Our key takeaway: Yes, human rights due diligence (HRDD) expectations apply to the full value chain, including downstream. This is the answer from international standards, and the EU’s Corporate Sustainability Due Diligence Directive may follow their lead, depending on how final negotiations play out. The same basic principles of HRDD apply across the full value chain - although it may look different for downstream business relationships. Some tips: map potential risks and impacts inherent to a product, service or model, starting as early as possible, for example at the design stage or when considering mergers and acquisitions; identify risks that may be specific to a particular context or type of customer; work with functions across the business, like sales, to identify, prevent and mitigate risks of product misuse; embed governance and HRDD processes at key stages in the downstream value chain; find creative ways to build leverage with downstream customers and end-users, for example through contractual clauses with customers and distributors and design features that limit the risk of product misuse; and track and communicate transparently about effectiveness of these efforts, especially if impacts do arise.
The Global Business Initiative on Human Rights (GBI) published Effective Downstream Human Rights Due Diligence: Key Questions for Companies (February 2023). In parallel, the Danish Institute for Human Rights (DIHR) released a compendium of company practice examples, Due Diligence in the Downstream Value Chain: Chase Studies of Current Company Practice (February 2023):
- Identifying and assessing downstream risks: Human rights risks and impacts can occur downstream as a result of products, services or the fundamental business model of the company. The paper points out that “[m]any such risks can be identified in advance of the product or service coming to market. Integrating human rights due diligence at an early stage of the product or service development cycle can help companies identify and assess such risks in a timely manner.” Answers will differ depending on the business model and types of products or services the company offers: “Certain risks are identifiable independent of a given customer or transaction, and criteria can be pre-emptively developed to mitigate these.” This could include those risks inherent to the product or service; whether the product or service (or similar products and services) have been misused in the past; potential harms that could arise as a result of irresponsible or unintended use; whether vulnerable groups might be at particular risk; and whether the context where the product or service will be used poses heightened risks (e.g., the country context). For example, higher risks could be inherent in products and services where the company has little visibility over end use, or where sales incentives inherent to the business model could negatively impact people. As one example shared by DIHR, Novo Nordisk has examined product-related risks to people via its existing pharmacovigilance processes and product tracking and safety reports. Companies can also ask themselves how their current product or service impacts human rights as well as how impacts could arise for new or future products and services, or from new acquisitions. Where companies offer products and services that have the potential for misuse, this can mean integrating human rights considerations at the very start of the design phase, and, where considering mergers and acquisitions, as a key factor in decision-making. Where companies have specific knowledge of their customers, they can ask whether there may be elevated risks associated with this particular customer or market: Is there evidence that the customer or end-user is likely to misuse the product or to use it in ways that harm people? How does the customer operationalise its own responsibility to respect human rights? How can existing knowledge and resources, for example from sales teams, be used to identify risks?
- Taking action to prevent and mitigate downstream risks: The GBI paper emphasises that companies are often in a position to take a proactive approach to addressing risks and impacts, using their own in-depth understanding of their product, service or business model. Taking action can include considering what kinds of governance and due diligence processes should be integrated throughout the product’s lifecycle, for example at the point of sale and by setting expectations of distributors. For example, DIHR highlights the practices of Vestas to ensure that its wind turbines do not contribute to human rights abuses during their use phase: “As part of its sales process, Vestas has developed a social due diligence (SDD) tool used in all Engineering, Procurement, and Construction (EPC) and certain Supply-and-Installation (S&I) projects in emerging markets as well as projects in OECD countries with high-risk ratings on Indigenous Peoples’ rights." Another key element of taking action is building and using leverage. However, in the case of downstream customers and business partners, a company may have more limited leverage than with its suppliers or other business partners. The paper highlights how companies can still seek to build leverage over their downstream, for example by including contractual clauses limiting the ways that a product or service can be used (including specific human rights-related terms); by refusing further sales or service to customers that have negatively impacted human rights through the use of the product; or, in some cases, by seeking audit rights downstream. For example, Ericsson applies its Sensitive Business Framework (SBF) “to all transactions, which can allow the company to look into issues at a later stage in an ongoing commercial relationship.” The company may apply both conditional and contractual approvals before the transaction. Companies can also seek to work collaboratively with customers and end-users by providing human rights training and guidance on how products and services should, and should not, be used. A key example is the work that Maersk has done to build capacity and accountability in downstream ship-breaking and recycling: the company "introduced a ship recycling policy in 2009 and launched its Responsible Ship Recycling Standard (RSRS) to assess recycling facilities’ practices in 2016. … The RSRS allows ship recycling facilities to engage in a process of gradual improvement. To ensure the standards are practical and targeted to address impacts on the ground, Maersk employees work directly with ship yard workers, collaboratively developing improvement plans and verifying compliance through on-site supervision and follow-up audits.”
- Tracking effectiveness and communication: The GBI paper points to several ways in which companies can track and communicate on the effectiveness of their actions, including by developing qualitative and quantitative measures and being transparent about their efforts—including when adverse human rights impacts associated with the product, service or business model have been reported. Importantly, “[e]fforts to track progress and effectiveness are more likely to generate meaningful insights if considered early in the design of due diligence processes or interventions to address identified human rights risks.” For example, Ericsson publishes stand-alone reports on its human rights impact assessments, including impacts identified in the downstream value chain such as “change in livelihoods and job transition, privacy, data loss and misuse, cybersecurity of critical infrastructure, network surveillance and shutdowns."