Before you read on: Sign up for an essential AGRC webinar with Mahmoud Abuwasel navigating the commercial fallout and diagnosing the cascading operational risks, and the ensuing legal warfare facing multinational corporations following the escalating Middle East conflict. The session will focus on the immediate unseen vulnerabilities in digital infrastructure, sovereign financial controls, and commercial contract viability. Sign up here.

The escalation of conflict in the wider Middle East requires careful but rapid navigation, and you have issued a stark warning that organisations who treat this conflict as a temporary disruption that can be “waited out” will likely face operational failures and unrecoverable losses and liabilities. What should boards and executive teams be doing right now to protect their organisations from systemic geopolitical shock?

The theoretical risk-modelling era is over; we are operating in a kinetic reality. Right now, boards and executive teams must execute a brutal, deliberate transition from a decade-long philosophy of ‘lean cost-optimisation’ to ‘resilience-maximisation’. Operationally, this means deliberately accepting commercial friction:

  • Human Capital: Activating autonomous, multi-modal extraction logistics (air, land, and maritime). The corporate myth that you can outsource your legal duty of care and rely on host-nation civil defence or home-country consular airlifts is a fatal fallacy.
  • Logistical Buffering: Supply chain directors must abandon just-in-time inventory models to aggressively inflate safety stock, mathematically bridging the 30-to-60-day transit gaps caused by the rerouting of maritime logistics around the Cape of Good Hope.
  • Cyber & Asset Defence: Chief Information Security Officers (CISOs) must immediately physically air-gap Operational Technology (OT) and Industrial Control Systems (ICS) from public networks to prevent destruction by state-sponsored wiper malware.
  • Financial Hedging: Treasuries must secure specialised ‘Blocking and Trapping’ (B&T) insurance before assets are permanently stranded in premium zones, while heavily hedging against margin compression via commodity and currency futures.

You have also highlighted the need for corporate leadership to recognise that law itself has become a strategic weapon of survival in times of geopolitical conflict. What does this mean in practice and how should boards and general counsels rethink legal strategy when contracts, sanctions, arbitration, and sovereign power intersect with active military conflict?

In peacetime, corporate law is viewed as a shield of compliance; in a theatre of war, it must be wielded offensively. In practice, this means acknowledging that standard boilerplate legal protections often evaporate upon contact with sovereign warfare. General Counsels must navigate what we call the ‘pedantry of war’.

For example, if a company instinctively reaches for a boilerplate Force Majeure clause simply citing ‘war’, they may face devastating breach-of-contract claims. Under English common law, as proven in the Kosovo/NATO arbitration precedent, tribunals apply a highly conservative definition to the word ‘war’. They may rule that ‘military operations’ or ‘pre-emptive strikes’ do not meet the strict legal definition of a formally declared war. Contracts must explicitly define ‘hostile acts’ or ‘military power’.

Rethinking legal strategy means using the law to pre-empt sovereign overreach. It means aggressively ‘treaty-shopping’, restructuring corporate assets through jurisdictions protected by robust Bilateral Investment Treaties (BITs) to defend against creeping sovereign expropriation (the Lena Goldfields archetype) and extraordinary war taxes (the Gustave Ador precedent). 

It means preparing to bypass potentially hostile or disrupted domestic courts by invoking the ‘Futility Exception’ (the Finnish Shipowners precedent) to catapult claims directly into international tribunals.

How should compliance leaders rethink third-party due diligence and supply chain governance, and how can boards justify higher operational costs to shareholders who have been conditioned for decades to prioritise efficiency?

Compliance leaders must recognise the digital resurrection of the 19th-century maritime doctrine of ‘Continuous Voyage’ (established in the Springbok and Kim precedents). Regulators no longer care about your immediate invoice address or your Tier-1 counterparty in a neutral hub; they care entirely about the ultimate destination of your goods.

With sweeping US economic statecraft authorising 25% secondary tariffs on nations that indirectly acquire goods from Iran, liability now travels infinitely down the supply chain. A legitimate distributor in a neutral third country re-exporting your dual-use technology to a sanctioned entity creates immediate, strict liability for you

Therefore, compliance requires deep, forensic Tier-2 and Tier-3 supply chain mapping and the elevation of statistical ‘red flag’ transaction monitoring above mere reliance on standard End-User Certificates (EUCs), which are now viewed as rebuttable presumptions.

The justification to shareholders is blunt: the era of purely transactional efficiency is dead. ‘Efficiency’ in a warzone is a terminal liability. The higher costs of intensive deep-tier auditing, redundancy, and nearshoring are the necessary price of avoiding existential 25% tariffs, criminal prosecution, and total supply chain paralysis. Resilience is solvency.

Recent drone strikes that damaged multiple Amazon Web Services data centres in the Gulf have been described by analysts as the first publicly confirmed case of a major US cloud provider being taken offline by military action. What does this reveal about the vulnerability of global digital infrastructure in modern warfare?

It shatters the peacetime illusion of the ‘cloud’ as an untouchable, ethereal entity. It reveals the chilling kinetic and legal reality that there is no such thing as purely civilian internet infrastructure in a combat zone.

The physical underbelly of the digital domain; hyperscale data centres, fibre-optic networks, and submarine cables is inherently ‘dual-use’. It simultaneously carries civilian streaming traffic, multi-billion-dollar corporate SWIFT transactions, and the highly encrypted logistical data of state militaries.

The foundational legal precedent here is the 1923 Cuba Submarine Telegraph arbitration. When the US Navy deliberately severed private British telegraph cables during the Spanish-American War, the international tribunal ruled that because the infrastructure supported enemy military coordination, it was a “legitimate measure of defence”. 

Modern cloud providers face the exact same legal vulnerability today. Because these data centres are operationally useful to belligerent states, they are legitimate military targets. If your digital infrastructure is destroyed, international law provides rigorous tests for financial recovery against the warring states.

Many companies affected by the digital outages were not operating in the Middle East at all – their data was simply routed through these Gulf centres perhaps without their knowledge. What critical governance blind spots does this expose regarding cloud architecture and digital supply chains?

It exposes a massive, systemic failure in geopolitical spatial awareness. Corporate boards and CIOs have been lulled into treating the cloud as borderless, entirely forgetting that 95% of international data traffic physically flows through highly fragile, terrestrial choke points and submarine fibre-optic cables in heavily militarised zones like the Red Sea, the Gulf of Oman, and the Strait of Hormuz.

The critical governance blind spot is the assumption that geographic distance from a conflict equates to digital immunity. Boards have historically obsessed over logical perimeters (firewalls, encryption) while completely ignoring the physical geography of their server racks. 

Governance teams must immediately mandate strict data localisation audits. Corporations must ensure their data architectures are physically partitioned, critical corporate data is continuously backed up in geographically isolated, non-belligerent zones, and redundant satellite communications (like LEO constellations) are activated as fail-safes so that a severed maritime cable does not trigger total operational blindness in Europe or Asia.

If governments begin freezing assets or implementing capital controls in response to geopolitical escalation, how exposed are corporations to sudden liquidity restrictions or trapped capital in conflict zones? And what are the key compliance risks for companies that may unknowingly be connected to sanctioned entities or politically exposed networks?

Corporations are entirely exposed. When a host nation faces macroeconomic and military collapse, it reliably deploys blunt capital controls to preserve dwindling national reserves, transforming massive local-currency paper profits into trapped liquidity.

Legally, debtors will attempt to use ‘tender and deposit’ schemes; depositing restricted, worthless local currency with a domestic notary to claim a debt is settled. However, as established in the Iraq Telecom v. IBL Bank precedent, corporations must aggressively bypass the host nation’s collapsing financial system and pursue enforcement of debts against the debtor’s liquid assets held in stable, Tier-1 correspondent banking centres – like New York or London.

Regarding compliance risks: if your physical assets – such as aviation components or heavy machinery – are stranded and happen to belong to an entity that suddenly falls under US sanctions, you suffer total legal paralysis. 

As proven in the UTI v. Iran arbitration, you cannot simply invoke a local artisan’s lien to unilaterally auction off embargoed equipment to recover your unpaid invoices. A private arbitral tribunal has no jurisdiction to bypass sovereign national security export controls (like ITAR or OFAC). Attempting ‘self-help’ liquidation will trigger severe criminal penalties for sanctions evasion.

In a world where maritime chokepoints, cyber sabotage and sovereign expropriation can paralyse companies overnight, how should directors reinterpret their fiduciary duties regarding geopolitical risk oversight?

Fiduciary duty must evolve from passive, backward-looking risk mitigation to active, pre-emptive structural fortification. Directors can no longer outsource geopolitical threat modelling to an annual risk report; it must be a continuous, real-time mechanism embedded directly into capital allocation and C-suite decision-making.

Reinterpreting fiduciary duty means ending reliance on commercial legal myths. For instance, under the Brantley v. BC Unics arbitral standard, it is legally actionable gross negligence to fail to safeguard employee wellbeing, as life safety holds absolute legal supremacy. 

Furthermore, directors cannot assume that port congestion caused by military rerouting allows them to escape demurrage bills under ‘Restraint of Princes’ (as firmly denied in Sanko Steamship v. Navios, which requires direct, forcible governmental action). 

Fiduciary duty now mandates proactively stress-testing contracts, securing indemnities, and structuring operations to survive sovereign theft before the dispute crystallises. Ignoring geopolitical reality is now actionable negligence.

If the current geopolitical fragmentation and economic weaponisation continue to accelerate, what will the governance, risk and compliance function look like in the future? Will GRC professionals need to evolve into geopolitical strategists rather than purely regulatory specialists?

Absolutely. The era of the GRC professional as a passive, box-ticking domestic regulatory specialist is dead. A purely regulatory specialist tells you what the law says on paper today; a geopolitical strategist tells you how a sovereign state will weaponise that law tomorrow to survive a war.

As economic statecraft, sanctions, and tariffs are weaponised to fight proxy wars, compliance has fundamentally become a theatre of war. 

Tomorrow’s GRC function will act as the corporate intelligence agency and the central nervous system of corporate survival. GRC leaders will need to map deep-tier supply webs, forecast the statistical likelihood of host-state resource nationalism, and understand how to navigate wartime environmental cleanup liabilities (the UNCC Gulf War precedent). In a deeply contested world order, GRC will no longer just manage administrative risk – it will practice legal warfare.

Mahmoud Abuwasel is a leading dispute resolution partner with an extensive track record litigating hundreds of matters, with disputed values exceeding hundreds of millions of dollars. Acting as counsel, instructing counsel, and co-counsel, his litigation practice predominantly focuses on disputes before the UAE Courts (on-shore) and off-shore financial centers (DIFC/ADGM). His cross-border expertise also includes acting on complex matters before the courts of New York, England, the PRC, Qatar, and the Netherlands. Mahmoud has represented parties in numerous commercial and investment arbitration proceedings seated across the globe. He possesses deep expertise navigating disputes under a wide array of institutional rules, including the ICC, LCIA, LMAA, HKIAC, DIAC, QICCA, UNCITRAL, and ICSID, as well as ad hoc arbitrations. Recognized for his authoritative grasp of regional jurisprudence, he is frequently appointed as an expert witness on UAE law before international courts, including those in New York, London, and Switzerland, and arbitral tribunals. Mahmoud’s research is widely cited in the fields of international arbitration and UAE governance. His work and insights have been referenced in prominent publications and journals, and his professional qualifications include Supreme Court Solicitor (Victoria, Australia), Registered Practitioner (DIFC, ADGM, and the broader UAE), and Qualified Arbitrator (Canada – empaneled with various global arbitral institutions). He holds a Master’s Degree in Management (including coursework in Constitutional Law) from Harvard University, Juris Doctor (JD) from the University of Southern Queensland, and a Master’s in Islamic Law from Middlesex University.