What is human rights due diligence and why is it important in relation to effective security and human rights risk mitigation?

Human rights due diligence (HRDD) is a process for identifying, preventing, mitigating and addressing human rights impacts, including both actual impacts occurring in the present and potential impacts that could occur in the future. HRDD not only identifies the impacts that the company directly causes, but also pinpoints the impacts that the company contributes to or is directly linked to through its business relationships, operations, products and services. Engaging with stakeholders—especially affected groups such as workers and communities—is a key component of HRDD.

As highlighted in the UNDP and UN Working Group on BHR guide: “Heightened human rights due diligence strengthens the understanding of the context where businesses operate and ensures that their activities do not contribute to violence by identifying flash points, potential triggers or the forces that are driving the conflict.”

In conflict-affected and high-risk areas, companies should escalate their human rights due diligence processes according to the level of security and human rights risks. This means that HRDD should be heightened and should incorporate a conflict-sensitive approach. Heightened human rights due diligence emphasizes effectively preventing, managing and risks in areas affected by violence or conflict, including by seeking to understand wider conflict dynamics and related risks in the operating environment. The key message is that HRDD must be guided by proportionality: the higher the risk, the more responsive the HRDD process.

Companies can carry out HRDD in a number of ways, including through conducting a standalone human rights impact assessment or by integrating a thorough human rights evaluation into existing environmental and social impact assessment processes. Additionally, human rights due diligence can both inform and be informed by the company’s other assessments and analyses (e.g. risk assessments, situation analyses, needs assessments).

The UNGPs establish four key elements of a due diligence process, namely the need for companies to: (1) assess actual and potential human rights impacts; (2) cease, prevent, and mitigate adverse impacts; (3) track responses to these efforts; and (4) communicate on how the impacts are addressed.

The OECD provides similar step-by-step guidance. The Voluntary Principles on Security and Human Rights place security risk assessments and the impacts of companies’ security providers at the heart of good human rights due diligence efforts.

Responsible management of all security-related dimensions of a company’s operations is a central building block of an effective human rights due diligence process. This is increasingly being recognized as not merely good practice, but a requirement. Effective human rights due diligence requires early identification of potential security challenges and their proactive management, in order to prevent impacts such as use of force against community members.

In the decade since their adoption in 2011, the UN Guiding Principles on Business and Human Rights (UNGPs) have set out the expectation that companies implement human rights due diligence to proactively manage potential adverse human rights impacts created by their operations. The endorsement by the OECD of this concept (first in its 2011 Due Diligence Guidance for Responsible Mineral Supply Chains, then in the 2018 Due Diligence Guidance for Responsible Business Conduct) has further contributed to the prominence of human rights due diligence.

Although adopted over 10 years before the UNGPs, the Voluntary Principles on Security and Human Rights remain the leading international standard that provides guidance to companies on how to identify and mitigate security and human rights risks. Ensuring that a company’s security policies respect the Voluntary Principles is a foundational exercise for human rights due diligence efforts. Whereas human rights due diligence requires a company to assess its impacts on people, the Voluntary Principles require companies to ask who is responsible for those impacts. Whether the responsibility lies with their contracted private security providers or the public security assigned to their operations, the companies are equally responsible for identifying, mitigating, and redressing those risks.

The UNGPs, VPs and OECD Guidance are “soft law” standards that provide recommendations to companies, but in most jurisdictions are not backed by legislation to drive compliance. Recent years have seen a steady increase in laws that require companies to undertake human rights due diligence. These laws encompass a range of issues – from general human rights concerns to environmental matters, child labour and modern slavery.

Mandatory human rights due diligence laws are growing across the world and may apply to companies’ supply chains and contractors, including security providers, and may have extra-territorial application. In 2024, the European Union adopted the long-awaited Corporate Sustainability Due Diligence Directive (CSDDD) that makes human rights due diligence mandatory for about 5’500 companies domiciled in the EU, as well as companies that sell or provide services in the internal market.^[1]

Security and human rights and human rights due diligence: what should companies do?

Put human rights compliant security arrangements at the core of efforts to undertake human rights due diligence. This means that security is a key consideration in impact assessments, conflict analysis, mapping of stakeholders, grievance procedures and processes. Ensure a wide consultation process both internally (across the different functions within the company) and externally (with stakeholders, including affected communities). Only wide consultation processes are likely to build an accurate picture and ensure that remedial or preventative actions taken by the company meet their objectives.

Include security and human rights due diligence in corporate divisions that address corporate compliance and enterprise risk management: Many companies see risk management as the evaluation of risks to the viability and profitability of the company’s operations. By linking the security and human rights of host communities more closely in all relevant departments, this will ensure that all relevant company staff are aware of human rights due diligence obligations and that security and human rights risks are identified with relevant mitigation and redress plans.

Ensure that human rights due diligence processes include a specific analysis of the impacts of both public and private security providers. Specify in contracts with private security providers that they must undertake human rights impact assessment themselves. Specific guidance for private security providers on how to develop this assessment can be found here.

In conflict-affected regions, ensure that human rights due diligence efforts are informed by a conflict analysis and clear mapping of all actors involved in and affected by the conflict. Identify how the company’s security arrangements impact the existing social tensions and/or create new tensions or conflicts. Ensure that human rights due diligence, conflict analysis and stakeholder mapping are managed as ongoing exercises given rapidly changing circumstances in complex security environments.

Ensure that human rights impact assessments are acted upon, with impacts either mitigated and remedied or proactively prevented. Track and communicate the company’s efforts to ensure effectiveness.

Examples of good practices:

In 2014, Finnish lumber company Stora Enso carried out a human rights impact assessment covering its production units and forestry operations as a first step in undertaking human rights due diligence. The assessment included a transversal examination of security issues across its operations. Amongst its 43 recommendations, the report urged Stora Enso to:

ensure security providers are trained in the implementation of relevant human rights standards;
require all security actors to conduct background checks on their personnel and prohibit anyone who has been credibly linked to past human rights abuses from working on Stora Enso operations;
actively monitor security arrangements and ensure security-related incidents (in particular those involving use of force) are reported, investigated and appropriately acted upon, including taking necessary disciplinary or remedial measures;
develop and communicate its policy regarding the treatment of suspects apprehended in security incidents involving Stora Enso operations in police custody.

Stora Enso’s 2020 sustainability report expands on its efforts to provide ongoing human rights training to its security providers in Veracel, a joint venture entity in Brazil with heightened human rights risks as part of its comprehensive human rights due diligence and mitigation efforts there.

Sources:

Stora Enso Human Rights Assessment Review and Consolidation Report (Danish Institute for Human Rights and Stora Enso 2015)
Case Study: Stora Enso Human Rights Commitment through Prioritization (BSR 2018)
2020 Sustainability Report (Stora Enso)

Key Resources:

Practical Tools:

Footnotes

1 The EU’s legislative proposal was issued in February 2022, and debates around mandatory due diligence in the European Union are ongoing.

2 List of large businesses, associations & investors with public statements & endorsements in support of mandatory due diligence regulation, Business and Human Rights Resource Centre

Factsheet: How is responsible security management integral to human rights due diligence?

Description

The factsheet provides practical guidance on how companies can integrate responsible management of all security-related dimensions of their operations as a central building block of an effective human rights due diligence process.