Will Taiwan be the next supply chain bottleneck for IT?

Taiwan’s semiconductor factories, the source of many of the chips used in the world’s PCs, servers, and mobile phones, operate under a constant threat of disruption.

The threats are both geological (earthquakes frequently force high-tech plants to shut down despite them being built to withstand seismic shocks) and geopolitical: China considers Taiwan to be part of its territory and has repeatedly said it aspires to the “complete reunification of the motherland.” It regularly illustrates its seriousness about reunification by holding military exercises in the seas around Taiwan, including a mock blockade and land bombardment earlier this month.

The US doesn’t have official diplomatic ties with Taiwan, but its Taiwan Relations Act requires it to provide the island with the means of self-defense. The day after China’s exercises concluded, the US began a series of joint military exercises with the Philippines. The drills, running through April 28, include a live-fire attack on a ship and maneuvers in the South China Sea opposite Taiwan.

Against this backdrop of preparation for conflict, a new study by the Center for European Policy Analysis (CEPA) highlights how the world’s reliance on Taiwan’s semiconductor manufacturing capabilities exposes it to critical supply-chain vulnerabilities.

In “Confronting China and Catching Up on Chips,” the Washington, DC, think tank notes that, while the US may be the source of many of the most advanced chip designs, the bulk of the manufacturing happens in Taiwan.

“A Chinese naval blockade of the island, or an outright invasion, would immediately cut off supply of nearly all current production SoCs (systems on chips) designed by the likes of Qualcomm, Broadcom, and Nvidia and supplied by them to Apple, Samsung, Dell, HP, etc.,” the study says. 

Taiwan inside

Even US chip firm Intel could be affected. It’s a rarity among the big semiconductor brands in that it has its own fabs, as chip factories are called, to make the chips it designs—but it also outsources some of its most advanced production jobs to fabs in Taiwan.

South Korea’s Samsung, too, has its own fabs, although the Exynos chips it makes for mobile phones use designs from Arm, but AMD sold its fabs a decade ago and AMD, Nvidia, and Qualcomm have no fabs of their own. Instead, they rely on contract manufacturers known as foundries to make their chips.

The largest foundry is Taiwan Semiconductor Manufacturing Co. (TSMC), which had a 58.5% share of the contract manufacturing market at the end of 2022, according to data from TrendForce. Samsung, too, does contract manufacturing, and has a 15.8% share of the market. Intel’s fledgling foundry business, launched in 2021, has barely a 1% share.

Overall, TrendForce credited Taiwan with 66.9% of the world’s chip foundry business at the end of 2022, with South Korea at 16.7% and China at 7.3%.

But at the top end of the market, Taiwan wields even greater influence: According to the CEPA report, it makes over 90% of the world’s most advanced microchips, those made with a highly sophisticated process technology of less than 10 nanometers.

Network analysis

CIOs need to work closely with chief supply-chain officers to understand their risk exposure in the Asia-Pacific region, says Koray Köse, Gartner’s senior director analyst for supply chain research.

If your organization doesn’t yet have the necessary analytical tools, now is an excellent time to talk CEOs and CFOs into increasing investment in supply-chain risk management, he says.

Those tools will help organizations understand whether they or their network of suppliers are reliant on raw materials, production capacity, or shipping routes in any potential conflict region.

Start with your own organization and Tier 1 partners, and then, says Köse, “Determine the critical lower tiers’ vulnerabilities as effectively as possible using both supplier relations and technologies, like graph technology to uncover key chokepoints.”

Chain reaction

A lack of supply-chain visibility hampered organizational responses to disruptions caused by the COVID-19 lockdowns in March 2020, as well as the blockage of the Suez Canal when the container ship Ever Given ran aground in March 2021.

The Suez incident highlighted the importance of knowing where the goods you rely on originally come from, and how they reach you. Each year around $1 trillion in freight passes through the Suez Canal, but the Taiwan Strait, between mainland China and Taiwan, is the most important transportation route globally, says Köse, with over $5.3 trillion in freight passing through it annually.

Gartner’s 2021 Supply Chain Risk and Resilience Survey found that 70% of enterprises (and 83% of those with revenue above $1 billion) listed improving visibility among their top three priorities to manage risk in the supply chain. Barely half of companies had 90% visibility of even their Tier 1 suppliers; for Tier 2 and beyond, fewer than 4% of companies had such visibility.

Looking beyond visibility

Gaining visibility as far up the supply chain as possible is a key first step, says Köse, but it’s not the only action CIOs should take.

Committing to key suppliers to secure needed volume can help, but he warns against irrational buying. “While safety stock could be nice to have, it’s largely wishful thinking when it comes to the semiconductor space,” and could needlessly tie up critical capital, he says.

And Christopher Cytera, author of the CEPA report that highlighted the geopolitical risks to the semiconductor supply chain, says, “I do not think hoarding is the answer.”

If you do buy up stocks, adds Köse, then it’s important to keep them close to where you want to use them: “Goods bought but left in the region may still be exposed to logistics bottlenecks.”

He says CIOs should consider diversifying their suppliers to different geographic regions, but acknowledges this can be challenging when it comes to semiconductors since many products IT departments rely on contain chips that started their life in Taiwan.

None of these tactics will eliminate supply-chain risk, though, Köse says. Ultimately, it’s about incrementally increasing the time you can keep things running and finding alternatives to concentrated sources of risk.

CIO, ICT Partners, Supply Chain