For many manufacturers, supplier data collection can feel like a never-ending exercise. Once a declaration is collected, a box is checked and the instinct is often to move on. When teams are under pressure to reduce program scope, cut costs, or improve supplier response rates, it may seem reasonable to drop certain suppliers from ongoing data collection.
But that decision can create serious risk.
The problem is not simply whether historical supplier data remains available in your compliance system. Often, it does, and many regulators have recordkeeping requirements. The bigger issue is whether that data is still accurate, complete, and defensible when a regulator, customer, or internal stakeholder asks for proof.
When it comes to qualifying your products for market and regulatory compliance, getting data once is not the same as having the right data on hand when you need it.
Compliance Is Not a Point-in-Time Activity
One of the most common misconceptions I see is that supplier data collection is a project with an end date. Once a declaration is received, many organizations assume the risk has been addressed and you can mark the supplier as “complete” and move on. In reality, compliance is not achieved when data is collected. It is proven continuously throughout a product’s lifecycle.
The assumption that historical supplier data will remain accurate indefinitely creates a dangerous blind spot. Products evolve, suppliers change materials, regulations shift, and new information emerges throughout the supply chain. If you stop regularly engaging with your suppliers, you often discover these gaps only when a customer, regulator, or internal stakeholder asks them to prove compliance.
That is why dropping suppliers from a data collection program can create far more risk than you may realize.
Dropping Suppliers Can Create a False Sense of Control
When companies reduce the number of suppliers they collect data from, they may feel like they are simplifying compliance. In reality, they may be narrowing their visibility.
The data may still exist in the system, but that does not mean it is sufficient. Compliance teams need to know:
- Can we trust that the supplier has not changed the part?
- Do we have current declarations aligned with today’s standards and regulatory requirements?
- Can we prove compliance if a customer asks tomorrow?
- Do our supplier change notification processes include composition changes?
- Are we prepared if this supplier is used again in a new product?
- Can we support the product for its full life cycle and required retention period?
If the answer to any of these questions is uncertain, you may be carrying hidden risk.
Compliance Data Has a Long Shelf Life
Manufacturers are required to maintain compliance documentation long after a product is designed, launched, or even discontinued.
For example, the Restriction of Hazardous Substances (RoHS) Directive limits the use of certain hazardous substances in most types of electrical and electronic equipment (EEE). RoHS is legislated under the EU’s New Legislative Framework (NLF), and so compliant products require the CE marking. Under the NLF, companies must maintain a technical file for 10 years after the last unit of that specific product model has been placed on the market. The file must be made available to market surveillance authorities upon request. Supplier declarations collected for RoHS are part of that technical file. That means companies need to retain those declarations for the life of the SKU, plus 10 years.
This is where supplier data collection becomes part of your company’s ability to confidently prove compliance over time. It’s important to keep your suppliers and data and documentation you’ve collected in a trustworthy data management system that is tied to your product BOMs, so that you can provide them to regulators when requested.
The Bigger Risk: Supplier Data Can Become Outdated
A historical supplier declaration may tell you what was true at the time it was collected. But it may not tell you what is true today.
That distinction matters.
In my experience, one of the biggest compliance risks occurs when suppliers change the composition of a part and don’t notify you, their customer. Because most companies’ supplier change management process only requires notification for changes in form, fit, or function, your supplier could legally and contractually change the chemistry of a part without ever telling you. I’ve seen this lead to non-conformance events and blocked market access as well as loss of certifications.
Beyond supplier change notifications, your suppliers may also be collecting data from their supply chains, and they may receive new information since the last time you collected a declaration. This is evidenced by what we’re seeing with customers who are refreshing their PFAS data. Over time, the percentage of parts that contain PFAS continues to rise; declarations submitted to our platform indicate a 49% increase in the presence of PFAS between 2024 and 2025. This can be attributed to suppliers’ better understanding their own materials and uncovering where the PFAS are hidden. If you have only collected PFAS data a single time, you may be missing critical information not only to ensure you’re complying with rapidly developing regulations, but also to manage the risks from obsolescence and litigation that often accompany the use of PFAS.
It’s important not only to keep your suppliers in your data collection program, but to regularly refresh the data rather than assume your suppliers never change the composition of their products or that they haven’t discovered new information.
New Product Development Introduces New Parts
Unless your company is set to only sell what’s currently in your portfolio, you likely have some new product development going on. Even if your design process tries to reuse existing parts, you will likely need to source some new parts and materials, so data collection must be completed when? in order to verify compliance for your new products.
To minimize time and money to continually onboard new suppliers, most manufacturers will buy from existing suppliers as much as possible. If those suppliers are no longer in your data collection program, you will struggle to get new products to market.
Products Have a Mid-Life Compliance Crisis
Manufacturers often focus supplier data collection around new product development. That makes sense. New products require new parts, new suppliers, and new compliance evidence.
But products do not stay static after launch.
Over time, companies may switch suppliers because of obsolescence, sustainability concerns, pricing pressure, availability issues, geopolitics, or supply chain disruptions. A product that was compliant at launch can become exposed to compliance risk years later because something changed in the supply chain.
This is the mid-life crisis of the product. Compliance status must be maintained despite these changes.
A product may still be actively sold, serviced, repaired, or supported. It will still require technical documentation and that documentation needs to be updated as the product (or regulations) change. For example, a new standard or expiring exemptions may drive the need for new documentation. Your legacy products are still subject to customer requests, regulatory inquiries, or market access requirements. If supplier relationships have been removed from the data collection program, the company may not have the current information needed to respond.
The Cost of Missing Data Shows Up at the Worst Time
The consequences of missing or outdated supplier data rarely appear when everything is calm. They show up during audits, customer escalations, regulatory inquiries, product launches, engineering changes, and non-conformance investigations.
At that point, teams are forced into reaction mode. They have to chase suppliers, validate old records, reconcile conflicting information, and determine whether products can continue to be sold. The business impact can include delayed shipments, blocked market access, customer dissatisfaction, increased operational burden, and reputational damage.
In the worst cases, missing supplier data can become the reason a company cannot prove compliance. The company will lose market access, carry a bad reputation with customs agencies, and potentially lose customers and/or future orders due to delivery delays.
When it comes to product compliance, an inability to prove compliance can be just as damaging as non-compliance itself.
Supplier Data Collection Should Match Product Reality
A strong compliance program recognizes that supplier data is not static. Products change. Regulations change. Suppliers change. Materials change. And business decisions made years earlier can affect the company’s ability to respond today.
This is why it’s important not to drop suppliers from data collection programs simply because they seem inactive or low-risk, or are already documented. If all your bases aren’t covered, you could end up in hot water with regulators and key stakeholders.
Maintaining supplier engagement in your compliance program helps you preserve the evidence required for technical files, respond to customer and regulatory requests, manage product changes, and reduce the risk of unexpected non-conformance events.
To learn more about how Assent helps engage suppliers and proactively manage data, book a demo with our experts.
This information is provided for educational purposes only and does not constitute legal or regulatory advice. The information is current as of the date of publication or send. Your organization remains responsible for confirming compliance obligations.
