Mapping Public Company Supply Chains from SEC Filings
There is a version of corporate intelligence that never makes headlines, the customer concentrations and supplier dependencies buried in SEC filings that public companies are legally required to disclose. The challenge was never finding that information. It was extracting it from thousands of narrative documents and making it queryable at scale. RyxelData's Supply Chain dataset turns those legal disclosures into structured relationship records that map the business dependencies across the entire US public equity universe.
The Disclosure Requirement That Creates the Dataset
SEC disclosure rules do not ask companies to publish a supply chain map. They ask companies to disclose any material risk and for most businesses, the loss of a major customer or a critical supplier qualifies as exactly that.
The result is a disclosure regime that, across decades of filing history, has produced a dense corpus of relationship data embedded in narrative regulatory documents. Three filing types are the primary sources of supply chain intelligence:
• 10-K Annual Reports: The most complete source. Risk factor sections explicitly name customers and suppliers whose loss would be material to the business. Business overview sections describe the company's upstream and downstream ecosystem in full narrative form. For most companies, the highest-concentration relationships appear here, the customer generating 22% of revenue, the sole-source contract manufacturer, the exclusive distribution partner in a key geography.
• 10-Q Quarterly Reports: Interim updates that capture relationship changes between annual filings. A new customer crossing the 10% revenue concentration threshold, a supplier contract that lapsed, a partnership that restructured mid-year. These surface in 10-Q disclosures before the next annual report is published.
• Earnings Call Transcripts: Forward-looking context that supplements formal filing language. Executives discuss customer pipeline dynamics, supplier pricing pressure, and sourcing strategy in earnings calls in ways that are not structurally required but carry significant signal for understanding how relationships are evolving.
The critical distinction from other data sources are attested disclosures. Every relationship described in a 10-K filing was reviewed by the company's legal team, signed off by its executives, and submitted to the SEC under legal obligation to be accurate and complete. The data does not come from surveys, third-party estimates, or proprietary modeling. It comes from the companies themselves.
How Relationships Are Extracted from Filing Text
The gap between "the data exists" and "the data is queryable" is significant. SEC filings are prose documents. A company might describe a major customer as a large North American consumer electronics retailer accounting for approximately 19% of net revenue, three paragraphs into a risk factor section, then name the same retailer explicitly in a concentration table seven pages later in the financial notes. Both references describe the same relationship and a proper extraction pipeline resolves them to the same record.
Structured supply chain intelligence involves three core steps.
Entity Recognition and Resolution
Raw filing text contains company names in every conceivable form: legal entity names, trade names, subsidiary references, abbreviated forms, and historical names that predate acquisitions or rebrands. Foxconn and Hon Hai Precision Industry Co., Ltd. and HPIL all refer to the same company. Extracting a usable supply chain dataset means resolving every entity reference to a canonical identifier regardless of how the company happens to be named in the source document.
This resolution problem compounds across time. Companies change names after acquisitions, spin off subsidiaries that become independently public, and get absorbed into conglomerates that inherit their filing history. A complete extraction pipeline maintains a historical resolution layer that correctly maps entity references across different filing vintages without losing continuity.
Relationship Classification
Once entities are resolved, the nature of each relationship is classified. Three types cover the vast majority of SEC supply chain disclosures:
• Customer relationships: The filing company sells goods or services to the counterparty. Revenue concentration is typically disclosed as a percentage of net revenue or accounts receivable. These are the most consistently quantified relationships in the dataset.
• Supplier relationships: The filing company sources materials, components, or services from the counterparty. Sole-source and primary-source language in risk factors identifies the highest-dependency relationships situations where no alternative vendor exists or has been developed.
• Partner relationships: Strategic alliances, joint ventures, licensing agreements, and distribution partnerships that represent material business dependencies without a clean buyer-seller structure. These appear most frequently in technology, pharmaceutical, and industrials filings.
Revenue Exposure Quantification
The most actionable relationships are those that include an explicit percentage disclosure. When a filing states that a customer accounts for 23% of net revenue, that figure attaches to the relationship record directly and is immediately usable for concentration risk calculations. Relationships disclosed qualitatively like a significant customer, our primary contract manufacturer, are captured as well with the original filing language preserved in the record for context.
On Data Coverage
Not every supply chain relationship that exists between two companies appears in SEC filings. Only material relationships are required to be disclosed. The dataset represents the disclosed universe of material dependencies, which is precisely the relevant universe for risk modeling and due diligence purposes.
What the Data Structure Contains
RyxelData normalizes supply chain disclosures into consistent relationship records. Each record represents a single directional relationship between two public companies, sourced from a specific SEC filing. The core information captured for each relationship:
Data Point | What It Represents |
Filing Company | The company making the disclosure — the one whose 10-K or 10-Q is the source |
Counterparty | The customer, supplier, or partner being disclosed |
Relationship Type | Customer, supplier, or partner |
Revenue Exposure | Disclosed percentage of revenue (where the filing includes a figure) |
Filing Type | Whether the source is a 10-K, 10-Q, or earnings transcript |
Filing Date | When the document was submitted to the SEC |
Reporting Period | The fiscal period the filing covers |
Description | The extracted text from the filing that references the relationship |
Source Link | Direct URL to the original SEC EDGAR filing |
The directional structure of the data is one of its most important characteristics. A semiconductor company disclosing a major smartphone manufacturer as a 22% customer, and that same smartphone manufacturer disclosing the semiconductor company as a key chip supplier, these are two separate records in the dataset, each carrying different risk implications depending on which side of the relationship is under analysis.
Every record includes a direct link to the originating SEC document. Any relationship can be traced back to its source filing and verified against the original disclosure text within seconds.
Contagion Risk: How Supply Chain Data Powers Risk Models
Supply chain relationship data from SEC filings is the foundational input for contagion risk models frameworks that estimate the financial impact on one company when a counterparty experiences a disruption. The logic starts from the revenue exposure graph and extends outward across the relationship network.
First-Order Exposure: Direct Relationship Risk
The most immediate application is customer concentration analysis. A company that discloses three customers representing 22%, 18%, and 11% of revenue respectively has 51% of its top line concentrated in three counterparties. A scenario where all three simultaneously reduce purchasing as frequently happens during sector-wide demand contractions creates a quantifiable first-order revenue impact before any assumptions about replacement sales are added.
This calculation is one of the most commonly used inputs in leveraged buyout due diligence, high-yield credit analysis, and earnings quality assessment. Supply chain data from SEC filings delivers it as a structured, queryable dataset rather than a manual filing review exercise.
Second-Order Exposure: Upstream Propagation
More sophisticated models trace contagion across multiple hops in the relationship graph. When a major contract manufacturer halts production at a specific facility, the first-order impact hits the companies that source exclusively from that facility. Those companies cannot ship product. Their inability to ship then hits their own downstream customers. Each hop in that chain is traceable through supplier relationship records in the dataset.
This multi-hop traversal is what separates supply chain graph analysis from simple concentration metrics. A company may have no disclosed sole-source supplier relationships of its own but if its primary contract manufacturer has a sole-source relationship for a critical component, the Tier 2 dependency creates real operational risk. That risk only surfaces when the relationship graph is traversed more than one level deep.
Supplier Concentration Scoring
A metric widely used by institutional risk teams is the supplier concentration score, a normalized measure of how dependent a company is on its highest-exposure suppliers. At one end of the spectrum sit companies disclosing multiple sole-source relationships across critical production inputs. At the other end sit companies with broadly diversified supplier bases and no single sourcing dependency. The supply chain dataset provides the raw relationship inputs for this scoring without requiring proprietary survey data, management interviews, or third-party supply chain mapping services.
How Analysts and Research Teams Use Supply Chain Data
Event-Driven Investment Research
When a major company issues a profit warning, announces a production halt, or becomes subject to a regulatory action, the supply chain dataset identifies the full ecosystem of companies with direct revenue exposure. A hardware manufacturer generating 19% of its revenue from a single customer has a quantifiable first-order revenue headwind that the market may not have priced in immediately. Supply chain data from SEC filings makes that calculation possible before the earnings call not after it.
Thematic Portfolio Construction
Sector classifications describe what a company does. Supply chain relationship data describes who it does it with. Constructing a portfolio with structural exposure to the US defense electronics supply chain, for example, means identifying not just the prime contractors but the electronic component manufacturers, testing and certification firms, software integrators, and specialty materials suppliers that fill the supply graph of those primes relationships disclosed across hundreds of separate 10-K filings, now accessible from a single dataset.
M&A Due Diligence and Credit Underwriting
Customer and supplier concentration is a standard item in both buy-side M&A due diligence and credit underwriting processes. The supply chain dataset provides an independent verification layer against management-provided information relationships attested to the SEC that may not appear in pitch decks, confidential information memorandums, or management presentations. Where filing-sourced data diverges from management representations, that divergence is itself a material finding.
Index Replication and Factor Research
Quantitative teams constructing factor portfolios or thematic indices use supply chain data to identify companies with specific network characteristics like high customer concentration as a revenue risk factor, low supplier concentration as a procurement resilience signal, or high network centrality within a sector graph as a measure of systemic importance. These structural features are distinct from traditional financial ratios and provide differentiated factor exposures that are impossible to construct from price or accounting data alone.
Querying Supply Chain Data Directly from Your AI Assistant
Most financial datasets require an analyst to open a portal, run a query, export a file, and then bring the result into whatever workflow they're actually using. RyxelData eliminates that round trip entirely.
Through the Model Context Protocol (MCP), RyxelData's full dataset catalog including supply chain relationships connects directly to AI assistants like Claude, Claude Code, Cursor, and OpenCode. Once configured, your AI can query live supply chain data, pull inbound and outbound relationships, and surface concentration risks in the same conversation where the analysis is happening.
The setup takes under two minutes: add https://mcp.ryxel.ai as a custom connector in Claude.ai under Settings → Connectors, complete the OAuth authentication flow, and the full suite of RyxelData tools becomes available mid-conversation. Ask which companies have disclosed a specific manufacturer as a sole-source supplier. Pull every customer that represents more than 10% of a target company's revenue before a due diligence call. Map the supply graph of a sector you're building a thematic position around all without leaving the chat.
For research teams that are already working inside AI-native workflows, this is the access layer that makes institutional supply chain intelligence actually usable at the speed those workflows demand.
Accessing Supply Chain Intelligence Through RyxelData
RyxelData's Supply Chain dataset is built directly from SEC EDGAR filings, the same primary source that institutional research teams have always used for relationship intelligence, normalized into a structured, queryable format and kept current as new filings arrive.
The dataset surfaces three types of queries that cover the most common research use cases:
• Company outbound relationships: All customers, suppliers, and partners that a specific company has disclosed in its own SEC filings. This gives the full picture of the company's declared material business dependencies.
• Company inbound relationships: All companies that have disclosed a specific company as their customer, supplier, or partner in their own filings. This constructs the supply ecosystem of a major company from the bottom up using each supplier's own attested disclosures rather than the customer's.
• Relationship-type filtering: Narrowing any query to a specific relationship type customers only, suppliers only, or partners only for focused concentration analysis without noise from unrelated relationship categories.
Frequently Asked Questions
What is supply chain data from SEC filings?
Supply chain data from SEC filings refers to the customer, supplier, and partner relationships that US public companies disclose in their mandatory regulatory documents. Under SEC disclosure rules, any business relationship material enough that its loss would negatively impact operations must be described in annual and quarterly filings. Extracted and normalized at scale, these disclosures form a structured dataset of inter-company business relationships across the US public equity universe and sourced directly from the primary legal record.
How is supply chain intelligence different from traditional financial data?
Traditional financial data describes outcomes: revenue, earnings, share price movement. Supply chain relationship data from SEC filings describes structure, the underlying customer concentrations and supplier dependencies that generate those outcomes. It is forward-looking in the sense that it maps business vulnerabilities before a disruption event produces a financial result, rather than after the impact appears in reported figures.
How often is supply chain data updated?
RyxelData's Supply Chain dataset is updated within days of new SEC filing submissions. Annual 10-K reports arrive within 60 to 90 days of a company's fiscal year end. Quarterly 10-Q reports arrive within 40 to 45 days of each quarter close. New material relationship disclosures like a customer crossing the 10% concentration threshold, a new sole-source supplier agreement, a strategic partnership added to the risk factor section appear in the dataset as companies submit their regular reports.
Does the dataset identify sole-source supplier risks specifically?
Yes. When a company discloses a sole-source or primary-source supplier relationship in its risk factor section language indicating that a single supplier is the exclusive or dominant source of a critical input that disclosure is captured as a supplier relationship record with the relevant filing language preserved. These records represent the highest concentration risk positions in supply chain risk models, as the company's own filing attests to the absence of a disclosed alternative sourcing option.
What makes supply chain data from SEC filings different from third-party supply chain mapping services?
Third-party supply chain mapping services typically combine proprietary surveys, shipping data, import/export records, and modeling assumptions to estimate relationships that are not directly disclosed. SEC-sourced supply chain data is different in a fundamental way: every relationship in the dataset was disclosed by the company itself, under legal obligation, in a document submitted to a federal regulator. It is not an estimate of what the relationship might be. It is the company's own statement of what the relationship is and its legal acknowledgment that the relationship is material to the business.
The inbound relationship query is particularly powerful for analyzing large anchor companies. Every company that surfaces in a query for Apple's inbound customer relationships has independently stated in a legal filing submitted to the SEC that Apple represents a material source of their revenue. No estimation, no inference, no modeling. The dataset is the aggregate of those individual legal attestations, made accessible without requiring a team of analysts to read each one.
The Supply Chain dataset is available for individual subscription at ryxel.io, or as part of the all-in-one bundle alongside insider transactions, institutional holdings, proposed sales, and funds data. Documentation and field references are available at ryxel.io/docs/datasets/supply-chain.