Skip to content
Navigation
  • Home
  • Downstream Due Diligence

Identifying and addressing risks downstream

Downstream human rights risks can arise through how products and services are used, misused, modified, or integrated into other products and services - often beyond the point of sale. Developing processes to enable effective downstream human rights due diligence can help companies identify, prevent, mitigate and account for these risks in practice.
 


Turning attention downstream 

Downstream human rights due diligence can be understood as human rights due diligence on products and services, and business relationships arising from the production phase onwards to the point of sale and beyond, placing particular focus on how products and services will be used and by whom. Human rights due diligence should be seen as a continuous and dynamic process. Risks can change over time, so effective due diligence requires both proactive elements (where potential risks can be identified in advance), and reactive elements (where risks become more likely or harms occur and action is required to prevent or mitigate).


Why downstream human rights due diligence matters

A holistic value chain approach is a core expectation of the UN Guiding Principles on Business and Human Rights (UNGPs) and the OECD Guidelines. Human rights due diligence (HRDD) is intended to cover the whole range of possible impacts companies may have across their value chains. It is meant to help companies understand the risks that are present or likely to arise in their value chains, and can show what they are doing to address these risks to support rights-respecting practices. Failing to look downstream can create significant blind spots and damaging consequences to reputation, market access and business partnerships, as well as significant out-of-court settlements or provision for large-scale remediation where impacts occur.
 


Access our key resources on downstream due diligence

Image of a container ship moving downward on deep blue water

ACCESS OUR DOWNSTREAM DUE DILIGENCE RESOURCE

READ OUR DOWNSTREAM DUE DILIGENCE BLOG

ACCESS OUR DOWNSTREAM DUE DILIGENCE PODCAST

Identifying downstream risks


Ways to identify risks connected to products, services and business models

  • Assess whether the company’s business model elevates risk (for example, where there is little visibility over end use, or where incentives encourage the sale of goods or services that may negatively affect people).
  • Conduct human rights impact assessments on existing products and services to identify impacts they may cause, contribute to, or be directly linked to downstream, supported by consultation with actually or potentially affected stakeholders or appropriate proxies.
  • Identify potential impacts from new products/services early in the research and development cycle so that addressing risk can become part of the design brief.
  • Where products/services are added through merger or acquisition, assess how acquired offerings could pose risks to people.
  • Consider whether there are risks inherent in markets and operational contexts that could give rise to downstream human rights risks.
  • Put processes in place to identify new and emerging issues over time, including using operational-level grievance mechanisms to surface concerns linked to products and services.

Ways to identify end-user, customer and downstream business partner risks

  • Define the risk factors and determinants of misuse relevant to the company’s products and services.
  • Assess potential risks from use and misuse by end users, including where certain end users may face heightened risks.
  • Assess risks inherent in customers’ markets or operational contexts, including where the context may elevate the likelihood of misuse or harm.
  • Assess how customers operationalise their responsibility to respect human rights, including their approach to identifying and addressing misuse and onward sales risk.
  • Enable sales teams to support risk identification, recognising that sales colleagues may be closest to customers and can help surface risk indicators when trained and supported. 

Integrating findings and acting on identified risks

  • Before or at the point of sale
    • Build a screening process so transactions that trigger concern are scrutinised more closely.
    • Build on existing processes where possible (for example, pre-bid screening).
    • Consider relevant contextual factors, such as whether a prospective customer is a government or state-owned entity, a politically exposed person, or subject to sanctions.
    • Where used, internal watchlists can flag transactions for scrutiny when created in Customer Relationship Management (CRM) systems.
    • Post-sale, ensure operational-level grievance mechanisms are open to those impacted by products and services, to provide an ongoing check on the effectiveness of due diligence.
       
  • Governance and decision-making
    • Put in place robust governance with clear lines of accountability to support day-to-day decisions and help prevent repeat harms.
    • Establish mechanisms to review issues escalated by sales colleagues.
    • Some companies use a decision tree to assess severity, degree of involvement, and reasonable foreseeability; they then refer cases to human rights subject-matter experts as needed.
  • Distribution partners
    • Where the customer and end user are not the same, encourage channel partners and other customers to establish similar downstream due diligence processes to reduce the risk of direct linkage to harms.
  • Product and service design
    • Build human rights protections into products and services from the start, rather than trying to fix problems after launch. This means thinking early about who might be harmed by a product or service, how it could be misused, and what safeguards can reduce those risks. For example, many companies already apply “privacy by design”; the same approach can be used to help prevent other human rights harms too.
    • Where the company is unlikely to have a relationship with end users, consider whether tracking batch or product-level unique identifiers could improve traceability. This can help prevent recurrence of sales through distribution channels where misuse has been 
  • Contractual approaches
    • Use contractual stipulations that limit end-user ability to use products or services in ways that adversely impact human rights.
    • Use contracting as an entry point to communicate the company’s approach and to gauge counterpart commitment and capability.
    • Where human rights language cannot be secured (including where leverage is limited, such as with some state-owned enterprises or government customers), some practitioners find common ground using terms like “responsible business conduct” and/or referencing protections in national law.
    • A clear policy commitment can support negotiations.
       
  • Leverage after contracting
    • Where feasible, explore audit rights as part of contractual negotiations.
    • Where there is an ongoing relationship with end users through after-sales service, support, or warranty offerings, this can provide additional leverage to help prevent misuse or unintended use that could result in adverse impacts.
    • Provide training and guidance to customers on acceptable ways of using your products or services, particularly where there is a potential for misuse or unintended/unforeseen use. In certain industries and transactions. capacity-building support can increase customer willingness to engage on human rights issues.
       
  • Tracking and communicating effectiveness
    • Use qualitative and quantitative measures to understand whether policies and processes are implemented optimally and whether responses to identified impacts are effective.
    • Consider developing relevant KPIs and metrics to assess the effectiveness of the downstream due diligence programme.
    • Communicate meaningfully on the nature and extent of the downstream due diligence programme and the principal outcomes.
    • Ensure transparency and accountability to impacted people and other relevant stakeholders.
       

Insights from business practice

What the UNGPs say

The UN Guiding Principles on Business and Human Rights (UNGPs) are grounded in the expectation that companies must be able to “know and show” that they respect human rights in practice. The same expectation of transparency and accountability applies to downstream due diligence, including where impacts are directly linked to a company’s products or services through business relationships.

The UNGPs provide for human rights due diligence to cover potential impacts across the entire value chain, including downstream.

The responsibility to respect applies downstream

The UNGPs’ corporate responsibility to respect human rights includes a responsibility for companies to seek to prevent or mitigate adverse human rights impacts that are directly linked to their operations, products or services by their business relationships, even if the company has not contributed to those impacts.

This means downstream considerations are not limited to what happens in supply chains. Both the UNGPs and OECD Guidelines define HRDD as covering the whole range of possible impacts companies may have across their value chains.

An effective risk-based HRDD process includes downstream risks

A risk-based approach to prioritisation may lead a company to focus on where impacts are most severe, and in many cases this has meant greater attention to upstream contexts. However, the UNGPs make clear that downstream risks still need to be considered where they are present and salient in order to manage risk effectively.

Due diligence is continuous, dynamic, proactive and reactive

Human rights risks can change over time, including due to changes in operations or operating contexts. The UNGPs therefore imply an ongoing or iterative approach to due diligence.

In practice, this includes both:

  • Proactive steps where risks can be identified and mitigated in advance; and
  • Reactive steps when impacts occur or circumstances change in ways that make impacts more likely, requiring action to prevent or mitigate them.

The actions a company will be expected to take to respect human rights are dynamic in nature.

“Directly linked” still requires action

The UNGPs also note an important implication for downstream contexts. If a company does not act to address a situation where it is directly linked to a human rights harm, this may elevate the situation to one where the company is seen to be contributing to the harm. 

Tracking and communicating downstream HRDD

Human rights due diligence is intended to ensure companies understand the risks present in their value chains and can show what they are doing to address these risks.
The expectation that businesses must be able to “know and show” that they respect human rights in practice underpins transparency and accountability to impacted people and other relevant stakeholders, and the same expectation applies to downstream due diligence.
 

Increasing litigation and reputational risk downstream

There is growing recognition of exposure where a company “knew or ought to have known” impacts could occur downstream, for example:

  • Begum v Maran (UK) Ltd [2021] EWCA Civ 326 – a claim relating to the sale of a ship for scrappage and alleged unsafe disposal resulting in loss of life.
  • The United States opioid settlements - including Walmart (US$3.1bn), CVS/Walgreens (near US$10bn), and McKinsey (US$573m).
  • The French (Amesys) case involving alleged complicity in torture in Libya linked to surveillance technology.
  • A broad set of downstream issues raised through OECD National Contact Points, including sales of surveillance equipment/arms/tear gas, drugs used in lethal injections, construction machinery linked to illegal occupation, financing linked to impacts, and other downstream linkages.


Further resources