By Jon Drimmer, GBI North America Advisor
With the continued progress of an EU Corporate Due Diligence and Corporate Accountability legal requirement, multi-national companies may soon be compelled to pay as much attention to their customers, end-users, and other “downstream” actors as they do to their “upstream” supply chains. Since the UK adopted its Modern Slavery Act in 2015, companies around the world have increasingly instituted processes to address human rights risks in their supply chains.
Far fewer efforts have been devoted to the human rights implications of company products and services, although the UN Guiding Principles on Business and Human Rights (UNGPs) draws no distinction between upstream and downstream in the value chain.
While there is no guarantee that the European Commission will take a similar tack, the current European Parliament Legal Affairs Committee “provisional” draft directive follows the UNGPs approach, and covered companies soon may be expected to institute significant steps to mitigate risks that their products are being used in connection with negative human rights impacts.
Responsible product usage risks span a wide spectrum. For example, a chemical fertiliser, overwhelmingly used for farming purposes, might be still misused as an ingredient for an explosive. Pharmaceutical drugs, such as opioids, may pose addiction and overdose risks if misused or misprescribed. Information technologies, including AI, facial recognition and surveillance products, can have myriad legitimate uses while also being used to violate human rights in a wide variety of ways.
While to date attention has focused largely on supply chain issues, the UNGPs specifically contemplate that human rights responsibilities extend to downstream use of products by consumers and end-users. UNGP 13(b), a foundational principle, states that businesses must “[s]eek to prevent or mitigate adverse human rights impacts that are directly linked to their operations, products or services by their business relationships, even if they have not contributed to those impacts.”
The notion of human rights responsibilities extending to company products is also referenced in: UNGP 16, regarding a company’s policy commitment; UNGP 17, regarding human rights due diligence; and UNGP 19 regarding integrating findings from impact assessments. Further, the commentary to UNGP 17 specifically references company “clients” in the context of prioritising human rights diligence.
However, hard laws over the last 20 years have focused almost exclusively on supply chains. These include California’s Transparency in Supply Chains Act, a precursor to the UK Modern Slavery Act, which in turn was a precursor to a similar Australian law. The United States now is actively enforcing Section 307 of the Tariff Act of 1930, seizing goods at its borders where there is a suspicion that overseas suppliers produced them with forced labour.
Germany’s forthcoming mandatory supply chain due diligence law focuses on upstream actors, as do France’s Duty of Vigilance Law and the Dutch child labour law. While there have been some government efforts to target downstream human rights activities – such as tech products like surveillance equipment and AI, and export control restrictions around products sold to certain companies in China – these examples remain fairly isolated.
The EU’s proposed legislation on corporate due diligence and accountability may bring a change in this direction. The publicly available proposal from the European Parliament’s Committee on Legal Affairs applies to human rights, environmental and governance risks and impacts throughout company value chains, covering all “business relationships.”
Consistent with the UNGPs, it defines “business relationships” as transversing “throughout its entire value chain,” including those “directly linked to the undertaking’s business operations, products or services.” As with the UNGPs, the proposal further defines “value chain” as “business relationships and investment chains of an undertaking,” and “includes entities with which the undertaking has a direct or indirect business relationship, upstream and downstream, and which either (a) supply products, parts of products, or services that contribute to the undertaking’s own products or services, or (b) receive products or services from the undertaking.”
Much as in the early days of supply chain due diligence, companies will have to adjust. Among the steps they might consider are:
- Strategy and leadership at the board level to understand how company products and services may be misused, and how management is addressing those risks.
- Due diligence on products and customers to determine the likelihood that a company product or service may be misused generally or following a specific transaction.
- Policies and procedures addressing responsible use and/or product misuse, both in the sales process and in customer and end-user usage.
- Training relevant employees, resellers, contractors and even potentially customers and end-users.
- Additional controls or processes where higher risk situations are present, such as limiting the volume or duration of sales, changing technical requirements, heightened internal approvals, and relevant contractual terms.
- Monitoring potential product misuse through media reports, grievance mechanisms, or engagement with civil society, and initiating investigations and reviews when concerns are identified.
While the focus on human rights in supply chains is now engrained in many human rights programmes, the EU legislation is likely to make the “other” side of the value chain – customers and end-users – equally relevant. Companies would be wise to begin preparing.