Human Rights Due Diligence for ESG Investors
What Are Investor Responsibilities Under the UN Guiding Principles on Business and Human Rights?
Human rights due diligence occupies a specific position in the ESG landscape: it addresses how companies identify, prevent, mitigate, and account for adverse impacts on human rights across their operations and value chains. The foundational framework — the UN Guiding Principles on Business and Human Rights (UNGPs) — was endorsed by the UN Human Rights Council in 2011 and has since been embedded in the EU Corporate Sustainability Due Diligence Directive, the OECD Due Diligence Guidance for Responsible Business Conduct, and multiple national legislation frameworks.
Human rights due diligence (HRDD) is an ongoing process through which a company identifies, prevents, mitigates, and accounts for how it addresses its adverse human rights impacts — covering its own operations, the operations of its direct suppliers, and the rest of its value chain where it has or can have leverage.
Key Takeaways
- The UN Guiding Principles define a "protect, respect, remedy" framework: states protect human rights, businesses respect them, and both provide access to remedy when violations occur.
- Mandatory human rights due diligence is now law in France (Loi de Vigilance, 2017), Germany (LkSG, 2023), Norway (Åpenhetsloven, 2022), and the EU (CSDDD, adopted 2024).
- ESG investors have parallel responsibilities under the UNPRI to consider human rights risks in investment decision-making and engage investees.
- Key human rights risk categories for corporate investors include forced labor, child labor, land rights violations, freedom of expression, and privacy.
- The International Bill of Human Rights (UDHR + ICCPR + ICESCR) and ILO Core Conventions define the baseline human rights standards referenced in HRDD frameworks.
The UN Guiding Principles: The Foundational Framework
The UNGPs were developed under the leadership of Professor John Ruggie as UN Special Representative on Business and Human Rights (2005–2011). They rest on three pillars:
Pillar 1: State Duty to Protect — Governments must protect against human rights abuses by third parties, including businesses, through effective policies, legislation, regulations, and adjudication.
Pillar 2: Corporate Responsibility to Respect — Companies must respect human rights throughout their operations and value chains. This does not require businesses to become guarantors of human rights — but they must avoid causing or contributing to adverse impacts and address such impacts when they occur.
Pillar 3: Access to Remedy — Both states and businesses must provide access to effective remedy for victims of business-related human rights abuses, through judicial, non-judicial state-based, or non-judicial non-state mechanisms.
The corporate responsibility to respect under Pillar 2 is operationalized through four steps:
- Policy commitment: A publicly stated commitment to respect human rights
- Human rights due diligence: The ongoing process of identifying and addressing adverse impacts
- Remediation: Providing remedy for actual harms
- Communication: Reporting on how impacts are addressed
The HRDD Process in Practice
Step 1: Scope and Prioritize
A company cannot conduct equal-depth due diligence across its entire value chain. The first step is identifying which human rights are most at risk given the company's sector, geography of operations, and supply chain structure. Tools include:
- Human rights impact assessments (HRIAs) for high-risk operations
- Country-level human rights risk indices (Business & Human Rights Resource Centre country profiles, Maplecroft Human Rights Risk Index)
- Sector-level salient human rights risks (e.g., migrant worker recruitment fees in electronics assembly; land rights in extractives; child labor in cocoa, cotton, and tobacco)
Step 2: Assess Impacts
Impact assessment covers two types:
- Actual impacts: Harms that have already occurred or are occurring
- Potential impacts: Risks of harm that have not yet materialized
Linkage type matters for responsibility determination:
- Cause: The company directly causes the harm (e.g., discriminatory hiring in own operations)
- Contribution: The company contributes to harm caused by another party (e.g., providing equipment used in violations)
- Direct linkage: Harm occurs in supply chain through business relationship without cause or contribution; still requires leverage-based response
Step 3: Integrate and Act
Prevention and mitigation actions are integrated into procurement contracts, supplier codes of conduct, capacity building programs, and operational procedures. Where the company lacks leverage to address supply chain impacts, options include: building leverage by aggregating with other buyers, escalating the relationship, or exiting as a last resort.
Step 4: Track Effectiveness and Communicate
HRDD is ongoing, not a one-time exercise. Effectiveness tracking uses indicators like grievance mechanism uptake rates, audit findings trends, and worker survey results. Communication requirements under CSDDD and ESRS S1/S2 require annual reporting on due diligence processes and outcomes.
Mandatory HRDD Legislation
France: Loi de Vigilance (2017)
France's Corporate Duty of Vigilance Law requires companies with 5,000+ French employees or 10,000+ worldwide to publish an annual vigilance plan covering:
- Risk mapping
- Regular assessment of subsidiary and supplier situations
- Appropriate actions to mitigate risks
- Alert mechanisms and grievance systems
- Monitoring implementation
Civil liability attaches to failure to establish or effectively implement the vigilance plan. French NGOs have filed lawsuits against TotalEnergies (Uganda oil pipeline), EDF, and others under the law.
Germany: LkSG (2023)
The German Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz) applies to companies with 1,000+ German employees from 2023. It requires:
- Risk analysis in own operations and direct (tier 1) suppliers
- Preventive measures and remediation
- Complaints procedures
- Supply chain due diligence reporting
Enforcement is by Germany's Federal Office for Economic Affairs and Export Control (BAFA), which can impose fines up to 2% of global annual turnover. Critically, LkSG does not create private civil liability — a distinction from CSDDD.
EU CSDDD (2024)
The EU Corporate Sustainability Due Diligence Directive, adopted in May 2024, supersedes and aligns national HRDD laws across EU member states. It creates civil liability — persons suffering damages from a failure to comply with due diligence obligations can seek compensation in member state courts, subject to a five-year statute of limitations.
Investor Responsibilities
UNPRI and Human Rights
The United Nations-supported Principles for Responsible Investment include Principle 1 (incorporate ESG issues into investment analysis) and Principle 2 (be active owners incorporating ESG issues into ownership policies and practices). The UNPRI's 2020 blueprint on a decade of responsible investment explicitly identifies human rights as a core investor responsibility alongside climate and governance.
The UNPRI's 2022 Spring Report on human rights found that over 80% of surveyed signatories lacked a standalone human rights policy, though this is improving.
The Investor Agenda on Human Rights
Investors have two distinct roles in the human rights due diligence ecosystem:
As enterprise-level actors: Large asset managers with direct employees, service providers, and business relationships have their own HRDD obligations, particularly under CSDDD where they meet the size thresholds.
As capital allocators and owners: Investors' primary leverage is through investment decision-making and active ownership. Human rights considerations can be integrated into:
- Security selection: Flagging companies with documented serious human rights violations as elevated risk
- Engagement: Requesting UNGP alignment, HRDD reporting, and grievance mechanism quality improvement
- Escalation: Voting against directors at companies with persistent serious violations
- Collaborative engagement: Working through UNPRI Human Rights Engagements and the Investor Alliance for Human Rights
The Investor Alliance for Human Rights
The Investor Alliance for Human Rights, coordinated by the Business & Human Rights Resource Centre, brings together over 200 investors to engage companies on human rights due diligence. Key focus areas include migrant worker rights in supply chains, land rights around infrastructure projects, and digital rights for technology companies.
Salient Human Rights Risks by Sector
Different sectors present systematically different human rights risk profiles:
Electronics / ICE manufacturing: Migrant worker recruitment fees (debt bondage risk) in Malaysia, Thailand, and Gulf states; tin and tantalum sourcing from conflict-affected regions; privacy and expression in consumer technology.
Apparel / Footwear: Forced overtime, unsafe conditions, suppressed freedom of association in supplier countries; Xinjiang cotton; child labor in cotton ginning.
Food and Beverage: Child labor in cocoa (Côte d'Ivoire, Ghana), coffee, and tobacco; seasonal agricultural worker exploitation; water rights conflicts in water-stressed agricultural regions.
Extractives (Mining, Oil and Gas): Land rights violations against Indigenous peoples and local communities; security force conduct (Voluntary Principles on Security and Human Rights); artisanal mining child and forced labor (OECD Minerals Guidance).
Financial Services: Financial exclusion; privacy and data misuse; algorithmic discrimination in lending and insurance.
Common Mistakes
Treating human rights policy publication as equivalent to HRDD implementation. A published human rights policy without documented assessment processes, action plans, and grievance mechanism reporting is cosmetic. CSDDD assesses implementation, not just policy.
Conflating human rights due diligence with social auditing. HRDD is broader: it requires genuine stakeholder engagement with potentially affected persons, not just compliance verification. The UNGPs explicitly state that HRDD cannot be outsourced entirely to audits.
Ignoring digital and privacy rights. For technology companies, privacy, freedom of expression, and algorithmic non-discrimination are salient human rights risks that do not appear in traditional labor and supply chain audit frameworks.
Frequently Asked Questions
What is the difference between human rights risk and human rights impact? Human rights risk is the risk to the company from adverse human rights impacts (reputational, legal, financial risk). Human rights impact is the risk to people from business activities. HRDD frameworks center the risk to people, not just the risk to the company — a conceptual distinction that matters for how due diligence is designed. Investor-side analysis rightly focuses on both.
Do the UNGPs apply to financial intermediaries? Yes. The UNGPs apply to all business enterprises regardless of size or sector. The UN Working Group on Business and Human Rights has issued specific guidance on financial sector application. CSDDD explicitly covers "regulated financial undertakings" for their own operations (though the final text narrowed the supply chain due diligence requirements for financial sector downstream activities).
Related Concepts
Summary
Human rights due diligence is moving rapidly from voluntary best practice to mandatory legal obligation through the CSDDD, German LkSG, French Loi de Vigilance, and Norwegian Åpenhetsloven. The UNGP framework provides a robust conceptual architecture centered on the corporate responsibility to respect human rights through ongoing assessment, prevention, remediation, and communication. For ESG investors, HRDD quality is both an ethical consideration and a financial risk indicator: companies with mature HRDD processes face lower event risk from supply chain violations and are better positioned for CSDDD compliance. The practical focus should be on HRDD process quality — risk prioritization, genuine stakeholder engagement, grievance mechanism effectiveness — rather than policy statements alone.