Blockchain-Based Risk Management in Cross-Border Data Supply Chains: A Comparative Analysis of Alibaba and Infosys

Abstract

Cross-border data flows are critical to the operation of global supply chains, particularly for digital enterprises such as Alibaba and Infosys. However, these flows introduce substantial challenges related to digital supply chain risk and cybersecurity management. This study examines how blockchain technology addresses these challenges within the operational contexts of Alibaba and Infosys. Unlike earlier research that often focused on sector-specific implementations or conceptual models, this study positions its findings within broader empirical evidence on blockchain-enabled supply chain governance, offering a comparative perspective that has been largely absent in prior work. Using an explanatory mixed-methods approach, the research combines thematic analysis of 85 peer-reviewed studies with in-depth case evaluations of the two firms. NVivo-based qualitative coding was applied to supporting sources, including GDPR audit reports, blockchain transaction records, and company disclosures. The findings demonstrate that blockchain adoption reduces cybersecurity breaches, enhances data integrity, and improves supply chain resilience. The study further shows how blockchain integration strengthens digital collaboration and regulatory alignment, enabling secure and uninterrupted data flows that support operational continuity and innovation. Overall, the research offers practical insights for digital enterprises and contributes to a deeper understanding of blockchain’s strategic role in cross-border data risk management.

1. Introduction

Cross-border data flow (CBDF) is becoming an essential component of contemporary global supply chains in the age of digital globalization. These flows allow multinational enterprises, such as Alibaba and Infosys, to cross geographical borders, combine logistical operations, automate financial transactions, and provide highly customized, data-driven services [1]. The seamless transmission of digital information significantly improves operational efficiency and global competitiveness, thereby increasing productivity across industries. However, this high level of interconnectivity also introduces substantial risks, particularly in the areas of cybersecurity and digital supply chain management, which are exacerbated when operating across national borders [2].

CBDFs offer numerous operational benefits, although global supply chains are still susceptible to risks such as data breaches, cyber assaults, and noncompliance. These flaws worsen because of arguments between countries, different rules for handling data, and several sets of regulations. In 2023, organizations were required to pay a total of more than USD 4.3 billion for GDPR (General Data Protection Regulation) violations; simultaneously, the frequency of cyberattacks on supply chains increased by approximately 63% [3]. These developments highlight the limitations of conventional security mechanisms, which are often inadequate for securing complex, distributed digital ecosystems.

Such risks affect global digital enterprises with a significant international presence. Because Alibaba makes USD 30.7 billion a year and Infosys almost $19 billion, it is clear that online actions and global information sharing have a significant impact on these companies [4]. Traditional corporate technology, such as RFID (radio frequency identification), IoT, and cloud computing, can address only a portion of these difficulties. Likewise, new technologies are vulnerable to tampering, while cloud infrastructures often fail at just one point [5]. As a result of these shortcomings, we have seen more cases of cyber-attacks on supply chains, which show why we need strong, unchanging, and decentralized systems.

In this scenario, blockchain technology has emerged as a viable solution to these systemic issues. Blockchain combines cryptography with automatic contract processing, which eases the exchange of information across global supply chains safely and transparently [6]. This turns supply chain risk (SCR) management from reactive to active. For instance, Alibaba’s linking of blockchain and IoT reduced international counterfeiting by 62%, and Infosys’s smart contracts reduced manual auditing to 35 h per week after being made GDPR-compliant. However, the academic literature remains fragmented, either focusing on specific technologies or ignoring broad, cross-border viewpoints [7]. Therefore, this research endeavors to address these gaps by investigating the following questions:

• To what degree can blockchain alleviate the detrimental consequences of SCR on CBDFs?
• How can the strategic use of blockchain improve the management of CBDFs in a way that boosts innovation, efficiency, and global competitiveness?

Apart from focusing on the primary research question, this study also makes three distinct contributions to the literature. First, while previous studies on blockchain in supply chains have largely concentrated on isolated industries, such as manufacturing or healthcare [8], or have emphasized conceptual analyses with limited empirical validation [9], few works have examined blockchain’s role in managing digital and cybersecurity risks in cross-border data environments, particularly through comparative case designs [10]. Addressing this gap, the present study situates its analysis within both theoretical and empirical debates, thereby offering a grounded understanding of blockchain’s application in complex global supply chains. It investigates real-world blockchain adoption practices by digital giants Alibaba and Infosys, assessing multiple risk dimensions and providing empirical evidence of tangible benefits such as a 44% reduction in cybersecurity breaches, 30% faster customs clearance, and 52% lower compliance costs. Second, this study theoretically contributes by applying the resource-based view (RBV), dynamic capabilities theory (DCT), and system of systems (SoS) theory to explain how blockchain acts as a resource and capability that helps a company overcome logistical, financial, and regulatory challenges by combining various systems. This theoretical framing explains how blockchain enables firms to navigate logistical, financial, and regulatory complexities by integrating diverse systems into cohesive, adaptive networks. Third, this research reframes CBDFs as valuable economic assets rather than regulatory constraints, highlighting the significance of blockchain in allowing predictive analytics and increasing competitive advantage. In this way, this study offers actionable insights for digital enterprises, policymakers, and supply chain managers by showcasing how blockchain can be strategically leveraged to mitigate multidimensional risks and drive operational efficiency in cross-border data ecosystems. By aligning theoretical foundations with enterprise-level evidence, it offers a roadmap for enhancing resilience, compliance, and value creation in the evolving global digital economy.

The paper is organized as follows. A comprehensive literature review of blockchain, CBDFs, and SCR is presented in Section 2. Theoretical foundations are delineated in Section 3, which also establishes a comprehensive conceptual framework. Section 4 explains the case study background of both enterprises. The research methodology, which encompasses research data, design, sources, and analytical instruments, is elaborated upon in Section 5. The risk assessment and thematic findings related to sample enterprises are examined in Section 6. Section 7 offers thematic results and blockchain-enabled risk mitigation for both categories. Section 8 provides policy implications and future research recommendations, and the last part offers a conclusion and also addresses the limitations.

2. Literature Review

2.1. Blockchain in Cross-Border SCR Management

Blockchain has garnered increasing attention as a decentralized, tamper-resistant technology capable of transforming SCR management, particularly in cross-border contexts. Its applications span several domains, including logistics transparency, cybersecurity, and regulatory compliance [11]. Various scholars have demonstrated how embedding blockchain in supply chains can reduce different types of risks. Such as, Saberi et al. [12] argue that blockchain enhances supply chain transparency and traceability, reducing information asymmetries and delays in international transactions. Fridgen et al. [13] highlighted that blockchain-based networks greatly reduce barriers to establishing secure multiparty computational programs for supply networks, thereby helping to tackle systemic risks. Similarly, Min [14] found that blockchain-based smart contracts can automate compliance processes, thus reducing the risk of regulatory violations in cross-border exchanges. Lai, Wang [15] suggested that sourcing operations represent a critical area for early blockchain adoption in SCR management, as their research using an analytic hierarchy process (AHP) showed that blockchain could reduce risks through improved sourcing transparency and traceability.

Etemadi et al. [16] examined blockchain’s role as a vital component in mitigating cyber and disruption risks, especially in light of severe supply chain disruptions like those caused by COVID-19. Xiong et al. [17] found that blockchain-enabled supply chains could alleviate pandemic-related impacts through enhanced transparency and real-time information sharing. Blockchain’s support for demand and supply monitoring helps organizations respond proactively to shocks and disruptions, ensuring operational continuity. Similarly, Lee et al. [18] proposed a mixed blockchain platform, noting that it facilitates preemptive supply chain management (SCM), enabling early intervention to avoid risks during emergencies. In addition, Chaudhuri et al. [19] argued that awareness of blockchain’s benefits, combined with resilient organizational practices and comprehensible application, could positively affect the intention to embrace blockchain for SCR management. These studies collectively underline blockchain’s promise for SCR mitigation but often focus on isolated functions or regional settings, limiting generalizability in multinational, data-intensive ecosystems.

2.2. Research Gap in Blockchain-Driven SCR Studies

Despite growing interest in blockchain’s role within SCR management, critical gaps persist in the current literature, particularly concerning its application in managing CBDFs for digital enterprises like Alibaba and Infosys that operate across divergent regulatory systems (e.g., GDPR vs. DPDP Act). For instance, reference [20] emphasizes blockchain’s potential in enhancing sourcing transparency but overlooks the complex regulatory challenges faced by multinational corporations. Similarly, reference [21] explores systemic risks in supply chains but does not substantiate its claims with implementation evidence from large-scale digital enterprises. Meanwhile, reference Etemadi, Van Gelder [16] assesses blockchain’s role in mitigating cyber risks, yet their analysis lacks empirical validation from globally integrated platforms like Alibaba or Infosys. These limitations reveal a broader deficiency in studies that link blockchain adoption with tangible operational outcomes across diverse regulatory environments. There is a notable absence of integrated models that combine empirical performance data with robust theoretical foundations to assess blockchain’s strategic role in enabling secure and efficient CBDFs. Blockchain is acknowledged as a promising tool in SCM; however, its full potential in addressing international cybersecurity threats and regulatory complexity remains underexplored.

Therefore, this research contributes a comprehensive global supply chain adaptability model, grounded in theoretical integration and validated by empirical insights from Alibaba and Infosys. The study conducts a dual case analysis of Alibaba and Infosys, two digitally mature enterprises, highlighting measurable impacts such as a 30% improvement in customs efficiency and a 52% reduction in compliance penalties. By incorporating RBV, DCT, and (SoS) frameworks, the study develops a conceptual model that positions data integrity as a strategic business asset. This model further explores how blockchain facilitates innovation through predictive analytics and demand forecasting capabilities essential for global competitiveness.

3. Theoretical Framework for Blockchain Integration

To contextualize blockchain’s strategic role, we integrate three theories: the resource-based view (RBV), dynamic capabilities theory (DCT), and system of systems (SoS) theory. Together, they help conceptualize blockchain not just as a technology but as a driver of organizational resilience, strategic capability, and ecosystem integration.

3.1. Resource-Based View

According to the RBV, companies sustain competitive advantage through the use of unique resources that possess valuable features and are hard to imitate. Blockchain exemplifies such a resource in the context of cross-border SCR management. Streamlined data security is achieved through the decentralized and immutable blockchain ledger, which serves as an unmatched tool for borderless and jurisdictional protection of data integrity [22]. For instance, blockchain provides Alibaba with a decentralized and immutable ledger system that safeguards 450 million annual transactions better than any centralized system could. Likewise, cryptographic audit trails offered by blockchain help Infosys to reconcile compliance across the EU and Indian markets [23]. These applications illustrate blockchain not only as a technological tool but as a strategic resource that enhances supply chain reliability, addresses cybersecurity threats, and mitigates financial and regulatory risks in international operations. Thus, in the context of this study, RBV helps explain how blockchain adoption by firms like Alibaba and Infosys transforms technological capability into sustained competitive advantage in cross-border SCR management. Recent empirical research supports RBV’s application to digital infrastructures, showing that blockchain capabilities act as scarce and inimitable resources that enhance firms’ resilience in volatile regulatory settings.

3.2. Dynamic Capabilities Theory

DCT emphasizes a firm’s ability to integrate, build, and reconfigure internal and external competencies to address rapidly changing environments [24]. DCT characterizes blockchain as an enabler of enterprise dynamic competency development, which permits swift responses to market and regulatory changes. Through real-time supply chain tracking functionality, blockchain gives enterprises visibility to monitor products, which enables them to quickly adapt their operations when market conditions change [25]. Alibaba’s integration of blockchain into its logistics network demonstrates an ability to reconfigure operational infrastructure to support faster customs clearance, reduce compliance costs, and manage data privacy challenges across borders. Likewise, Infosys uses smart contracts and blockchain audit trails to adjust to European data governance standards dynamically, reducing manual audits by over 70%. These responses reflect not just technological adoption but a continuous renewal of firm capabilities [26]. In this study, DCT provides a valuable lens to understand how Alibaba and Infosys transform blockchain into a capability, not merely a tool, but embed it in organizational processes to rapidly respond to external shocks, reduce uncertainty, and create agility in managing global SCR. This aligns with studies demonstrating how blockchain strengthens firms’ dynamic capabilities, particularly in enabling rapid adaptation to evolving compliance requirements and cybersecurity threats.

3.3. System of Systems Theory

SoS theory is particularly relevant to complex environments where multiple independent systems interact to form integrated and adaptive networks [7]. In cross-border supply chains, SoS is applicable because operations span logistics, finance, compliance, and data security, all operating under different institutional frameworks [27]. The blockchain serves perfectly as a shared secure record-keeping system to track vital supply chain data in the SoS framework networks. Alibaba’s ecosystem, including logistics via Cainiao, financing via Ant Group, and regulatory compliance, is a prime example of an SoS connected through blockchain for holistic risk mitigation [28]. Similarly, Infosys integrates client ERP systems, regulatory databases, and compliance protocols via blockchain to form an interoperable risk management framework. Therefore, SoS theory supports the view that blockchain enables higher-order integration across distinct organizational and national systems. This reinforces the present study’s argument that blockchain is not only a technology but a unifying infrastructure that manages complexity, ensures interoperability, and enhances systemic resilience in international supply chain operations. Empirical investigations in distributed systems research confirm the relevance of SoS thinking, highlighting how blockchain fosters interoperability across heterogeneous platforms and facilitates collaborative resilience in global networks. Figure 1 represents the overall summary of the theoretical integration of the study.

4. Case Study Background

4.1. Alibaba’s Supply Chain and Blockchain Integration

Launched in 1999, Alibaba grew to become a world-leading e-commerce platform that includes the popular websites Tmall and Taobao while maintaining influential operations at home and abroad. The enormous transaction data available to Alibaba allows the company to develop a “double chain” financial model built from blockchain integration with SCM to boost operational speed and tracking visibility and maintain system security [29]. The infrastructure under this model delivers strong support to Alibaba’s extensive e-commerce platform and enables secure transaction data management across international borders. To facilitate cross-border logistics, Alibaba established Cainiao, its innovative logistics network, which uses blockchain technology to allow real-time data sharing, secure tracking, and predictive analytics for global delivery optimization. Given the complexity of international regulatory environments, Alibaba’s blockchain integration ensures both data integrity and alignment with varied compliance standards [30].

For small and medium-sized enterprises (SMEs) operating within Alibaba’s ecosystem, CBDFs present a unique challenge. Through its financial technology arm, Ant Group, Alibaba leverages blockchain to offer secure and transparent supply chain financing solutions that streamline access to capital for SMEs while ensuring cross-border financial data remains compliant with international privacy regulations [31]. Together, these initiatives reflect Alibaba’s strategic commitment to building a resilient, scalable, and regulation-compliant digital supply chain architecture. However, despite these advancements, challenges remain. The company continues to face interoperability issues between its blockchain systems and the diverse legal frameworks of partner countries. Moreover, the evolving nature of global data privacy laws requires Alibaba to continuously adapt its compliance mechanisms to uphold leadership in cross-border SCR management [32].

4.2. Infosys’s Supply Chain and Blockchain Integration

Infosys was founded in 1981 and has become one of India’s leading global technology services and consulting organizations. It is known for its digital transformation expertise and offers a range of services, including consulting, application development, maintenance, and outsourcing across multiple sectors. Over the years, Infosys has established itself as a pivotal player in the IT services domain, supporting businesses as they navigate the complexities of the digital economy. With the surge in digital operations, secure and efficient CBDFs are increasingly vital for companies functioning globally [33]. The risks associated with CBDFs in Infosys’s operations are multidimensional, encompassing regulatory compliance, cybersecurity threats, and potential operational disruptions. As data protection regulations become more stringent across various regions, Infosys helps enterprises address complex legal requirements and maintain compliance. Additionally, with the rise in cyberattacks targeting supply chain networks, Infosys has intensified its focus on cybersecurity to protect sensitive client and operational data from breaches [34].

The growth underlines Infosys’s stability and efficiency in a competitive industry, with blockchain playing a crucial role in its strategy to enhance secure data handling in cross-border supply chain contexts. By prioritizing innovation and resilience, Infosys is a trusted partner for global enterprises, supporting their digital transformation journeys and contributing to sustainable growth within increasingly complex regulatory landscapes [35]. However, Infosys still faces challenges adapting to the rapidly evolving global regulatory landscape, as new data protection laws and compliance requirements vary across regions. Additionally, despite its efforts to bolster cybersecurity, the company continues to confront the growing threat of sophisticated cyberattacks that target its systems and clients, potentially jeopardizing sensitive data.

5. Materials and Methods

5.1. Research Design and Data Collection

The present research employed an explanatory mixed-methods design, combining case studies of Alibaba and Infosys with a structured literature review of blockchain applications for CBDFs’ risk management. The data sources included publicly accessible corporate publications such as annual reports, compliance audits, blockchain implementation whitepapers, and digital transformation case studies. Notably, all references to blockchain records, GDPR audits, and transactional risk data in this study were derived from publicly available documentation and not from internal, proprietary datasets. For Alibaba, sources included Cainiao logistics reports and the Alibaba Cloud Developer Documentation Hub, which outlines blockchain integration frameworks and real-world implementations. For Infosys, data was extracted from Infosys Knowledge Institute publications, publicly released compliance use-cases, and industry reports (e.g., KPMG Global Technology Services Review).

We also extracted secondary data from 85 peer-reviewed articles indexed in Web of Science and Scopus databases, which contained the search terms blockchain, supply chain risk, and cross-border data flow. While these sources were not included as direct evidence, they played a critical role in shaping the NVivo coding taxonomy, risk classification categories, and the integration of theoretical frameworks. These articles were used to triangulate terminology, validate emerging themes, and contextualize risks within the broader discourse on blockchain adoption and digital SCM. The complete list of reviewed articles, including metadata and publication details, is provided in Supplementary Materials; the various sources are described in

Table 1. Data sources and descriptions.

Source Name	Description	Data Nature	Sources Link
Cainiao Logistics Reports	Reports on Cainiao’s logistics infrastructure, blockchain logistics, and supply chain AI	Qualitative, some Quantitative	https://www.stattimes.com/pdf_upload/cianio272-55784.pdf (accessed on 3 April 2025)
Alibaba Cloud Documentation Hub	Blockchain integration documents: smart contracts, secure APIs, data flows	Technical/Qualitative	https://www.alibabacloud.com/help (accessed on 3 April 2025)
Infosys Knowledge Institute Publications	Research on ICT trends, digital services, and risk solutions	Mixed Methods	https://www.infosys.com/iki (accessed on 3 April 2025)
Global Technology Services Review	Trends in global ICT service provision and cross-border tech risks	Mixed	https://kpmg.com/xx/en/our-insights/ai-and-technology.html (accessed on 3 April 2025)
Blockchain-Driven GDPR Compliance Reports	EU-oriented blockchain tools for legal compliance	Qualitative	https://blockchain-observatory.ec.europa.eu/index_en (accessed on 3 April 2025)
Web of Science Database Articles (n = 43)	Peer-reviewed articles on blockchain, risk, supply chains	Quantitative and Qualitative	Various authors (2023). Search results using keywords: blockchain, supply chain risk, cross-border data flow. Web of Science.
Scopus Database Articles (n = 42)	Peer-reviewed academic papers supporting an empirical framework	Mixed	Various authors (2023). Search results using relevant keywords. Scopus. https://www.scopus.com

.

5.2. Analytical Process

To explore how blockchain mitigates risks in cross-border digital supply chains, we conducted a thematic analysis using NVivo 14 software. This process was grounded in ISO 31000:2018 [36] risk classifications and guided by the study’s conceptual framework, which combines the RBV and DCT. This combined approach extends prior blockchain risk studies that relied solely on qualitative coding by embedding a structured ISO 31000–aligned scoring mechanism, thereby improving methodological transparency and comparability across enterprise cases. The analysis began with open coding, where excerpts from company reports, compliance audits, technical whitepapers, and blockchain implementation documents were examined line-by-line. Codes such as “hash timestamping,” “smart contract enforcement” and “cross-node authentication” were inductively generated based on frequency and relevance. In the axial coding phase, these codes were grouped into overarching categories reflecting digital SCR and cybersecurity concerns. For instance, codes like “real-time data sync” and “immutable log entry” were clustered under the broader theme of “data integrity.”

In contrast, codes such as “regulatory validation script” and “e-consent ledger” were aligned with “regulatory compliance automation.” Finally, during selective coding, key themes were refined by mapping them onto the strategic functions of blockchain as a resource and dynamic capability. This allowed us to evaluate how specific blockchain features, such as distributed consensus, automation logic, and cryptographic validation, correspond to particular categories of risk mitigation. NVivo queries were also used to generate code frequency reports and visualize thematic density for each case (Alibaba and Infosys). These outputs informed cross-case comparisons and were triangulated with performance metrics (e.g., reductions in data breaches, customs delays, and compliance costs). A summary of selected codes and their risk-domain alignment is provided in

Table 2. Selected codes and associated risk domain.

Sample Code	Description	Risk Domain	Case Firm(s)
Smart contract validation	Automated enforcement of regulatory rules	Digital supply chain risk	Alibaba, Infosys
Hash timestamping	Cryptographic logging of data exchange events	Cybersecurity risk	Alibaba
E-consent ledger	Blockchain-stored user consent records	Regulatory compliance	Infosys
Cross-node data sync	Real-time synchronization of supply chain partners	Data integrity	Both
Immutable access logs	Tamper-proof audit trails for system users	Cybersecurity risk	Both

.

5.3. Integration of Qualitative and Quantitative Components

This study employed an explanatory, author-led interactive mixed-methods approach [37], where qualitative thematic coding and quantitative ISO-based risk evaluation were integrated to explore blockchain-enabled risk mitigation. Unlike a traditional literature review or secondary synthesis, the methodology involved an author-led thematic analysis of primary case materials such as corporate audit reports, blockchain implementation documentation, compliance filings, and regulatory assessment data from Alibaba and Infosys. The qualitative component used NVivo software to conduct inductive coding of these materials, identifying recurring themes (e.g., smart contract enforcement, unauthorized access, data synchronization failures) that reflect specific SCR. These themes were not derived from literature alone, but were grounded in actual operational documents and records. The quantitative component applied ISO 31000:2018 to systematically evaluate the severity and likelihood of these risks across both cases using a standardized risk matrix. These two components were not parallel but integrated. Codes that emerged most frequently and intensely (e.g., data breaches in Infosys; compliance gaps in Alibaba) were directly used to set the baseline conditions for risk scoring and to prioritize risk categories in the ISO-based matrix. The risk likelihood and consequence ratings were not drawn from pre-existing scales but were constructed and interpreted by the authors based on coded themes and observed case outcomes. Severity and likelihood scores were constructed on a 10-point ordinal scale, grounded in ISO 31000:2018 guidelines and supported by case-specific indicators. Financial losses, penalty history, and incident frequency informed impact ratings, while recurrence patterns and systemic exposure informed likelihood values. These scales provided a structured yet adaptable framework for cross-case risk evaluation. This aligns with the expectations of mixed-methods research as described by [37], where both qualitative and quantitative strands are author-driven, interactively used, and designed to answer the same core research questions. In this case, the two methods converge to explore how blockchain technologies mitigate cross-border risks through technical features, governance models, and operational outcomes.

5.4. Case Selection Criteria

Alibaba and Infosys were selected based on three criteria: (1) dominance in cross-border services (Alibaba: USD 30.7 billion revenue; Infosys: USD 18.8 billion IT exports), (2) blockchain adoption transparency in publicly available metrics (e.g., Cainiao’s 62% counterfeit reduction, Infosys’s 78% GDPR automation), and (3) geographic diversity in operations spanning Asia, EU, and North America, offering insights into regional regulatory challenges. As shown in Figure 2, Alibaba’s rapid revenue growth reflects its success in using blockchain to enhance digital services. In contrast, steady net profit growth indicates sustained reinvestment in technology and global expansion.

Figure 3 illustrates Infosys’s steady revenue and net profit growth from 2012 to 2024, reflecting consistent expansion in IT services with effective cost management. The growth underlines Infosys’s stability and efficiency in a competitive industry, with blockchain playing a crucial role in its strategy to enhance secure data handling in cross-border supply chain contexts. Furthermore, the reason for the selection is that 2012 marks the advent of enterprises’ blockchain adoption, while 2024 includes the latest compliance frameworks, and this span captures evolving SCR trends and blockchain scalability.

6. Risk Assessment and Thematic Findings

The assessment of SCR related to CBDFs in digital enterprises revealed two principal categories: digital supply chain vulnerabilities and cybersecurity risk management, which were derived through NVivo 14-assisted thematic coding. Instead of adopting generic risk taxonomies, this study focuses on real-world enterprise-reported risks specific to Alibaba and Infosys, interpreted through ISO 31000 severity and likelihood metrics. Incorporating both qualitative patterns and quantitative ratings drawn from financial disclosures, incident reports, and blockchain integration outcomes. By emphasizing blockchain’s role within the RBV, the analysis illustrates how technological immutability and data transparency mitigate risk exposure in operational and information systems.

6.1. Digital Supply Chain Risks

Digital SCR is deeply embedded in the cross-border operations of firms like Alibaba and Infosys, whose systems depend on large-scale, real-time data processing and logistics. In Alibaba’s case, over 2.5 billion annual e-commerce transactions expose it to risks such as data inaccuracies, forecasting failures, and regulatory fines linked to personal data protection [36]. A 2022 ransomware attack led to the breach of 1.2 million user records and a USD 6.5 million penalty, reflecting the high impact of lapses in digital supply chain control. Blockchain technologies were strategically implemented to address these vulnerabilities; for example, SHA-256 hashing reduced data tampering incidents by 90% by eliminating manual anonymization errors. Real-time blockchain tracking improved demand forecasting accuracy by 40%, thereby reducing stock misallocation and delivery delays. In a similar vein, Infosys, operating in a more service-oriented structure, faced challenges in data privacy management and project-level data inconsistencies. Blockchain smart contracts facilitated compliance with GDPR, achieving 92% audit alignment and eliminating up to 120 h of monthly audit work. Blockchain-based validation tools also mitigated project delays due to inconsistent information flows, yielding a 35% improvement in delivery timelines [38].

Table 3. Risk Landscape in Alibaba and Infosys.

Risk Category	Case Firm	Real-World Indicator	Impact Score (1–10)	Likelihood Score (1–10)
GDPR compliance failure	Infosys	USD 50M penalty from EU GDPR regulators	8	6
Data leakage incidents	Alibaba	12 events/year @ USD 1.5M avg. loss	7	9
Smart contract enforcement	Infosys	Delay in audit automation	5	6
Service interruption risk	Alibaba	Customer complaints, platform downtime	6	7
API access vulnerability	Both	Threat exposure via unverified endpoints	7	8

Note: The risks listed for each enterprise are derived from primary company-specific reports and technical documentation. Broader thematic categories used to organize the table were informed by 85 peer-reviewed articles from Scopus and Web of Science, which helped shape the NVivo-based coding framework but are not individually cited here. Impact scores are derived by benchmarking financial/regulatory consequences against revenue scale and risk sensitivity, normalized on a 100-point ISO-based scale. A USD 50 million fine against USD 70 billion annual revenue, for instance, scores high due to its implications on GDPR compliance and operational restructuring costs. This is a normalized risk impact score (i.e., not just based on proportion but also severity, recurrence, and operational disruption).

summarizes the comparative evaluation of digital supply chain and cybersecurity risks faced by Alibaba and Infosys, based on thematic coding and ISO 31000-aligned scoring. Impact and likelihood scores were derived from a combination of annual reports, blockchain audit data, and regulatory disclosures. The risk severity scores are scaled using a 1–10 rating matrix as per ISO guidelines.

6.2. Cyber Security Risk

Cybersecurity risks represent the second major risk category identified through thematic analysis. These risks include unauthorized access, data tampering, counterfeiting, and phishing attacks, particularly in third-party vendor networks. Alibaba experienced significant reputational and financial losses in 2023 due to widespread counterfeit product listings, which led to consumer backlash and legal disputes. In response, the company deployed NFT-based product authentication, enabling customers to verify product legitimacy using blockchain records, resulting in a 60% reduction in counterfeit cases. Infosys encountered increased phishing attacks and unauthorized access incidents, particularly in healthcare and financial service contracts. To counter this, Infosys implemented decentralized multi-factor authentication (MFA) and blockchain-enabled threat intelligence platforms, resulting in a 35% reduction in breach attempts and a 50% improvement in incident response times. These interventions illustrate blockchain’s strategic function as a defense mechanism in line with the RBV framework.

Table 4. Post-Blockchain Cybersecurity Improvements Reported by Case Firms.

Company	Risk Type	Impact	Blockchain	Source
Alibaba	Counterfeiting	60% fewer incidents	NFT-based product IDs	[39]
Infosys	Unauthorized Access	35% breach reduction	Decentralized MFA protocols	[40]
Alibaba	Data Tampering	80% accuracy improvement	SHA-256 encryption	[41]
Infosys	Phishing attacks	50% faster response	Blockchain threat intelligence	[42]

Note: Performance indicators showing reported improvement in cybersecurity operations across Alibaba and Infosys. The metrics support blockchain’s impact on operational security but are not used directly for ISO 31000 risk scoring.

summarizes the cybersecurity improvements achieved through blockchain adoption across both enterprises.

6.3. Risk Quantification Using ISO 31000 Framework

To numerically assess SCR, we adopted the ISO 31000:2018 risk evaluation framework, applying a structured impact-likelihood matrix based on case-specific evidence from Alibaba and Infosys. We used a 10-point ordinal scale for both impact and likelihood, where 1 represented the lowest and 10 the highest severity or probability. These values were not arbitrarily assigned but derived through triangulation of thematic NVivo codes, organizational financial records, and observed frequency of risk incidents. To quantify impact, we mapped real-world outcomes (such as financial penalties, operational disruptions, and compliance gaps) onto a normalized 1–10 scale using relative thresholds. For example, low impact (1–3) is minor data anomalies or low-cost events (<USD 1 million impact); moderate impact (4–6) is medium-severity events, such as compliance delays, reputational damage, or financial costs ranging from USD 1–USD 10 million; and high impact (7–10) is recurring or systemic failures resulting in large-scale disruption, legal penalties exceeding USD 10 million, or documented security breaches.

In Infosys’s case, a USD 50 million GDPR compliance penalty was scaled as high impact (score: 8/10) based on industry comparison benchmarks, even though it represented only 0.07% of the firm’s USD 71.3 billion revenue. The score reflects regulatory intensity and reputational risk, not merely monetary proportion. In Alibaba’s case, 12 documented service failures annually at an estimated USD 1.5 million per incident (totaling $18 million/year) were assigned an impact score of 7/10 due to their frequency, cost, and customer-facing consequences. Likelihood scores were similarly constructed based on recurrence frequency (documented or inferred). For instance, rare (1–3) is less than once per year or isolated cases; occasional (4–6) represents up to 3–5 incidents per year, and frequent (7–10) is more than six events annually, or persistent process vulnerabilities. Based on this scale, Alibaba’s recurring data leakages (12/year) were rated as high likelihood (9/10), while Infosys’s smart contract compliance issues were rated moderate likelihood (6/10) due to implementation delays, but not repeated penalties. It is essential to distinguish between real-world indicators (e.g., USD 50 million fine, 92% GDPR compliance) and abstracted risk scores (e.g., 8/10 severity), which serve as standardized comparative metrics within the ISO framework. These scores enable risk prioritization but do not replace empirical cost data.

7. Thematic Results and Blockchain-Enabled Risk Mitigation

This section presents qualitative insights derived from NVivo-based coding of case-related documents, reports, and blockchain audit trails. The analysis focuses on how Alibaba and Infosys applied blockchain features to mitigate the two primary risk categories previously defined: digital supply chain risks and cybersecurity risks.

7.1. Mitigating Digital SCR Through Blockchain

NVivo analysis highlighted recurring codes such as “platform downtimes,” “regulatory fragmentation,” and “cross-border compliance uncertainty.” Both Alibaba and Infosys experienced significant challenges in coordinating data exchange across regions with varied regulatory frameworks. Alibaba implemented a blockchain-based data flow architecture using Hyperledger Fabric to ensure immutable logging and secure partner verification across nodes. NVivo coding revealed frequent references to “automated compliance,” “shared ledgers,” and “permissioned nodes,” indicating reliance on blockchain to mitigate region-specific inconsistencies. Infosys adopted a modular blockchain system integrated with APIs to manage third-party data access, improving resilience against partner-side failures. Smart contracts were used to enforce compliance rules before data transfer, especially under GDPR constraints. The use of blockchain enabled both firms to shift from reactive risk identification to proactive, rules-based mitigation. For Alibaba, this translated to a 30% reduction in customs delays, while Infosys reported enhanced audit traceability across multiple data jurisdictions.

7.2. Blockchain Responses to Cybersecurity Threats in Digital Supply Chains

The second theme emerged around cybersecurity, with NVivo coding revealing dominant terms such as “data tampering,” “unauthorized access,” “internal leaks,” and “timestamped logs.” Both companies used blockchain not only to secure transactions but also to build resilience against increasingly sophisticated cyberattacks. Alibaba introduced a blockchain-based digital identity system for internal and external data handlers. This approach ensured tamper-proof access logs and dynamic authentication controls. NVivo codes like “cryptographic validation” and “immutable access trails” were frequently associated with reduced breach incidents, reflected in a 44% drop in security failures post-implementation. Infosys reinforced its cloud-based systems through blockchain-led zero-trust access control. Using smart contracts and hashed identity verification, the system validated every request node-by-node before permitting access. Keyword clusters such as “multi-factor blockchain access” and “tamper-proof logging” were among the most frequently cited in their risk disclosures. Together, these strategies enabled both firms to shift from reactive cybersecurity models to proactive, blockchain-secured ecosystems.

8. Policy Implications and Future Research

The findings of this study resonate with prior empirical evidence suggesting that blockchain adoption improves data integrity and regulatory compliance in digital supply chains. At the same time, they diverge from earlier conclusions that questioned blockchain’s scalability in heavily regulated environments. By comparing Alibaba’s platform-centric and Infosys’s service-oriented models, this analysis advances the literature by providing a rare cross-model perspective, demonstrating how enterprise structure mediates the effectiveness of blockchain-enabled risk management. The outcomes generate several critical insights for policymakers, corporate strategists, and researchers aiming to enhance supply chain resilience in the age of digital globalization. As demonstrated in both Alibaba and Infosys cases, blockchain is not merely a technological fix but a strategic enabler of trust, security, and regulatory alignment in cross-border contexts. Therefore, policy frameworks must be updated to recognize and support such decentralized data control mechanisms, particularly in areas involving cross-jurisdictional data sharing and digital trade.

8.1. Policy Implications

This study yields several actionable insights for policymakers, regulatory bodies, and digital enterprises operating across jurisdictions, listed as follows:

• Harmonization of cross-border data regulations: Policymakers should prioritize the development of international blockchain governance frameworks. These can be modeled after GDPR but adapted through smart contract logic for regional contexts (e.g., ASEAN, BRICS). For instance, blockchain-based e-consent and audit trails could become standardized compliance protocols;
• Incentivizing blockchain adoption through policy sandboxes: Governments can introduce policy sandboxes and testbeds to allow safe experimentation with blockchain in CBDFs. These environments would provide exemptions from certain compliance burdens during the pilot phase, accelerating enterprise adoption;
• Enterprise-level strategic governance: Firms must develop blockchain implementation roadmaps that align with ISO 31000:2018 risk principles. This includes deploying blockchain not just in IT departments but embedding it across legal, logistics, and compliance functions. Alibaba and Infosys demonstrate the efficacy of cross-functional blockchain integration;
• Capacity building and multi-stakeholder collaboration: Regulators, digital firms, and trade bodies should establish joint training and certification programs to upskill the workforce in blockchain-based compliance automation, data governance, and smart contract auditing.

8.2. Future Research Directions

While this study contributes empirical and theoretical insights, several research avenues remain underexplored, including the following:

• There is scope to explore how blockchain-enabled risk frameworks operate in differing geopolitical and regulatory environments. Future research could statistically compare policy analysis using mixed methods across trade blocs such as the EU vs. ASEAN or NAFTA and APEC;
• While this paper focuses on digital enterprises, further analysis can be extended to the manufacturing, healthcare, and agriculture sectors to generalize the risk-control dynamics. Also, the mediating role of technological attitude or organizational learning in the relationship between blockchain adoption and risk mitigation outcomes can be observed;
• Scholars can use agent-based, system dynamics, or design science research (DSR) approaches to develop and test blockchain-integrated AI risk engines in controlled simulations;
• By synthesizing empirical observations with theoretical constructs and practical frameworks, this study lays the foundation for a policy-aware, risk-sensitive, and innovation-driven perspective on managing cross-border digital supply chain risks;
• Future research might empirically examine how similar blockchain interventions (e.g., NFT-based authentication or smart contract auditing) perform across divergent enterprise structures. Such cross-architectural studies can isolate organizational factors that mediate blockchain effectiveness.

9. Conclusions

This study critically examined how blockchain contributes to the mitigation of digital and cybersecurity risks in cross-border data flows within global supply chains. By analyzing enterprise-specific evidence from Alibaba and Infosys, supported by thematic coding and ISO 31000-aligned evaluation methods, the research highlighted how blockchain’s strategic value extends beyond technical applications into the realms of compliance, operational security, and competitive advantage. Grounded in the resource-based view (RBV), the findings underscore blockchain’s role as a rare, valuable, and non-substitutable asset that enhances resilience in data-intensive service environments. Complementary perspectives from dynamic capabilities theory (DCT) and system of systems (SoS) theory further contextualized blockchain as an enabler of organizational agility and integration across complex service networks. The comparative case study approach allowed the investigation of blockchain’s real-world application in two distinct enterprise models, Alibaba’s platform-centric logistics infrastructure and Infosys’s service-oriented architecture. Despite differences in business structure, both cases demonstrated convergence in using blockchain to reduce regulatory noncompliance, minimize cyber threats, and improve operational continuity.

While this study draws on two distinct business models, Alibaba’s platform-centric logistics and Infosys’s service-oriented IT architecture, it does not have the prerogative to compare blockchain techniques across a shared metric framework. Rather, it reports how blockchain is differently integrated in each enterprise to meet unique operational needs. Future studies may explore controlled comparisons between blockchain solutions across sectoral architectures to assess relative effectiveness. These results contribute both conceptually and practically to the evolving discourse on digital supply chain risk management. Conceptually, it extended existing literature on supply chain risk management by incorporating an empirical understanding of how blockchain functions as both a safeguard and an adaptive enabler in global data environments. Practically, the risk categories and mitigation patterns identified through thematic analysis may inform enterprise risk frameworks and digital infrastructure planning.

However, as with any case-based research, this study also has limitations. The findings are drawn from two digitally mature companies operating in the technology and service sectors, which may limit the generalizability of the results to firms in other industries or of different sizes. Access to internal operational data was constrained to publicly disclosed documents, limiting the ability to validate specific risk outcomes through proprietary performance metrics. Additionally, while the integration of NVivo coding and ISO 31000 ratings provided a structured explanatory mixed-methods evaluation, it reflects an interpretive design rather than experimental rigor. Nonetheless, by combining theory, empirical insights, and comparative case evidence, this study offers meaningful implications for digital enterprises operating in high-risk, high-complexity international environments. Future research may validate or extend these findings across broader sectors or explore variations in blockchain adoption across diverse geopolitical contexts. Ultimately, the study underscores that blockchain, when aligned with strategic risk management principles, has transformative potential in reshaping how organizations navigate regulatory, operational, and cybersecurity challenges in global data ecosystems. By situating enterprise-specific findings within both theoretical frameworks and prior empirical research, this study contributes a contextualized perspective on blockchain-enabled risk management in global digital supply chains.