with the US Department of Defense. Therefore, EU companies that intend to do business with the agency must adhere to DFARS regulations to ensure compliance. These regulations include cyber security measures, supply chain management protocols, and mandatory reporting of cyber incidents. Failure to comply with DFARS regulations can result in harsh penalties, including termination of contracts and legal action. As such, EU companies should consider implementing DFARS regulations to minimize risks associated with doing business with the US Department of Defense.

Finding a partner, which can lead you through the jungle of US federal requirements and regulations for cybersecurity can be a daunting challenge for the inexperienced and unaware. There are many sides, which you must consider – implementing the correct policies and controls, properly integrating technologies for security (e.g. Zero-Trust), educating both management and employees, incident reporting, threat hunting, risk assessment, change management and others. Diamatix is a EU-based managed security service provider which helps its European counterparts in navigating and correctly assessing the regulation. You can contact us to find out more!

Share