From compliance to connected risk management: what we learned at the EiQ Global Summit 2026


On 24 June, the EiQ Global Summit 2026 brought together senior leaders in responsible sourcing, procurement, sustainability and food safety for a day of expert-led discussion in London.
The agenda spanned the regulatory pressures reshaping due diligence, the case for managing connected risks as one rather than in silos, and what AI is going to mean for the tools we use and the way teams actually work.
Here’s a roundup of what came out of the day.
"Good enough" is no longer… good enough
One of the key messages of the day, set out in the opening keynote, was that the standard for credible due diligence has risen – and that most programmes haven’t caught up. What looked like leading practice 18 months ago is fast becoming the minimum. This gap is regulatory as much as technological.
Under the UFLPA and the EU Forced Labour Regulation, the question is no longer whether a legacy audit scheme could be improved at the margins. It's whether that scheme still passes the regulatory test at all, or whether more sophisticated tools are now needed.
A system that flags risk at country or sector level is unlikely, on its own, to get a product released once it has been detained at an EU border. What’s increasingly required is a granular account of every connected link in the chain.
Products flagged as high risk through a salience assessment are not necessarily the products an enforcement authority will stop. Enforcement decisions are now shaped by trade and political pressures as much as by labour, environmental and human rights concerns. And the pressure is not easing. The volume of products being detained has risen, and the share being released has fallen.
What's needed is two systems running at once. A responsible sourcing programme that meets the underlying standards, and a system that can switch quickly to forensic, product-level due diligence when needed. In perishable categories such as food and beverage, where a detention at the border can be catastrophic, the ability to demonstrate mitigation through documentation and evidence is what saves the shipment.
Compliance alone will not be enough. Companies have never been more scrutinised, by regulators, investors, media and consumers. Regulation is reactive by nature, not predictive. The strongest programmes sit a layer above compliance, reading the pressures shaping stakeholder attitudes today to see where regulation and enforcement are heading next.
Risk doesn’t respect your org chart
Another central theme was connected risk management. When something goes wrong at a factory, it's rarely confined to one team's remit. The same incident may be an environmental problem, a labour problem and a reputational problem all at once.
Silos are largely a product of how organisations are arranged. You may have responsible sourcing, environmental performance, reporting and human rights sitting in different teams, reporting into different places, and using different systems – all while talking to the same suppliers.
Liam Salter of RESET Carbon made this case in the environmental session. Brands routinely run carbon, water, waste, chemicals and wastewater as separate programmes, often through separate teams. Yet a large share of the environmental data points a supplier collects are duplicated across these schemes – driving cost, fatigue, and a defensive, reporting-as-compliance mindset on the factory floor.
Treated as one programme, the economics change. One case study shared in the session looked at a tier-2 apparel facility in Pakistan, where an integrated carbon, water and chemicals roadmap produced a projected net saving of around $200,000 over five years. Energy and water gains effectively paid for the chemicals investment, which a siloed approach would have treated as pure cost.
The point is not that integration is virtuous, but that it unlocks value the siloed model cannot reach.
Kimberly Coffin shared how food safety shows us the same connectivity from another angle. Two years ago, an investigation traced tomatoes from China into an Italian processing facility, where the tomatoes were relabelled as Italian. That single incident presented three risks at once: a forced labour exposure, food fraud, and a food safety risk. Retailers would have screened for the chemical residues expected of Italian tomatoes, not Chinese ones.
One incident affecting three teams, with no single view of the problem.
Set a responsible sourcing due diligence programme next to a food safety one and the skeleton is almost identical. Connected risk management is less about demolishing silos and more about recognising a connectivity that was always there, so a finding in one area becomes an early warning in another.
AI doesn’t just speed the work up – it changes what the work is
The day's most forward-looking session asked what risk management will look like in five years. The argument is that AI doesn't just speed up the existing work; it automates and removes much of it.
The shift underway is from tracking process metrics to tracking whether the real issues are getting fixed. A great deal of the work in our industry today goes into the scaffolding around that – the reporting, the planning, the audit scheduling, the strategy decks. When AI collapses a six-month compliance project into a day, that scaffolding falls away, and what's left is the substance of the role: working with suppliers on the problems that actually need solving.
One caveat ran underneath the optimism. AI is itself a new source of risk, not just a tool against it. Decisions are starting to move toward automation on the factory floor, and those decisions need governing. Human judgement, supplier relationships and on-the-ground knowledge do not disappear in this future. They become the part of the job that matters most, because humans remain accountable for the process and the outputs.
Better data = better action
In summary:
- The bar has risen because the world is moving faster than annual, siloed, compliance-led cycles can track.
- Connected risk management is the structural response.
- AI is what makes it achievable at scale, provided teams are willing to change how they work.
So will you wait for the next regulation to land? Or will you build for what comes next?
The EiQ Global Summit comes to New York on 23 September 2026. Register here.
Related Posts
Discover more insights from our blog.

The myth of the safe sourcing market: why reputation does not equal risk data
Just how safe is a "safe" sourcing market? Reputation and heritage are not the same as risk data. The gap between them is dangerous.

Workers Pay the Price: The Wider Supply Chain Impact of Middle East Instability
Instability in the Middle East is increasingly being reflected in global supply chain disruption as a set of interconnected pressures moving through energy systems, labour structures and manufacturing networks.

Supply chain clarity: avoid disruption from the EU Forced Labour Regulation
The EU Forced Labour Regulation (EUFLR) marks a clear shift in how forced labour risk is addressed in global supply chains.