How will EU Member States enforce the new EU mandatory human rights and environmental due diligence laws? What disclosure will be expected of companies and what steps will be deemed adequate?
Shift, the highly influential centre of expertise on the UN Guiding Principles on Business and Human Rights, has released a discussion draft seeking to inform the development and enforcement of these new laws. The draft provides valuable insight into the criteria that national regulators could use in assessing the quality of a company’s diligence practices by proposing six “signals of seriousness” for human rights due diligence:
- Governance of Human Rights;
- Meaningful engagement with affected stakeholders;
- Risk identification and prioritisation;
- Taking action on identified risks;
- Monitoring and evaluating progress in addressing risks; and
- Providing and enabling remedy.
How many companies can confidently assert that they currently exhibit these six signals? We highlight Shift’s helpful criteria in this Blog Post.
Shift’s “key signals” are grouped into six broad areas, which are substantially reproduced below.
Signal 1: Governance of Human Rights
The company’s most senior governing body:
- is supported by human rights expertise informed by the perspective of affected stakeholders;
- regularly discusses progress and challenges in addressing the company’s salient human rights risks;
- reviews the company’s business model and strategy to ensure any inherent human rights risks are identified and addressed;
- formally approves targets for addressing salient human rights risks; and
- ensures that company leadership is accountable for addressing the company’s salient human rights issues.
Signal 2: Meaningful engagement with affected stakeholders
The company identifies which stakeholders are likely to be the most vulnerable to impacts in connection with its operations and value chain, and:
- seeks insight into their perspectives; and
- has structures or processes to hear and respond to stakeholder perspectives.
The company’s decisions and actions with regard to identifying, assessing and prioritising risks, and tracking how effectively it addresses them, are informed by stakeholder perspectives.
The company engages with these stakeholders to identify whether they are aware of and trust existing structures or processes as a way to raise concerns or grievances and have them addressed.
Signal 3: Risk identification and prioritisation
The company’s processes for identifying human rights risks:
- encompass its operations and business relationships throughout its value chain;
- include impacts the company may cause, contribute to or be linked to;
- include risks inherent in its business model and strategy;
- go beyond identifying impacts that the company considers it can control or impacts that could lead to liability for harms;
- draw on a variety of well-informed sources to identify relevant risks; and
- are iterative and responsive to changes in the risk environment.
The company’s prioritisation of its salient human rights risks:
- is determined by the severity of the potential impacts on people, not by risk to the business;
- is not determined by where the company has leverage or what it considers easiest to address; and
- is updated in light of new or emerging risks.
Where the company focuses its initial assessment of risks on certain parts of the business, these are selected based on the severity and likelihood of the risks to people, and the company progressively expands its focus into other parts of the business.
Where the company has a broader risk management system, the company ensures that its salient human rights risks are appropriately reflected in that system.
Signal 4: Taking action on identified risks
The company’s main activities to prevent or mitigate human rights risks:
- are focused on outcomes for affected stakeholders;
- directly relate to the company’s salient human rights risks and are proportionate to them;
- directly engage those parts of the business whose actions or omissions can influence outcomes for affected stakeholders; and
- include measures to address any contribution of the company’s own activities to its salient risks.
The company takes steps to build leverage to influence others where its existing leverage is insufficient to prevent or mitigate risks, including disengagement as a form of leverage.
The company identifies where collective leverage is needed, and collaborates with relevant stakeholders, peer companies and/or experts to advance outcomes for affected stakeholders.
Signal 5: Monitoring and evaluating progress in addressing risks
The company sets targets that are:
- articulated in terms of the intended outcomes for affected stakeholders;
- relevant to addressing the company’s salient human rights risks as well as specific, measurable, achievable and time- bound; and
- developed with input from internal or external subject-matter experts and, wherever possible, from affected stakeholders.
The company monitors and evaluates progress towards the targets based on a set of indicators that, together:
- are used to evaluate progress toward the targets;
- enable analysis of the reasons for progress or setbacks; and
- factor in feedback from affected stakeholders and/or their legitimate representatives.
The company discloses its progress, including explanations of any setbacks and resulting changes in strategy.
Signal 6: Providing and enabling remedy
The company engages constructively when there are allegations of human rights-related impacts in its operations or value chain to understand the issues raised and the perspectives of affected stakeholders.
When providing remedy for impacts it has caused or contributed to, the company goes beyond measures to prevent the impact recurring to consider what other forms of remedy to best address the harms to affected stakeholders, taking into account their perspectives.
The company evaluates its actions to provide remedy for their effectiveness in delivering outcomes that are satisfactory to affected stakeholders.
The company uses its leverage to support the development and implementation of effective grievance mechanisms in its value chain that are capable of providing remedy to affected stakeholders.
The company draws on information from its own grievance mechanisms to inform the early identification and mitigation of risks to people and to improve its due diligence processes.