A wiring harness traced through four tiers. A casting sourced from a region on the Forced Labor watch list. A tier 1 supplier with 800 active suppliers and no part-level map. This is what DDRT compliance looks like in automotive and why building the process behind the template is the real work.
Compliance is no longer a once-a-year exercise
Forced labor enforcement has moved from policy discussion to operational reality. Shipments are being detained. For suppliers bringing goods across the U.S. border, the burden of proof is entirely theirs.
Since forced labor enforcement began, CBP has reviewed more than 16,000 shipments representing roughly $3–3.5 billion in goods, with more than 10,000 denied entry. Once a shipment is flagged, a 30-day response window opens. If the data and documentation aren’t already in place, you’re not responding; you’re scrambling.
In a recent webinar, Building scalable DDRT compliance in automotive supply chains, hosted by Resilinc with AIAG, Yazaki, and industry practitioners, a consistent theme emerged: the companies that are struggling aren’t necessarily the ones with the most complex supply chains. They’re the ones treating DDRT as a reporting exercise rather than an ongoing operational capability.
As Gopkiran Rao, Resilinc’s CMO and webinar host, framed it:
“These aren’t just theoretical questions anymore—they’re operational ones.”
The questions supply chain teams are now fielding daily—Can we prove compliance within 30 days if a shipment is detained? Could a supplier buried three tiers deep expose our entire business?—require answers that exist long before any enforcement action arrives.
What DDRT is actually designed to do
The Due Diligence Reporting Template (DDRT) was developed by the Automotive Industry Action Group (AIAG) in collaboration with Ford, GM, Honda, Nissan, Stellantis, and Toyota—six OEMs that issued a joint letter to suppliers in August 2025 formalizing shared reporting requirements. The goal was to give the industry a single, standardized way to collect forced labor due diligence data, rather than leaving each OEM to build its own ask.
Tanya Bolden, who leads corporate responsibility and supply chain products at AIAG and has been central to the DDRT program’s development, explained the logic:
“The DDRT is structured so it’s not only usable from a customer to their supplier — it is our hope and intent that that supplier could then take that same common template and cascade it to their suppliers.”
The model mirrors how the industry handled conflict minerals reporting: one common template, accepted by all OEMs, that a supplier fills out once and uses across multiple customer relationships. A soft launch with select suppliers began in September 2025, with annual submissions due mid-2026.
One other point Bolden emphasized: the enforcement environment isn’t static. Priorities shift, OEM interpretations evolve, and the template itself will continue to be refined as real-world enforcement data comes back into the system. Building a process that can absorb those changes matters more than optimizing for today’s requirements alone.
The real challenge is scale, not the template
Filling out a DDRT for one supplier is straightforward. Filling it out accurately across hundreds of suppliers, including the suppliers those suppliers rely on, is a different problem entirely.
Consider what scale actually means for a typical automotive tier one: thousands of active parts, each with its own material flow, sourced through suppliers that may themselves source from dozens of sub-tier partners across multiple countries. An OEM compliance request doesn’t ask about your business. It asks about every node in that network that touches the product in question. Most companies don’t have that picture.
As Rao noted, real forced labor exposure rarely sits at tier one or tier two. It sits deeper — in sub-tier suppliers, raw materials, and upstream processes where visibility is typically weakest. Forced labor, like other supply chain risk, concentrates exactly where the data runs out.
That’s what makes this hard. It’s not the template. It’s assembling and maintaining the underlying supply chain data at enough depth and granularity to answer the questions the template asks, and to defend those answers under scrutiny.
Paul Rossi, who works directly with automotive suppliers at Resilinc and previously spent time at Ford, described what separates companies navigating this successfully from those that aren’t:
“It’s people, process, and tools and technology working together to be successful.”
In practice, he pointed to a few consistent patterns: dedicated resources rather than adding this to someone’s existing plate, genuine data governance rather than treating each request as a new collection effort, and a risk-based approach to prioritization. His guidance on where to start:
“Understand the materials and the regions you depend on to build your product — so you can ensure you’re addressing the greatest areas of potential risk exposure.”
What it looks like inside a large supplier: Yazaki’s approach
Marty Wojtowicz, who leads Supply Quality and Business Continuity at Yazaki—a major tier-one supplier operating across thousands of suppliers and parts globally—offered a candid account of what it takes to make this work at scale. The foundation, in his view, is organizational commitment:
“Your organization must commit to supply chain visibility and requirements of your customers and certification bodies for our industry. This has become a very large and complex task. You must have organizational commitment.”
At Yazaki, that commitment produced a dedicated team responsible for business continuity, conflict minerals, forced labor, carbon neutrality, and related compliance requirements, not separate siloed functions, but one team covering the full range. That structure matters because, as Wojtowicz noted, these requirements keep expanding. Organizations that staff each new mandate separately will constantly be catching up.
The team’s foundation is part-level supply chain visibility. After beginning their partnership with Resilinc during COVID, when supply chain disruptions exposed significant gaps in what Yazaki actually knew about their upstream network, they built out a map of their tier-one suppliers at the part and site level. The payoff is direct:
“When we receive a request from an OEM, we’re able to look at all components we sell to that OEM. We evaluate the bill of material, identify which suppliers are on the finished goods that we sell to that customer, and report their status.”
They’ve since extended that visibility deeper. Using Resilinc’s autonomous mapping, Yazaki can now identify the suppliers feeding their tier-one partners, map country-level exposure, and flag where concentration risk is building. That same data feeds sourcing decisions: Resilinc’s supply chain resiliency scoring is now incorporated into Yazaki’s sourcing packages before any award decisions are made.
The practical upside shows up in the platform as well. Yazaki is now using Resilinc’s compliance agent capabilities to send forced labor inquiries to suppliers and is working toward using the platform for customs documentation. These are two areas where the part-level visibility they’ve built becomes directly operational.
It hasn’t been frictionless. Some sub-tier suppliers view their customers as competitors and won’t share information freely. Others are small enough that the person responsible for answering compliance requests also works the shipping dock. Wojtowicz was direct about what this means:
“This isn’t something you can do in between the raindrops and the fires that you’re fighting every day. You must have a dedicated team.”
Yazaki started nearshoring material during COVID to reduce supply chain length and concentration. That decision, made years before forced labor enforcement intensified, is now paying a compliance dividend as well: shorter, better-understood supply chains are easier to trace and defend.
Visibility is the common denominator
Every part of the conversation came back to visibility—not technology, not compliance teams, but the specific, part-level, site-level understanding of where materials come from and how suppliers are connected.
Without it, proving compliance is nearly impossible. With it, DDRT responses become faster, sourcing decisions become more defensible, and the organization is less exposed when enforcement activity spikes.
Bolden made a point worth holding onto: this work isn’t only about compliance. Gaining visibility into the supply chain “not only allows for compliance, but it also allows for better management.” The same infrastructure that helps respond to a CBP detention inquiry also helps manage tariff exposure, evaluate sourcing risk when a new region comes under scrutiny, and make better decisions under uncertainty. The investment compounds across multiple use cases.
Where technology fits in
There’s real utility in tools that help map suppliers, surface forced labor exposure and populate DDRT outputs, particularly at the scale automotive suppliers operate. Resilinc’s agentic AI platform, for instance, combines autonomous supply chain mapping with a conversational AI interface that can identify suppliers on the forced labor entity list, flag country-level concentration risk, auto-populate the DDRT template with supplier and site data, and surface alternative suppliers when mitigation is needed.
Wojtowicz described the practical value of being able to find alternative suppliers through the platform as “very helpful” in situations where consolidation in the supply base had created near-monopoly conditions for certain materials.
But technology only works if the underlying process is there. Rao put it plainly: DDRT is “less about having perfect data and more about having a repeatable process so you can execute under pressure.” A tool that generates a DDRT response quickly is valuable. A tool that generates a response you can’t verify is a liability.
Where this is heading
The enforcement environment is tightening. The forced labor entity list continues to grow. CBP detention volumes are rising. And OEMs are formalizing what were previously informal expectations. The August 2025 joint letter from six OEM purchasing chiefs made clear that annual DDRT submissions are now a customer requirement, not a best practice.
Companies that treat DDRT as a form to fill out when asked will keep struggling. Those that have built it into how they operate with real ownership, real data governance, and clear cross-functional accountability across legal, procurement, and operations will be better positioned both to avoid enforcement problems and to respond quickly when something does get flagged.
A practical starting point
You don’t need complete supply chain data to get started. Most companies don’t have it, and waiting for perfect information is its own form of risk.
What you need is a process that functions under pressure. One that can produce answers when a shipment is flagged and the 30-day window is already running. Tanya Bolden’s guidance from AIAG is direct:
“Be proactive. Start now. Don’t wait until you receive a notice that your goods have been stopped at the border, because if you have not already begun doing your due diligence, it’s not likely you’re going to get it done in 30 days.”
Start with your highest-risk materials and regions. Build visibility there first. Assign real ownership across the functions that would be involved in an actual CBP detention response—because those are the people who need to be on the compliance team. Let that work inform how you expand the scope over time.
The companies further along all started the same way: by making a concrete decision to treat this as an ongoing operational responsibility rather than a periodic reporting task.
