Why compliance must now embrace political and geopolitical risk

Written By Cecilia Pechmeze

The traditional boundaries of compliance are no longer sufficient. For decades, compliance in European companies focused primarily on the implementation of regulations, such as anti-corruption measures, data protection, export controls, and internal procedures. This model assumed a relatively stable global order and a clear separation between legal obligations and political developments.

That assumption is collapsing, and companies must now frame their efforts in the context of intensifying US-China tensions.

1. The US-China rivalry is redrawing the compliance map for European firms

Legal frameworks are no longer neutral. Anti-bribery laws, export controls, sanctions, and investment restrictions are increasingly used as instruments of geopolitical strategy. Both Washington and Beijing now expect their partners to take sides, not just politically, but operationally.

European companies are caught in the crossfire, still awating for the European Union to build a clear strategy and make the uncreasingly inevitable choice between the US and China. While complying with EU law, they may still face secondary sanctions from the US for engaging with Chinese entities. Conversely, compliance with US restrictions may expose them to China’s anti-sanctions regime. The legal fragmentation caused by this new bipolarity means that traditional compliance approaches are no longer sufficient.

2. Risk landscapes are becoming asymmetrical and fast-moving

Corporate compliance teams are well-versed in tracking regulatory changes. But they are not always equipped to detect early signals of political instability, strategic alignment shifts, or emerging zones of confrontation between great powers. Yet these developments are shaping the enforcement priorities of states and the behaviour of regulators.

From foreign investment screening mechanisms to export licensing regimes, European regulators themselves are late to adapting to a more confrontational international order. Meanwhile, decisions taken in Washington or Beijing—sanctions, tariffs, import bans—have immediate consequences for European businesses, even when not directly targeted.

This growing volatility requires compliance teams to monitor not only legal developments, but also political shifts that affect enforcement priorities. A French industrial supplier may find itself under scrutiny not because of what it has done, but because of where it operates or who its clients are.

3. Geopolitical risk affects third-party exposure and corporate integrity

Many compliance failures originate not within the company itself, but in the blind spots of third-party due diligence. In 2025, third-party risk is increasingly geopolitical in nature. Suppliers or agents may become exposed to sanctions, reputational crises, or operational shutdowns not because of any wrongdoing, but because of their strategic location, their ownership structure, or their ties to entities targeted by foreign powers.

Europe’s economic interdependence with China, especially in critical minerals, advanced electronics, and pharmaceuticals, turns third-party due diligence into geopolitical navigation. A firm sourcing equipment from a manufacturer in Xinjiang or operating through a Russian joint venture may technically tick the compliance boxes, until it doesn’t. What mattered was not just legality, but judgment, foresight, and risk-mapping.

Moreover, European companies operating across the Atlantic must, more than ever, integrate extraterritorial US rules into their compliance processes, especially where supply chains touch upon semiconductors, green tech, or cloud infrastructure. Compliance has become a tool to manage strategic dependencies and operational continuity, not just legal integrity.

4. Reputational risk is shaped by the new Cold War

Public and political pressure has intensified. A Western company maintaining operations in China may be accused of supporting authoritarianism. A firm leaving China under regulatory or political pressure may face accusations of economic nationalism or short-termism.

The reputational risks are heightened by Europe's ambiguous position between the US and China. In this fragmented environment, compliance must help shape a company’s positioning—by anticipating how decisions will be perceived by governments, media, and civil society on both sides of the geopolitical divide.

5. The bifurcation of global supply chains is no longer theoretical

For European companies, the fragmentation of global supply chains, once a geopolitical hypothesis, is now a practical reality. In key sectors such as semiconductors, battery technologies, aerospace components, and telecommunications infrastructure, the world is splitting into two blocs: one centered around the US and its allies, the other around China. This bifurcation affects not only where goods are sourced or manufactured, but which standards apply, which technologies are accessible, and which markets remain open.

European firms must now redesign procurement strategies to anticipate potential decoupling measures, embargoes, or politically driven export restrictions. The risk is no longer merely operational, it is systemic. Depending on a Chinese supplier for critical inputs, or integrating US-origin technology into global products, carries consequences that exceed commercial logic. Compliance must reflect this new paradigm by embedding supply chain restructuring and technological alignment into its core mandate.

6. What expanded compliance now requires in Europe

This does not mean turning compliance departments into think tanks. But it does require:

  • Integrating geopolitical risk indicators into due diligence and third-party assessments

  • Developing legal resilience plans that anticipate divergent or conflicting regulatory regimes

  • Mapping exposure to US and Chinese leverage (e.g. technology, rare earths, data localization)

  • Establishing early-warning systems for political decisions with legal consequences

  • Engaging boards and senior management on compliance as a lever of strategic autonomy

Conclusion

In 2025, the confrontation between the United States and China is no longer just a diplomatic concern. It is a structural feature of the business environment—and a core compliance challenge for European companies. The law is no longer neutral. Rules reflect rivalries. Enforcement follows alliances.

Expanding compliance to include geopolitical risk is not an option—it is a requirement for operating safely, sustainably, and independently in a divided world.

Cecilia Pechmeze
Next

NATO's critical raw materials list: legal and strategic stakes for the defence industry