The EU’s Mandatory Human Rights Due Diligence: Be Prepared, Not Worried

The idea that businesses should take care not to engage in or enable human rights violations in their overseas operations is not novel. Corporate social responsibility is a principle that has been around nearly as long as corporations themselves, and in recent years it has been codified into widely-praised global standards such as the UN Guiding Principles on Business and Human Rights. A key premise of such standards is that they are voluntary, or at least not intended to carry the force of law. Rather, they represent codes of conduct that businesses should aspire to, and that investors should encourage.

That may soon change. Over the past year, the European Union has made substantial progress towards expanding the due diligence duties of firms operating in European markets to cover human rights and environmental risks. Draft legislation released in September and revised in January requires EU member states to take measures to ensure businesses prevent and conduct ongoing monitoring for “operations and business relationships [that] cause or contribute to any human rights, environmental or governance risks.” Those measures include requiring firms to “make all reasonable efforts to identify subcontractors and suppliers in their entire value chain.”

The draft legislation is closely modeled on the UN Guiding Principles, but with a major twist: it makes due diligence into human rights and environmental abuses a “legal duty” with associated penalties for non-compliance. Significantly, the draft legislation not only empowers government actors to bring criminal charges under the law, but also entitles persons whose rights have been violated by due diligence breaches to seek civil remedies. In other words, if a covered firm’s suppliers engage in human rights abuses, the victims can sue the firm for compensation. As for penalties, the draft law states they should be “effective, proportionate, and dissuasive.”

The EU draft law applies to “undertakings,” a legal term of art that covers not only firms registered or having their primary place of business in Europe, but also includes any person or entity engaged in economic activity in Europe. That could mean, for example, selling goods or services into European markets. As a result, the law, if passed in its current form, could have a profound effect on compliance obligations well beyond EU borders, not unlike the shifts seen after the passage of the Foreign Corrupt Practices Act and USA PATRIOT Act in the United States.

So what should firms do in the face of what may be a possible paradigm shift in compliance? The good news is that, while a legal duty to prevent and detect human rights and environmental abuses may be unprecedented, the due diligence capabilities needed to meet that duty already exist. Many of the same tools and methodologies that have proven effective in mitigating corruption and sanctions-related risks in foreign operations and supply chains lend themselves to emerging risk categories of the kind contemplated in the EU legislation.

The techniques and sources that can identify, for example, whether a particular supplier or subcontractor has sold dual-use technologies to Iran are equally useful in obtaining intelligence about human rights violations and unsound ecological practices in a client’s operations. Both efforts require a granular and nuanced understanding of the client’s industry, strong source networks up and down the client’s value chain, a refined sense of the comparative risks presented by particular sectors and jurisdictions, and the ability to respond quickly to new information.

Such expertise can help firms navigate what might otherwise seem like a daunting and impossibly vast risk landscape. The draft EU legislation, like most existing regulatory frameworks, is not a strict liability regime, but rather one organized around reasonable risk identification. That means being able to spot which elements of a supply chain or foreign operation pose heightened risks, and thus put a particular burden on a firm to show it took necessary precautions before and during a specific commercial relationship. In many cases, regulators and enforcers are likely to look favorably on good faith efforts to manage high-risk engagements if a covered firm engaged a thoughtful investigator, who should be ready to meet the challenge of the EU’s new compliance mandate.

For many companies, mandatory due diligence into human rights and environmental risks may seem like uncharted waters, but with the help of capable investigators, businesses can look forward to smooth sailing in the years ahead.