The //www.cbp.gov/trade/forced-labor/UFLPA” target=”_blank” rel=”noopener noreferrer”>UFLPA at Three Years: Sub-Tier Risk Is the New Frontier

For years, supply chain compliance programs assumed: control direct suppliers and you control risk. Questionnaires went to tier-1 vendors. Audits covered known factories.

Three years after UFLPA took effect in June 2022, that assumption fractured. CBP expanded enforcement beyond finished goods to sub-assemblies and components. Withhold Release Orders now target tier-2 and tier-3 inputs—polysilicon wafers, cotton textiles, aluminum extrusions. For supply chain leaders, the implication is stark: tier-1 questionnaires are no longer defensible.

CBP’s Shift to Sub-Tier Enforcement

UFLPA’s statutory language is unambiguous: the rebuttable presumption applies to goods manufactured wholly or in part in Xinjiang. Between 2023 and mid-2024, CBP enforcement concentrated on finished goods. By late 2024, the enforcement posture fundamentally changed. Sub-assembly and component imports—solar cells, battery management systems, lithium-ion cells targeting EV manufacturers, semiconductor packages, polysilicon wafers—began appearing in CBP detention lists. CBP’s Entity List expanded to 144 entities by early 2025, with roughly 40 percent targeting suppliers below the finished-goods level.

CBP now works backward from import transaction data to map sub-tier exposure, examining cargo manifests, bills of lading, and corporate relationships rather than waiting for self-reported Xinjiang connections. When CBP issues a WRO against a tier-2 component supplier, it creates retroactive compliance exposure for every importer of goods containing that component.

Vendor questionnaire programs cannot capture this scope. Traditional compliance operates on a single-layer model: procurement sends a form to direct suppliers, and if they declare no Xinjiang exposure, risk is marked as managed. This approach has a fatal structural limitation—no mechanism exists to see beyond the first supplier relationship. A semiconductor component may change hands three times before reaching final assembly, but the questionnaire captures only the immediate vendor’s representation.

CBP’s enforcement explicitly rejects the notion that questionnaires substitute for actual visibility. When a WRO is issued, the agency’s investigation begins at tier-2 and tier-3 levels. The importer must prove either that the component did not originate from Xinjiang or that processing substantially transformed the material outside Xinjiang to break the rebuttable presumption. Under UFLPA section 307, goods are presumed produced with forced labor if manufactured wholly or in part in Xinjiang. The importer must present “clear and convincing evidence” to overcome this presumption—documentation of sourcing decisions, traceability records, affidavits from intermediate suppliers, and third-party audit reports. A questionnaire response stating “no Xinjiang exposure” does not meet this threshold. When CBP detention occurs, the burden of proof shifts to the importer to reconstruct sub-tier relationships retroactively, typically at substantial legal and logistical cost.

Sub-Tier Exposure: The EV Battery Example

The automotive sector exemplifies the problem. A major U.S. EV manufacturer sources battery packs from an assembly supplier in Mexico. That supplier integrates lithium-ion cells from a South Korean manufacturer, who sources cathode material from a company registered in Inner Mongolia with operational ties to Xinjiang. CATL (Contemporary Amperex Technology Co.), a major global EV battery supplier, faces repeated WROs related to Xinjiang-connected processing.

The EV manufacturer’s compliance program may contain questionnaires from the direct battery supplier stating cells are produced outside China. Yet CBP’s supply chain mapping uncovers the Xinjiang-connected chain three tiers deep. When CBP issues a WRO targeting battery cells from that producer, the manufacturer must halt battery imports, delaying vehicle production.

A single EV battery pack may contain inputs from 40 to 60 sub-tier suppliers across five countries. Maintaining verified data on all these relationships exceeds the capacity of manual questionnaires.

CBP currently maintains 55 active Withhold Release Orders and 9 active Findings across all forced labor categories. In FY2025, CBP stopped over 7,325 shipments valued at $164.47 million under UFLPA enforcement. Solar cells, polysilicon, textiles, automotive electronics, and battery components dominate the enforcement docket. Critically, CBP discovered nearly all sub-tier exposure through automated analysis of import transaction data and corporate registry cross-referencing, not through customer diligence. This means organizations still relying on questionnaires are operating with a compliance model enforcement has already rendered obsolete.

Building a Defensible Sub-Tier Program

A defensible UFLPA compliance program requires actual visibility into tier-2 and tier-3 suppliers and the manufacturing logic connecting them. Three operational changes are essential.

First, replace questionnaire-only models with multi-source supply chain mapping. A compliance team must understand tier-1 vendors’ suppliers, which materials flow through each relationship, and how costs correlate with geographic sourcing. Import transaction data (bills of lading, invoices, tariff classifications), corporate registries, and supply chain intelligence platforms provide the foundation CBP expects.

Second, establish continuous monitoring rather than point-in-time reviews. One-time questionnaires are obsolete within weeks. A defensible program tracks sub-tier relationship changes, new supplier additions, sourcing geography shifts, and cost movements that signal supply chain redirection. When CBP detains a shipment, the importer should have sourcing records, supplier facility lists, and material traceability documentation prepared.

Third, pre-document substantial transformation analysis. If components contain Xinjiang-origin raw materials, the compliance team must determine whether outside-Xinjiang processing substantially transformed the material to break the rebuttable presumption. A polysilicon wafer sourced from Xinjiang feedstock may qualify if purified, crystallized, sliced, and tested outside Xinjiang. This analysis must be documented, auditable, and defensible under the “clear and convincing evidence” standard before detention occurs.

Compliance teams need systems that aggregate supply chain visibility across import records, corporate ownership data, and facility information, enabling sub-tier mapping that withstands CBP scrutiny.

Sub-Tier Visibility as the Regulatory Floor

Three years of UFLPA enforcement are unambiguous: the rebuttable presumption has become a sub-tier enforcement reality. CBP’s operational focus has shifted decisively beyond finished goods into the materials, components, and processing chains feeding them. The Entity List will continue expanding. WROs will target progressively deeper into supply chains.

Organizations still relying on tier-1 questionnaires operate under a false sense of defensibility. CBP’s operational approach—working backward from import data to map sub-tier relationships, issuing WROs against component suppliers, and expecting importers to prove substantial transformation through “clear and convincing evidence”—assumes visibility that questionnaires cannot provide.

For supply chain leaders, the implication is stark: sub-tier visibility is no longer a competitive advantage. It is the regulatory floor. Importers without multi-tier supply chain visibility face detention, forced purchase refusals, and operational disruption. The question is not whether to invest in sub-tier visibility, but how quickly to implement it.

Sayari’s supply chain mapping platform connects importers to visibility across 4 billion-plus import transaction records, 10 billion corporate registries, and facility location data worldwide, enabling organizations to understand sub-tier exposure and transformation chains before CBP detention reveals them. For compliance teams building defensible UFLPA programs, the platform surfaces sub-tier relationships, tracks supply chain changes, and helps document substantial transformation analysis—the exact capabilities enforcement now expects.

Request a demo to see how supply chain mapping reveals sub-tier relationships and supports defensible UFLPA compliance, or explore Sayari Map for an interactive view of supply chain networks.