When soft law is not so soft: The rapid legalisation of business and human rights

Anna Triponel

October 14, 2019

Anna Triponel | 14 October 2019

I was recently invited by Andrea Saldarriaga – founder of Sila Advisory and business and human rights lecturer – to be a guest speaker at her business and human rights course at the Paris Sciences Po School of Management and Innovation. The topic of my intervention was business and human rights legislation and I publish my remarks below.

A rapidly changing legal landscape

When I started working with companies implementing the UN Guiding Principles on Business and Human Rights (the UNGPs) following their adoption in 2011 by the UN Human Rights Council, a common question was: “Why should we focus on the UNGPs when they aren’t legally binding on companies?”

Indeed, the process leading up to the UNGPs identified a lack of clarity regarding how existing laws expected companies to behave when it came to human rights. The UNGPs represent ‘soft law’, in contrast to the ‘hard law’ passed by lawmakers and legislatures. Strictly speaking, plaintiffs cannot take companies to court based solely on the UNGPs, and there are no legal sanctions per se for companies that fail to comply with them.

However, soft law builds on existing law and represents the direction of travel for future law. It signals where institutions and society-at-large feel the law should be going. The consensus that culminated in the UNGPs was that (1) companies should at a minimum seek to avoid infringing upon people’s human rights that could be impacted by the running of their business, regardless of whether national laws expect it (this is known as the ‘responsibility to respect human rights’) and (2) companies should equip themselves to respect people present in their operations and their value chain by designing and implementing relevant policies and processes (including by taking steps to embed their commitments, conducting human rights due diligence and providing remedy where appropriate).

Now, close to ten years on, it is rare that I get asked this question. The soft law captured in the UNGPs has hardened, in parallel to broader developments signalling a shift away from ‘maximizing shareholder value’. We have seen a multitude of jurisdictions across the globe, ranging from the UK, France and the Netherlands, to Australia and the United States, seeking to regulate company behaviour in the field of human rights. And this really is just the beginning: I predict that in another ten years’ time, every major jurisdiction will have passed some form of business and human rights-related legislation.  In addition to legislatures, courts are increasingly referencing the UNGPs in rulings, granting further recognition to the responsibility they provide for.

Different paths leading to the same goal

All these laws have the same objective at their core: reducing harm to people resulting from private sector activities. They require companies to consider how they could harm people, and to design and implement policies and processes (as described in the UNGPs) to prevent, reduce and mitigate this harm.

Although some laws choose to focus on one specific area of human rights seen as particularly prevalent and severe, such as modern slavery or child labour, the underlying objective remains to improve a company’s approach to human rights.

What the laws are seeking to achieve is the same; the variations exist in how they do so. The laws passed tend to fall into one of two categories:

  • The first generation: laws focused on disclosure. These laws ask companies to be transparent about their human rights risks and how they seek to manage them. The idea behind these laws is that having more human rights-related information in the public domain allows stakeholders – investors, consumers, business partners – to reward those companies that are taking meaningful strides to embed respectful practices into their business. The first laws specifically focused on business and human rights fell into this category. These include laws from California, the United Kingdom and Australia (focused on modern slavery); as well as proposed laws in Hong Kong (on modern slavery), Canada (on modern slavery and child labour) and the U.S. (on human rights). Although the consequences of not preparing the requisite information may carry legal consequences (e.g. injunction, fine), the primary driver for compliance remains reputational.
  • The second generation: laws focused on creating a duty of care and compelling mandatory human rights due diligence. These laws go beyond disclosure to create a new responsibility for companies to conduct human rights due diligence, primarily in the form of a duty of care in common law countries, or ‘duty of vigilance’ in civil law countries. These laws have emerged following frustration with the limitations of disclosure-based legislation to meaningfully shape company behaviour. They include laws from France (on human rights) and the Netherlands (on child labour); as well as proposed laws in Switzerland (on human rights). The consequences are not complying with these laws include lawsuits and fines. This year we have seen discussions on this model intensify, with extensive calls for mandatory human rights due diligence (mHRDD), including at the EU level.

A list of the relevant laws on the books, as well as those that are in the works, in both of these categories is available here.

Companies not legally ‘in scope’ are increasingly in scope

When passing these laws, legislators decide what the scope of the law should be, i.e., which companies should be the priority when seeking to compel rights-respecting behaviours. Legislators have generally opted to regulate the largest companies, which can be defined by threshold, turnover or number of employees. They also seek to regulate those companies that are connected to their jurisdiction, which can be defined by where companies do business or who they sell their products to.

Here again, I have seen significant change in the nature of the questions I get asked, in particular by in-house lawyers. The question has evolved from “Is my company in scope?” to “How can I implement this law?” – even where the company is not subject to the law. We are seeing an increasing number of in-house lawyers seek to comply with these laws, even when they don’t need to legally. This can be for a number of reasons:

  • The company may have signed a contract stating that it will take the actions expected. Indeed, we are seeing a contractualisation of business and human rights laws. Where a company is subject to the UK Modern Slavery Act and is expected to conduct due diligence to ensure modern slavery is not occurring in its supply chain, a common response from in-house lawyers is to pass this responsibility on to the company’s suppliers via contract. I have even seen contracts requesting that overseas suppliers considered ‘higher risk’ prepare their own version of a modern slavery statement to submit to the buyer;
  • The company may anticipate that it will be subject to these legal requirements in the future. The company may grow in such a way as to become in scope in the future, the scope of the law may change, or a law may be under discussion in a jurisdiction of relevance. I know of French companies that are preparing their vigilance plans now, even though they are not technically required to, because they anticipate future hiring which would increase their number of employees and bring them within scope of the French duty of vigilance law. I also know of companies operating in Switzerland that are already thinking about the steps they can take now to meet an upcoming law in this area;
  • The company may see the value to its business in meeting the expectations contained in these laws. This can be for a range of reasons, for instance demonstrating to a potential business partner that it already conducts human rights due diligence, to attracting institutional investors that are focused on rewarding companies that can demonstrate strong human rights risk management. This could also be to attract and retain younger talent within the workforce, or to gain customer trust. The process of development of the UNGPs made clear that external stakeholders expect companies to meet a responsibility to respect human rights, regardless of whether national laws request it.

The effects of these laws in practice: gains and challenges

Not a week goes by without a company, investor, civil society representative or worker sharing with me their views on the effects of these laws. There have been gains when measuring these laws against their objective of reducing harm to people. But the picture is not all rosy. The challenges we see underscore the importance of anticipating unintended consequences when designing business and human rights legislation, and of complementing legislation with other drivers (legislative and other) to help ensure the law’s objective is met.

In terms of the gains, these laws have served to:

  • Focus high-level attention to the area of human rights. These laws have captured the attention of Chief Executive Officers (CEOs), General Counsels, board directors and senior managers. Modern slavery statements are signed by directors and can trigger director responsibility. Some of the laws have high financial penalties and can be used as the basis for lawsuits. Not being seen as a leader in human rights can hinder business opportunities. Discussions on human rights now take place at senior levels of companies, and the laws have played a large role in this.
  • Raise company awareness of the scope of human rights responsibility. As I describe elsewhere, the approach described in the UNGPs differs from how companies traditionally look at their business partners. Liability is typically determined by law and contract, and companies traditionally prioritise relationships with business partners they have a direct relationship with that are business critical or represent a strategic supplier. For a number of companies, these laws represent the first time that they are being asked to consider what may be happening beyond their tier one suppliers – irrespective of legal liability. These laws are helping in-house lawyers, as well as external lawyers advising them, understand the intersection between hard law liability and soft law expectations.
  • Guide the development of human rights-related policies and processes. These laws, and/or the authoritative guidance describing expected implementation, provide guidance on what is expected. The policies and processes referenced in the UNGPs are those that companies are being asked to design and implement. We have seen a wide range of companies respond to these laws by adopting new human rights-related policies, creating new training modules, conducting risk assessment processes and creating relevant key performance indicators. An increasing number of companies are looking to the experiences and lessons learned from other companies seeking to implement the UNGPs around the world, and are updating their risk management processes accordingly.
  • Advance the level of disclosure on human rights topics. Each year, the modern slavery statements of forward-looking companies get more and more detailed, and more and more honest. We have seen some captivating stories emerge through this disclosure, such as mistakes made by companies as to where they thought the modern slavery risks were and how they learnt from these mistakes; the limitations of audits in identifying certain types of human rights issues and the urgency of working together with other stakeholders to tackle systemic and challenging human rights issues. Such disclosure would not have happened ten years ago, and is aligned with broader developments pushing for more candid human rights-related disclosure on the part of companies.

At the same time, challenges have surfaced in the implementation of these laws. These laws have led some companies to:

  • Limit their openness when it comes to disclosing human rights issues and challenges, for fear of being sued based on the information disclosed. This has been a particular area of concern for companies subject to laws imposing a duty of care, where in-house lawyers have struggled at times to reconcile the desire to protect the business with external stakeholder expectations of the company’s disclosure.
  • Seek to push the company’s own responsibility for human rights onto its business partners, without considering the company’s own role. We have seen this for instance through the use of contractual provisions seeking to ‘outsource’ the responsibility to respect human rights to suppliers, without meaningful reflection on the company’s own role in contributing to human rights issues.
  • Prioritise reputational gains in the areas the laws focus on, over meaningful engagements on other significant human rights areas. For instance, we have seen some companies cut budgets for longer-term programmes that are on track to yield meaningful results to tackle a systemic and challenging human rights issue, in order to prioritise immediate, at times superficial, actions they can report on this year. In particular, while some companies have used single-issue legislation on modern slavery as a hook for broader human rights due diligence, some companies have been knocked off track and have been constrained in their ability to adopt a holistic approach to human rights risk management.
  • Adopt policies and processes that may tick the box, but do not reduce the likelihood of adverse human rights impacts. We have seen policies being drafted without knowledge or input from those expected to implement them; modern slavery trainings being designed without providing meaningful information to those who play a role in identifying and addressing it, and higher-risk suppliers being dropped without any engagement. The desire to look good can override the desire to take meaningful action, especially when companies know that they are being judged on their disclosure today rather than the outcome of their work in the future.


Although they may be daunting at first, laws expecting some form of human rights respect support companies by creating a level playing field. They can enable companies to be rewarded for taking meaningful action to respect the human rights of those they impact through their business, whether in their operations, in their supply chains, or in the communities surrounding their business. They can enable meaningful internal discussions on what it means in practice to conduct human rights due diligence and disclose the findings publicly. They can strengthen the relationship between companies and their stakeholders, including workers, civil society organisations and community members, as well as customers, investors and regulators.

Of particular importance, these laws can help raise awareness of what it takes to tackle systemic human rights challenges that cannot be easily fixed by one company alone, and can sow the seeds for meaningful collaboration on human rights. We have come a long way in the past ten years on the intersection between laws and business and human rights, and I am sure we will go even further in the next ten.

Postscript (P.S.)

Since this talk, there have been a number of relevant developments. This includes extensive discussion at the 2019 UN Annual Forum on the smart mix of measures needed under the UN Guiding Principles, which includes legislative developments, as well as Finland’s Agenda for Action on Business and Human Rights at part of its Presidency of the Council of the EU, which includes a commitment for a review of the evidence on the effectiveness of voluntary and mandatory measures on responsible business conduct to, in turn, provide information for a discussion on legislative measures.

You may also be interested in

This week’s latest resources, articles and summaries.