Digital Transformation: Evolving Business Models And Evolving Risks (Manufacturer's Edition)

In this, the second edition of our digital transformation series, we explore some of the key disruptive technologies that are playing a role in digitising the traditional manufacturing business model.

The manufacturer model consists of the purchasing and transformation of raw materials and stock into semi-complete or finished products. In this article, we unpack several technologies that are being used to streamline workflows, supply chain management, and to automate factories and warehouse management. The main advantage for manufacturers in digitising their business is that by correctly leveraging these disruptive technologies, they can strive towards achieving a 'smart factory.' Smart factories rely upon data collection, data analytics, and factory automation to improve productivity, and efficiency, enhance product quality and to reduce manufacturing costs and expenses.

Typically, the legal issues that manufacturers would need to consider when digitising include but are not limited to the following:

• 3D printing
  3D printing refers to the process where physical objects are 'printed' from a 3D digital model or drawing. Manufacturers have started using 3D printing as a means to quickly print spare or replacement parts, and safety equipment (such as gloves) and for printing prototypes of products. Manufacturers should establish policies for intellectual property rights management in 3D print designs and should monitor 3D printing activities to guard against third-party IP infringement claims. Furthermore, manufacturers should conduct quality assurance tests and implement audit-trail measures to ensure compliance with product safety regulations or any other applicable standards which may apply to the products. The procurement of 3D printing technologies is also critical in mitigating legal risk when employing 3D technologies.
• Application programming interfaces ("API") and middleware software
  If manufacturers use APIs to interface with any systems, robots, or IoT devices, they will need to ensure that they have considered any applicable API licence terms as well as the API provider's terms of use and undertaken a legal risk assessment and implemented appropriate contracts.
• Artificial Intelligence ("AI")
  Some of the main applications for AI within the manufacturing business include predictive maintenance, quality control testing, demand forecasting, and process optimisation in production lines and other factory or manufacturing processes. However, before AI technologies are deployed, manufacturers should ensure that they complete impact assessments which address the AI technology's data privacy, cybersecurity, and ethical risks. Furthermore, to the extent that AI will be used in respect of any plant machinery or robotics, manufacturers must ensure that there are proper checks and balances in place to prevent physical injury and/or death of employees. Manufacturers should also ensure that they have implemented workplace policies regulating employee use of AI technologies as well as the information which may be shared with such AI technologies.
• Augmented reality
  Augmented reality is used by manufacturers to build, test, and analyse products or prototypes before they are physically built. Additionally, augmented reality can be used to provide employees with interactive training or to provide employees with an interactable guide that guides the employee based on the machinery or plant equipment which they are interacting with. As with any other IT procurement, there needs to be a sound IT services contract in place which deals with, inter alia, warranties and indemnities provided by the AR services provider, ownership over any AR assets developed specifically for the manufacturer as well as service levels.
• Big data analytics
  Big data analytics involves analysing large volumes of data ("big data") to uncover commercially valuable information, such as market trends and consumer preferences. These data insights will be used to drive key strategic decisions. For manufacturers big data has the potential to lead to, amongst others, reduced operating costs and improved productivity. However, manufacturers must ensure that they have obtained consent or that one of the other lawful grounds for the processing of personal information is presented before processing any personal information. Furthermore, manufacturers should have a clear-defined data monetisation strategy which documents their data analytics and commercialisation processes.
• Outsourcing solution development
  Manufacturers must ensure that any efforts to digitise their business operations is underpinned by a sound agreement with their development or implementation partner. The manufacturer must ensure that the agreement clearly defines the service levels which will apply to the software solution, for example, uptime, availability, latency or other key performance indicators or metrics.
• Cyber-physical systems ("CPS")
  This involves the integration of physical processes (such as manufacturing and assembly lines) with digital technologies. The more interconnected that the process becomes, the more risk is introduced into the manufacturer's business. In this regard, manufacturers must remain cognisant of potential cybersecurity vulnerabilities which could lead to data breaches, service disruptions (or in the worst case, entire plant or production line outages), as well as other potential legal liabilities for damages caused by CPS failures (for example, liabilities towards other parties in the supply chain).
• Cybersecurity
  With any technologies or systems introduced by manufacturers, these need to be properly vetted and manufacturers must ensure that they have appropriate contracts in place which serve to protect the manufacturer's interests.
• Data privacy
  Data privacy is an essential component of digitisation, especially where retailer and/or supplier data is being processed. Compliance with legislation such as the Protection of Personal Information Act, 2013 and the Promotion of Access to Information Act, 2000 is mandatory in this regard. As is the case with retailers, manufacturers should also undertake privacy impact assessments and follow privacy-by-design principles, to imbue their digitisation efforts with privacy compliance;
• Digital twins
  Digital twins are digital replicas of physical spaces or objects. Manufacturers use digital twins of warehouses and factories to track stock levels, and stock movements, as well as for security monitoring purposes. Manufacturers should require that the IT services agreement in place with digital twin service providers addresses data privacy and security concerns. Furthermore, ownership over the bespoke development (for example, digital twins created in a specific warehouse or factory) should vest within the manufacturer.
• Internet of Things ("IoT")
  Manufacturers are introducing IoT devices into their factories, warehouses, and overall operations. Common applications of IoT devices include real-time monitoring (through sensors and other devices), data collection, and predictive maintenance (for example, where smart sensors are used to detect when machinery parts require maintenance). IoT devices introduce a myriad of risks, including most importantly data privacy and cybersecurity risks, as the devices are susceptible to hacking. Before implementing IoT devices in the manufacturing process, manufacturers should undertake a detailed risk analysis of any IoT devices intended to be deployed and implement appropriate policies and procedures to properly regulate the use of IoT devices.
• Machines versus jobs
  Manufacturers should also consider the implications for job displacement in the workplace through automation. If there is a possibility that employee jobs will be displaced, manufacturers should ensure that they have considered and complied with employment laws and regulations.
• Supply chain management tools
  Manufacturers should conduct proper due diligence on their suppliers, logistics partners, and other props to ensure compliance with regulatory requirements and industry standards. Negotiate clear contracts addressing data ownership, confidentiality, and liability issues. Implement supply chain transparency measures and audit trails for compliance verification. It is critical that manufacturers consider their supplier-facing terms and conditions, and these terms and conditions must accord both with consumer protection and other laws, as well as embeds, sound commercial terms and conditions.
• Manufacturing Execution Systems ("MES")
  MES are modern industrial technologies which act as a bridging/middleware between ERP systems and the manufacturer's physical floorplans (such as factories, assembly lines, and warehouses). MES enable real-time monitoring, control, and optimisation of manufacturing processes, fostering enhanced efficiency, quality assurance, and regulatory compliance. Through collating and integrating data, information, and statistics from various sources such as production machinery, sensors, and inventory systems, MES empower manufacturers with insights for continuous process optimisation and improvement. Before procuring and implementing any MES technologies within one's organisation, manufacturers should complete a data map and understand the flows of data and information within its organisation as well as implement access controls to the MES's access to such data information. Contracting and appropriate service levels also play an essential part in risk management.
• Enterprise Resource Planning ("ERP") Systems
  ERP systems are software tools used to streamline and automate core business functionality and processes. In the context of the manufacturing industry, ERP systems are utilised for inventory management and stock-keeping, supply chain management, and financial and other reporting. Manufacturers must ensure that they have robust contracts in place which regulate, inter alia, implementation, operationalisation, maintenance, improvement, and replacement of ERP systems. ERPs can expose manufacturers to a myriad of risks including data privacy risks, vendor lock-in and high switching costs, intellectual property risks, business disruption and various other commercial, legal, and even regulatory risks. To mitigate these risks or reduce the risk probability to acceptable levels within the manufacturer's risk appetite, such a manufacturer should conduct proper vendor due diligence before procuring and operationalising any ERP systems. As an ERP system is often the most critical system for a business, manufacturers must adhere to sound contracting processes including attention paid to service levels, business continuity, disaster recovery and appropriate contractual safeguards.
• Telematics
  Telematics refers to technologies used for the monitoring of vehicles and other mobile assets in real-time using GPS and other tracking technologies (including onboard diagnostic systems and sensors). As is the case with the abovementioned technologies, manufacturers will need to ensure that have legally robust contracts in place with such technology service providers. However, with respect to telematics, manufacturers must ensure that their agreements regulate, inter alia, liability, indemnities, and service levels with a specific focus on accuracy levels and other performance metrics. Furthermore, manufacturers need to ensure that they have obtained insurance coverage and implemented risk management strategies in place to mitigate the risks introduced by telematic systems. As telematics are heavily dependent on both interactions with third parties as well as data, both contracting and data compliance must be considered as part of the due diligence process prior to appointing service providers or engaging with customers or end users.

The above is a non-exhaustive list comprising some of the key considerations that manufacturers need to account for when digitising their factories, warehouses, supply chains, and operations. It also serves as a useful checklist for manufacturers to be able to assess the compliance of their existing digitisation processes. In our next edition, we will further explore the key considerations for service-based businesses when digitising. To read our first article in this series, Digital Transformation: retailer's edition, click here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.