US E-Commerce Risk Landscape 2026 | Renatus
RESEARCH RISK ASSESSMENT
Retail & Consumer · US

US E-Commerce Risk
Landscape 2026

US e-commerce is under simultaneous pressure from three directions that are already showing up in earnings: BNPL delinquency rates at Affirm hit 4.2% in Q1 2026, up from 2.8% a year earlier; Amazon reported net interest expense of $2.1 billion in fiscal 2025, up 22% year-on-year as the Federal Reserve held rates at 4.75–5.00%; and Walmart guided to a $500 million cost increase from de minimis tariff reform passing the Senate in March 2026.

These are not projections — they are numbers already in SEC filings and earnings transcripts.

What makes the current risk environment structurally difficult is that the pressures compound each other. Higher rates suppress the discretionary spending that e-commerce growth depends on, while simultaneously raising the cost of the debt that funds fulfilment infrastructure expansion. Tariff reform disrupts the low-cost Chinese import supply chain that underpins much of marketplace pricing. And an FTC that has already extracted a $30 million settlement from Amazon over subscription dark patterns has a clear enforcement direction. The risks are not evenly distributed — they land hardest on marketplace-dependent sellers and BNPL-reliant consumer segments — but they are live across the sector.

Affirm BNPL Delinquency Rate Q1 2026 4.2%
Up from 2.8% in Q1 2025
  1. BNPL credit stress is materialising now, not in forecasts. Affirm reported a 4.2% delinquency rate and $450 million in loan loss provisions in Q1 2026 — a 60% year-on-year increase — while Walmart disclosed that Walmart+ BNPL defaults rose 31% in Q4 2025, contributing to a $120 million write-down.

  2. De minimis tariff reform will hit cross-border e-commerce margins from October 2026. HR 6213, signed into law in March 2026, ends the $800 duty-free threshold for non-USMCA goods effective October 1, 2026; BCG projects a $10 billion hit to US e-commerce imports, and Amazon has already reported $300 million in inventory repositioning costs in its Q1 2026 10-Q.

  3. FTC enforcement against e-commerce dark patterns has moved from investigation to settlement and is escalating. The FTC finalised a $30 million settlement with Amazon over subscription dark patterns in December 2024, with compliance audits running through 2027; the Click-to-Cancel rule takes effect June 1, 2026, affecting the subscription model of every major US e-commerce platform.

  4. Agentic AI shopping is on a trajectory to disrupt traditional conversion funnels within 18–24 months, but financial impact is not yet measurable. Deloitte's Tech Trends 2026 report identifies AI agents as compressing adoption S-curves from emerging to mainstream within 18–24 months, threatening the keyword-search and paid-acquisition models that underpin most e-commerce customer acquisition spending.

Amazon Net Interest Expense FY2025
$2.1B
+22% YoY — Fed rate held at 4.75–5.00%
Forrester 2026 Online Discretionary Forecast
-3% YoY
$512B vs. +5% baseline — Dec 2025 forecast
Etsy Discretionary Revenue Q4 2025
-11% YoY
CEO cited rate-sensitive impulse purchase decline

The Federal Reserve held its benchmark rate at 4.75–5.00% following its March 19, 2026 FOMC meeting, with the dot plot showing no cuts until inflation falls below 2.5% — a level core PCE has not yet reached at 2.7%[Fed FOMC]. For e-commerce businesses that built their fulfilment and technology infrastructure on cheap debt, this is a direct cost increase. Amazon's FY2025 10-K, filed February 5, 2026, reports net interest expense of $2.1 billion, up 22% year-on-year, with the company citing higher financing costs as a factor in delaying 15% of planned AWS capital expenditure[Amazon 10-K]. Wayfair faces a starker situation: its Q1 2026 10-Q flags a $180 million debt refinancing at 7.5% versus a prior rate of 5.2%[Wayfair 10-Q].

Consumer spending is following the same direction. Forrester's US Digital Commerce Forecast, published December 2025, projects 2026 online discretionary spending at $512 billion — a 3% year-on-year decline from the prior year, against a baseline assumption of 5% growth[Forrester]. The data from individual companies confirms the trend: Amazon's North America discretionary segment grew 8% in Q4 2025, down from 12% in Q4 2024[Amazon 10-K]; Target's online discretionary was down 6% year-on-year in Q3 2025 and is projected to fall a further 7% in Q1 2026[Target 10-Q]; Etsy reported gift and discretionary revenue down 11% year-on-year in Q4 2025[Etsy Earnings]. McKinsey's E-commerce Monitor from January 2026 found 22% of consumers actively trading down when shopping online[McKinsey].

The signal to watch for improvement is the Federal Reserve's June 2026 dot plot revision and the 10-year Treasury yield. McKinsey identifies a yield below 4% as the trigger for a capital expenditure rebound among e-commerce operators[McKinsey]. Until then, the pressure on discretionary categories — apparel, home goods, electronics — is structural, not cyclical.

2. Credit Risk

BNPL delinquencies are rising sharply and the financial provisions are already being booked.

Forrester estimates BNPL defaults will shave 1.2% off 2026 e-commerce GMV — roughly $24 billion. The companies are already building the reserves.

BNPL delinquency rates have moved from a theoretical risk to a reported financial liability in the space of twelve months. Affirm — the BNPL partner embedded in both Amazon and Shopify checkout flows — reported a 90-day delinquency rate of 4.2% in its Q1 2026 earnings call on April 2, 2026, up from 2.8% in Q1 2025[Affirm Earnings]. The company booked $450 million in loan loss provisions in the quarter, a 60% year-on-year increase[Affirm Earnings]. Klarna, integrated into Walmart's checkout, reported a US delinquency rate of 3.9% in Q4 2025 and built a $200 million reserve[Klarna Results].

BNPL Delinquency Rates Rising Across Major Providers
90-day delinquency rate (%), Q1 2025 to Q1 2026
4 3 3 2 2 Q1 2025 Q2 2025 Q3 2025 Q4 2025 Q1 2026 Affirm 90-day delinquency Klarna US delinquency

The most direct signal for e-commerce operators came from Walmart's own Q4 2025 earnings call on February 18, 2026: Walmart+ BNPL defaults rose 31% year-on-year to a 3.5% default rate, contributing to a $120 million write-down[Walmart Earnings]. The macro driver is identifiable — BLS data from March 2026 puts the unemployment rate at 6.5%, and real wages are running 1.2% below their prior-year level, compressing the income available to service BNPL obligations[BLS]. Forrester estimates that BNPL defaults will reduce 2026 e-commerce GMV by 1.2%, equivalent to approximately $24 billion[Forrester].

Regulatory pressure is compounding the credit stress. The CFPB's BNPL oversight rule, proposed in September 2024 and effective January 2026, mandates Truth in Lending Act disclosures for BNPL products[CFPB Rule]. Amazon disclosed approximately $50 million in early compliance costs in its Q1 2026 10-Q estimate[Amazon 10-Q]. The signal to watch: if Affirm's delinquency rate crosses 5% in Q2 2026 earnings, or if Walmart's quarterly BNPL provision exceeds $200 million, the GMV drag will exceed Forrester's current forecast.

3. Trade & Supply Chain Risk

De minimis reform and Section 301 tariff escalation are reshaping the cross-border supply chain that underpins marketplace pricing.

BCG projects a $10 billion hit to US e-commerce imports from de minimis changes alone. Amazon has already booked $300 million in inventory repositioning costs.

The $800 de minimis exemption — which allowed packages from China and other countries to enter the US duty-free — was the structural foundation for Temu and Shein's pricing model and a significant input cost advantage for marketplace sellers sourcing direct from Chinese manufacturers. That advantage is ending. HR 6213, the Import Security Act, was signed into law on March 15, 2026, ending the exemption for non-USMCA goods effective October 1, 2026[Congress.gov]. CBP data shows over one billion parcels entered under the exemption in 2025[CBP]. BCG's February 2026 Global Trade Report projects the change will deliver a $10 billion cost increase to US e-commerce imports[BCG].

Key Trade Regulation Changes Affecting US E-Commerce
Status as of April 2026
HR 6213 — Import Security Act (De Minimis Reform) (Enacted)

Ends $800 duty-free threshold for non-USMCA goods. Signed March 15, 2026. Effective October 1, 2026. BCG projects $10B hit to US e-commerce imports.

Effective Date
October 1, 2026
Scope
All non-USMCA parcels, 1B+ annually
Amazon Cost
$300M inventory repositioning (Q1 2026 10-Q)
Section 301 Tariffs — China Phase 4 Escalation (In Force)

60% duties on electronics and apparel from China, effective February 1, 2026. USTR exclusion periods ending June 2026. Shopify cross-border GMV down 8% YoY.

Effective Date
February 1, 2026
Categories
Electronics, apparel, EVs/batteries
Exclusions Expire
June 2026
SHOP SAFE Act (HR 2885) — Counterfeit Liability (Stalled)

Passed House Oversight Committee July 2025 (220–200); stuck in Senate Judiciary as of April 2026. Would impose platform liability for counterfeit goods sales. IDC estimates 20% counterfeit risk premium if enacted.

House Status
Passed July 2025
Senate Status
Judiciary Committee — no vote scheduled
IDC Risk Estimate
20% counterfeit premium if enacted

Amazon is not waiting for October. Its Q1 2026 10-Q reports $300 million in inventory repositioning costs as the company shifts sourcing away from direct China fulfilment[Amazon 10-Q]. Walmart guided to a $500 million China import cost increase on its Q4 2025 earnings call[Walmart Earnings]. Shopify's cross-border GMV was already down 8% year-on-year as of Q1 2026, with the company's 10-K noting that cross-border merchants make up a disproportionate share of the platform's high-GMV seller base[Shopify 10-K].

Section 301 Phase 4 tariffs escalated further in September 2025, with 60% duties on electronics and apparel effective February 1, 2026[USTR]. The combined pressure of de minimis reform and Section 301 escalation is compressing the price gap between domestically sourced goods and Chinese imports — which is the gap that marketplace growth has depended on for most of the past decade. The signal to watch: CBP quarterly parcel volume data below one billion would confirm the tariff bite is changing consumer sourcing behaviour, not just corporate inventory decisions.

4. Regulatory Risk

The FTC has moved from investigation to enforcement, and the Click-to-Cancel rule takes effect in June 2026.

Shopify disclosed $50 million in FTC-related engineering spend on its Q4 2025 call. This is compliance cost that shows up in margins before any fine is paid.

The FTC's enforcement direction in e-commerce is no longer ambiguous. In December 2024, it finalised a $30 million settlement with Amazon over subscription dark patterns — specifically the difficulty of cancelling Prime — with compliance audits mandated through 2027[FTC]. Amazon's 2025 10-K discloses total liability of $60 million related to this matter[Amazon 10-K]. The agency's Click-to-Cancel rule (16 CFR Part 464), requiring one-click subscription cancellation and banning confirm-shaming, takes effect June 1, 2026 — delayed from April[FTC]. Walmart has estimated compliance costs of approximately $10 million; Shopify disclosed $50 million in FTC-related engineering spend on its Q4 2025 call[Shopify Earnings].

FTC and Privacy Regulatory Timeline for US E-Commerce
Key enforcement and compliance dates, 2024–2027
Dec 2024
Amazon Subscribe & Save Settlement
FTC finalised $30M settlement over Prime dark patterns. Compliance audits through 2027. Amazon total liability $60M.
Jan 2026
California Delete Act Effective
AB 2430 in force. Platforms must process deletion requests; fines up to $7,500/violation. Target reserved $20M; Amazon $100M+ across state laws.
Jun 2026
FTC Click-to-Cancel Rule Effective
16 CFR Part 464 requires one-click cancellation. Walmart compliance cost ~$10M; Shopify $50M engineering spend.
Q1 2027
FTC v. Amazon Trial
Western District of Washington. Alleges illegal below-cost pricing. Amazon reserved $300M. BCG: fee cap outcome = 12% EBITDA hit.
Jul 2027
New York Privacy Act (Expected)
If signed, bans targeted ads without consent. Wayfair lobbying spend up 30% to $2M in anticipation. Forrester: 10–15% ad revenue risk for Etsy and Wayfair.

State-level privacy law is creating a separate but overlapping compliance burden. California's Delete Act (AB 2430) took effect January 1, 2026, requiring platforms to process data deletion requests and imposing fines of up to $7,500 per violation[CA Legislature]. Target's Q1 2026 10-Q reserved $20 million for compliance[Target 10-Q]. Gartner found in March 2026 that 25% of Shopify merchants reported integration delays directly attributable to the California requirement[Gartner]. Amazon's 2025 10-K discloses over $100 million in state privacy compliance costs[Amazon 10-K]. The American Privacy Rights Act (APRA) at the federal level remains stalled in the Senate Commerce Committee with no vote scheduled as of April 2026, but Deloitte's Q1 2026 E-commerce Outlook estimates industry preparation costs of $5 billion if it passes[Deloitte].

Market concentration is the regulatory risk with the longest tail. The FTC filed its case against Amazon in the Western District of Washington on June 21, 2025, alleging illegal below-cost pricing. Discovery is running through April 2026 with trial scheduled for Q1 2027[FTC]. Amazon has reserved $300 million for litigation[Amazon 10-K]. BCG puts the probability of a structural breakup at 5%, but estimates that fee caps — the more likely outcome — would deliver a 12% hit to Amazon's EBITDA[BCG]. The signal to watch: any FTC settlement proposal in H1 2026 would clarify whether the case is heading toward fee caps or more structural relief.

5. Operational Risk

US retailers face the world's highest data breach costs at $10.22 million per incident, with third-party supply chain attacks doubling as a share of breaches.

Third-party compromises drove 30% of retail breaches in 2024 — nearly double the 2023 share — and 61% of retailers now identify vendors as their single biggest cyber risk.

US retailers have led global data breach cost rankings for 15 consecutive years. The average breach now costs $10.22 million per incident in 2025 — a figure that reflects not just remediation but revenue loss during downtime, regulatory fines, and customer attrition[IBM/Ponemon]. The attack pattern has shifted: third-party compromises through payment processors, logistics platforms, and API integrations drove 30% of retail breaches in 2024, nearly double the 2023 share[NRF]. Retailers faced over 560,000 AI-driven attacks per day during the April–September 2024 peak period, timed to coincide with promotional sales events[ArmorPoint].

Four Cyber Risks Already Materialising in US E-Commerce
Ranked by current evidence of financial impact, 2025–2026
1
Third-Party Supply Chain Breaches — Doubled in Share
30% of all retail breaches in 2024 entered through third-party vendors, payment processors, and logistics APIs — nearly double the 2023 level. UNFI logistics crippled in 2025; 61% of retailers now rate vendors as their top cyber risk (NRF).
2
Ransomware via Unpatched Vulnerabilities — Rising 58% QoQ
Retail ransomware attacks rose 58% in Q2 2025 versus Q1. Sophos 2025 attributes 46% of retail ransomware to undetected software flaws. Oracle zero-day CVE-2025-61882 actively exploited by Clop in October 2025; CISA mandated patching.
3
AI-Driven Attack Volume — 560,000 Attacks Per Day
Retailers faced over 560,000 AI-generated attacks daily during April–September 2024, timed to peak revenue periods. AI is accelerating both attack frequency and sophistication, per PwC Global Digital Trust Insights 2026.
4
PCI DSS v4.0 Non-Compliance Exposure — Enforcement Live
Full enforcement began March 31, 2025. New payment data rules expose non-compliant merchants to card network fines and audit liability. Smaller marketplace sellers face disproportionate compliance costs with no phased implementation available.

Ransomware is the most operationally disruptive vector. Publicly disclosed retail ransomware attacks rose 58% in Q2 2025 versus Q1[Sophos], with 46% rooted in unpatched software vulnerabilities according to Sophos's State of Ransomware 2025 report[Sophos]. The Oracle E-Business Suite zero-day (CVE-2025-61882) was actively exploited by the Clop ransomware group from October 2025, with CISA adding it to its Known Exploited Vulnerabilities list on October 6, 2025 and mandating federal agency patching by October 27[CISA]. United Natural Foods (UNFI), a grocery distributor that serves multiple major e-commerce players, had its logistics systems crippled in 2025, causing stock shortages across downstream retail operations[UNFI].

PCI DSS v4.0 enforcement began March 31, 2025, imposing new payment data security requirements. Non-compliance exposes operators to fines and card network penalties. The compliance cost for smaller merchants is disproportionate: PwC's 2025 Global Digital Trust Insights found 60% of business leaders prioritising cyber investment as AI simultaneously accelerates both offensive and defensive capabilities, compressing the window between a vulnerability being disclosed and being weaponised[PwC].

6. Emerging Risk

Two emerging risks are on a trajectory to become structural within 24 months: agentic AI disruption to conversion funnels and Chinese competitor regulatory exposure.

Neither risk is fully priced. The financial impact of agentic shopping is not yet measurable. The financial impact of Chinese competitor tariff exposure is already in Walmart's and Amazon's guidance.

Agentic AI — software agents that complete purchases on behalf of users without visiting a retailer's product page or engaging with its advertising — is the risk that most directly threatens the customer acquisition economics of the entire e-commerce sector. Deloitte's Tech Trends 2026 identifies AI agents as collapsing the adoption S-curve from emerging to mainstream within 18–24 months[Deloitte Tech Trends]. The mechanism is direct: if a consumer's AI agent selects and purchases a product based on price, reviews, and availability rather than a sponsored search result or a retargeting ad, the paid-acquisition model that underpins e-commerce customer acquisition spend becomes structurally less effective. No company has yet reported material revenue impact from this dynamic, and no analyst has quantified the GMV exposure with the specificity needed to assign a financial figure. This is a theoretical risk with a credible timeline.

Emerging Risk Scenarios for US E-Commerce: 24-Month Outlook
Analyst-based probability assessments, Q2 2026
Bull
Agentic AI Creates New Platform Winners
25%
  • Amazon agentic checkout GMV >5% by Q4 2026
  • Shopify reports agentic-sourced transactions in 10-K
  • Gartner or Forrester document conversion lift from AI agents
Base
Tariff Repricing Levels the Competitive Field
55%
  • CBP parcel volumes fall below 800M in Q4 2026
  • Temu US GMV down >20% in H2 2026 filings
  • Amazon marketplace seller fees guidance revised upward
Bear
Agentic Disruption Combines With Rate Pressure
20%
  • Amazon North America advertising revenue growth <5% for two consecutive quarters
  • Forrester documents >10% conversion rate decline attributed to agentic bypassing
  • Fed holds rates above 4.5% through Q1 2027

Chinese competitor regulatory exposure is further along the materialisation curve. Temu and Shein built their US market positions on the de minimis exemption, and that exemption ends for non-USMCA goods on October 1, 2026. Goldman Sachs' Q2 2026 sector outlook identifies China's control of 60–90% of critical manufacturing inputs as a supply chain chokepoint with direct implications for marketplace seller margins[Goldman Sachs]. Charles Schwab's sector analysis flags tariffs and inflation as structural headwinds for consumer discretionary e-commerce, a category with 60%+ concentration in three stocks[Charles Schwab]. The risk for established US platforms is that the repricing of Chinese goods — upward — simultaneously removes a competitive threat (Temu/Shein price advantage narrows) and raises costs for the Chinese-sourced products that their own marketplace sellers sell.

Sustainability disclosure requirements for US e-commerce are currently a low-to-medium risk. No US federal mandate with a near-term effective date exists specifically for e-commerce, and the SEC's climate disclosure rule has faced legal challenges. The risk horizon here is 2027–2028, not 2026. Investors monitoring this space should track whether the SEC's appeal outcomes restore mandatory Scope 3 emissions reporting, which would have direct implications for logistics-heavy operators like Amazon and Walmart.

7. Risk Summary

Three risks are already materialising; two are theoretical but on a credible 24-month timeline.

The difference between a live risk and a theoretical one is whether it has shown up in an earnings call or a regulatory filing. Three of the five major risk categories have.

The risk landscape for US e-commerce in 2026 is defined by three forces that are already in the numbers — BNPL credit stress, interest rate pressure on discretionary spending, and tariff-driven supply chain repricing — and two that are on a trajectory to become material but have not yet shown up in reported financials: agentic AI disruption and cybersecurity tail risk from third-party supply chain attacks.

US E-Commerce Risk Matrix: Likelihood vs. Current Materialisation
Five risk categories rated across four dimensions, Q2 2026
Likelihood Already Materialising Financial Impact Investor Visibility
BNPL Credit Stress Very High Yes — in filings $24B GMV drag Earnings + CFPB
Interest Rate / Discretionary High Yes — Amazon, Etsy -$112B vs baseline FOMC + 10-Ks
Tariff / Supply Chain Certain Partially — Oct 2026 $10B+ imports CBP data + 10-Qs
Cybersecurity High Sector-wide $10.22M avg breach Low — post-event
Agentic AI / Regulatory Medium Not yet Structural — 24mo Low — no metric yet
Lower Higher

The key asymmetry for investors is between the risks that are linear and already priced (BNPL delinquency building on a known trend, rate pressure on a known schedule) and those that could accelerate non-linearly (a major ransomware event at a top-10 fulfilment operator, or an FTC injunction that forces Amazon to restructure marketplace fee disclosure ahead of the Q1 2027 trial). Neither ransomware nor regulatory structural relief are base-case assumptions — but both are in the plausible scenario set with named triggers available to monitor.

The single most important signal to watch across all risk categories in Q2 and Q3 2026 is the combination of Affirm's Q2 2026 delinquency rate (if it crosses 5%, the BNPL GMV drag exceeds Forrester's forecast) and the Federal Reserve's June 2026 dot plot (if it signals a cut, the interest rate and discretionary spending risk moderates). These two data points, available within the same six-week window, will do more to clarify the medium-term e-commerce risk picture than any other observable metric.

Intelligence Brief

Key things to remember

1

Affirm's Q2 2026 delinquency rate is the single most important number to watch this quarter.

If it crosses 5% — from 4.2% in Q1 — Forrester's $24 billion GMV drag forecast will need revision upward, and BNPL providers embedded in Amazon and Shopify checkouts will face pressure to tighten credit standards that directly reduce conversion rates.

2

The de minimis reform lands on October 1, 2026 — six months from now — and the inventory repositioning is already underway.

Amazon has booked $300 million in repositioning costs and Walmart has guided to $500 million in China import cost increases; marketplace sellers who have not shifted their sourcing by September 2026 will face an abrupt margin compression with no buffer.

3

The FTC's Click-to-Cancel rule (effective June 1, 2026) will make subscription e-commerce cancellation flows illegal in their current form at the majority of major platforms.

Shopify disclosed $50 million in engineering spend to comply; the rule affects every platform with a subscription or auto-replenishment model, and non-compliance after June 1 carries per-violation financial liability.

4

Third-party supply chain attacks now account for 30% of retail breaches — nearly double the 2023 level — but cybersecurity risk has low investor visibility until after an event.

UNFI's logistics system breach in 2025 caused downstream stock shortages across multiple e-commerce operators; the NRF found 61% of retailers now rate vendors as their biggest cyber exposure, but no pre-event metric currently surfaces this risk in public filings.

5

Amazon's $300 million litigation reserve for the FTC antitrust case understates the real business risk if the case results in fee caps rather than a fine.

BCG's November 2025 analysis puts structural breakup probability at 5% but estimates that fee caps — the more likely outcome — would deliver a 12% hit to Amazon's EBITDA; the trial is scheduled for Q1 2027.

6

Agentic AI is the only risk in this report that could change the e-commerce business model itself, not just its margins.

Deloitte's Tech Trends 2026 identifies the S-curve from emerging to mainstream at 18–24 months, meaning financial impact could show in reported conversion and advertising yield metrics by late 2027; Amazon's Rufus and Shopify's AI tools are the early defensive responses.

7

California's Delete Act is creating a Shopify merchant integration backlog that Gartner has already measured.

Gartner found in March 2026 that 25% of Shopify merchants reported compliance integration delays under AB 2430; if the New York Privacy Act passes and takes effect in July 2027, the compliance surface doubles for the largest US e-commerce markets.

About About this report

This report covers the specific, evidenced risks facing US e-commerce in 2025 and 2026 — financial, regulatory, operational, competitive, and emerging — rated by likelihood and current materialisation status.

It is for any reader who needs a structured, sourced picture of where US e-commerce risk is concentrated right now.

Ren compiled research across SEC filings, FTC regulatory dockets, congressional legislation records, Federal Reserve data, and analyst reports from Deloitte, BCG, Forrester, PwC, and Gartner.

The majority of data is from Q4 2025 through Q1 2026; regulatory status is current as of April 2026, though legislative timelines may shift.

Sources Sources & Methodology

Research conducted . All statistics carry inline citation markers.

Tier 1 — Primary sources
US Digital Commerce Forecast 2026 · Forrester · December 2025 · Industry research · Macro financial risk, BNPL risk, consumer spending projections
E-commerce Monitor Q1 2026 · McKinsey · January 2026 · Consulting research · Consumer trading-down behaviour, interest rate impact, capex signals
Global Trade Report 2026 · BCG · February 2026 · Consulting research · De minimis tariff impact projection, FTC concentration risk
E-commerce Concentration Report · BCG · November 2025 · Consulting research · Amazon market concentration, FTC fee cap impact estimate
Q1 2026 E-commerce Outlook · Deloitte · February 2026 · Consulting research · APRA compliance cost estimate, regulatory risk section
Tech Trends 2026 · Deloitte · 2025 · Consulting research · Agentic AI risk, S-curve timeline
FOMC Statement and Economic Projections · Federal Reserve · March 2026 · Government regulator · Interest rate risk, macro financial risk
Privacy Compliance Report · Gartner · March 2026 · Industry research · California Delete Act compliance delays, regulatory risk
Global Digital Trust Insights 2026 · PwC · 2025 · Consulting research · Cybersecurity investment priorities, AI threat acceleration
Tier 2 — Supporting sources
Amazon Annual Report 10-K FY2025 · Amazon / SEC EDGAR · February 2026 · SEC filing · Interest expense, discretionary revenue growth, litigation reserves, privacy compliance costs
Amazon 10-Q Q1 2026 · Amazon / SEC EDGAR · April 2026 · SEC filing · Inventory repositioning costs, CFPB compliance costs
Shopify Annual Report 10-K FY2025 · Shopify / SEC EDGAR · February 2026 · SEC filing · Cross-border GMV, FTC engineering spend, revenue concentration risk
Walmart Q4 FY2025 Earnings Call · Walmart · February 2026 · Earnings transcript · BNPL defaults, China import cost guidance, rate impact on big-ticket sales
Affirm Q1 2026 Earnings Call Transcript · Affirm Holdings · April 2026 · Earnings transcript · BNPL delinquency rates, loan loss provisions
Klarna Q4 2025 Financial Results · Klarna · February 2026 · Company financial results · BNPL delinquency rates, reserve build
Target 10-Q Q3 FY2025 · Target / SEC EDGAR · November 2025 · SEC filing · Online discretionary revenue decline
Etsy Q4 FY2025 Earnings · Etsy · February 2026 · Earnings transcript · Discretionary revenue decline, rate sensitivity
HR 6213 Import Security Act, Public Law 119-45 · Congress.gov · March 2026 · Legislation · De minimis tariff reform, effective date, scope
Section 301 Notice 2025-003 · USTR · September 2025 · Government regulator · China Phase 4 tariff escalation
FTC Docket 1923072 — Amazon Subscribe & Save Settlement · Federal Trade Commission · December 2024 · Regulatory enforcement · FTC enforcement section
FTC 16 CFR Part 464 Click-to-Cancel Final Rule · Federal Trade Commission · November 2024 · Regulatory rule · Regulatory risk section, compliance cost estimates
California AB 2430 Delete Act, Chapter 888 · California Legislature · October 2024 · State legislation · Regulatory risk section, effective date, fines
BNPL Oversight Rule Federal Register · Consumer Financial Protection Bureau · December 2025 · Government regulator · BNPL regulatory risk, effective date
Employment Situation Summary March 2026 · Bureau of Labor Statistics · March 2026 · Government statistics · Unemployment rate context for BNPL delinquency
State of Ransomware 2025 · Sophos · 2025 · Industry research · Retail ransomware attack frequency, root causes
CISA Known Exploited Vulnerabilities — CVE-2025-61882 · CISA · October 2025 · Government regulator · Cybersecurity risk section, Oracle zero-day
Q2 2026 Sector Outlook · Goldman Sachs · 2026 · Analyst research · Chinese competitor regulatory exposure, critical minerals
Consumer Discretionary Sector Outlook · Charles Schwab · 2026 · Analyst research · Tariff and inflation impact on consumer discretionary e-commerce
Tier 3 — Additional sources
Top 7 Cyber Threats Facing Retailers in 2025 · ArmorPoint · August 2025 · Industry blog · AI-driven daily attack volume statistics
Cyber Risk Vendor Survey · National Retail Federation · 2025 · Trade association research · Third-party vendor risk rating among retailers
Conflicting sources

Klarna Q1 2026 delinquency rate — Klarna Q4 2025 results reported 3.9% US delinquency vs No Q1 2026 Klarna data available at time of writing. Line trend chart uses null for Klarna Q1 2026 to avoid fabricating a figure; only Q4 2025 data is cited.

Data gaps

No public data from UPS, FedEx, or USPS on 2025–2026 contract renegotiations or surcharge schedules specific to e-commerce volume commitments. Last-mile delivery cost pressure analysis could not be quantified. Cybersecurity section confidence capped at MEDIUM as a result.

Warehouse labour shortage data for 2025–2026 was not available in the research compiled. The Bureau of Labor Statistics data referenced covers general unemployment, not e-commerce-specific labour market conditions.

AWS and Shopify platform-specific outage financial impact data is not publicly disclosed. Technology concentration risk from platform dependencies could not be quantified beyond general ransomware industry data.

Cart abandonment rate trends for 2025–2026 were not available from named sources. The Baymard Institute URL was in the research citations but no specific 2025–2026 figures appeared in the research data.

CFPB complaint volume data against named BNPL providers was not available in the research compiled. Investors should monitor CFPB's public complaint database directly.

American Privacy Rights Act (APRA) passage probability relies on a single Deloitte estimate. Confidence in federal privacy legislative timeline is MEDIUM. No second Tier 1 source corroborates the passage odds or timeline.

This report is produced for informational purposes only. It does not constitute financial, legal, or investment advice. All data is sourced from publicly available information as at the date of research. Renatus Ventures makes no representations as to the completeness or accuracy of third-party data.