Forum

Demystifying the Due Diligence Process under the 2023 OECD Guidelines for Multinational Enterprises on Responsible Business Conduct

Article 25/03/2024
Inês Crispim

Inês Crispim

Lawyer

Abstract: The due diligence process introduced by the UN Guiding Principles on Business and Human Rights (UNGPs) and adopted by the OECD Guidelines for Multinational Enterprises in 2011 (OECD Guidelines) enables enterprises to identify, prevent, mitigate, and account for how they address actual and potential negative impacts on human rights (including employment and industrial relations), on the environment, on the combat of bribery and other forms of corruption, and on science, technology and innovation. This process calls for a revision of the traditional managing systems of corporations, in particular the risk-managing and decision-making systems, which are constructed on a financial outside-in approach, i.e. taking into account the impact of threats or events on the enterprise. With the due diligence process under the UNGPs and the OECD Guidelines, enterprises are no longer expected to only consider how an event affects them – they are now expected to adopt an impact inside-out perspective, i.e. to assess and adopt measures considering how their activities and business relationships may affect people and the environment.
The due diligence process under the UNGPs and the OECD Guidelines is of increasing importance. It started as soft law, and, over the years, became part of sustainable finance legislation, informed the approval of national due diligence law, sectorial European due diligence legislation, and the upcoming European-level due diligence obligations under the CSDDD, and is referenced under the materiality assessment that is at the heart of sustainable reporting. The increasing importance of this process is also reflected on the 2023 revision of the OECD Guidelines. This article aims to examine the 2023 revision of the OECD Guidelines as concerns the due diligence process and to provide an overview of the due diligence process under the OECD Guidelines.

Keywords: human rights, OECD Guidelines, due diligence, sustainable finance

1. Introduction

The OECD Guidelines for Multinational Enterprises on Responsible Business Conduct (OECD Guidelines) are one of the most important international soft law instruments on responsible business conduct. They were first adopted in 1976 and were subject to six revisions, including the latest revision published on 8 June 2023.1 They are described in their foreword as ‘recommendations jointly addressed by governments to multinational enterprises to enhance the business contribution to sustainable development and address adverse impacts associated with business activities on people, planet, and society.’2 Hence, the OECD Guidelines recognise that undertakings can both have positive and adverse impacts on people, planet and society, and seek to encourage them to both enhance their positive influence and to avoid and to address the adverse impacts.

In order to address the adverse impacts, the OECD Guidelines recommend the adoption of a risk-based due diligence process for enterprises to identify, prevent, mitigate and account for how they address the actual and potential negative impacts on certain matters covered by the OECD Guidelines. This due diligence process was first introduced by the United Nations Guiding Principles on Business and Human Rights (UNGPs)3 and was adopted by the OECD Guidelines in 2011.

The OECD Guidelines provide non-binding principles, standards, and recommendations regarding responsible business conduct in a global context in line with applicable laws and internationally recognised standards. Despite being non-binding, the importance of the OECD Guidelines should not be underestimated, especially for those operating under EU legislation. The OECD Guidelines are, together with the UNGPs, embedded in sustainable finance legislation, in particular in the concept of do not significant harm principle under the Sustainable Finance Disclosure Regulation (SFDR)4 and in the minimum safeguards criteria under articles 3 and 18 of the EU Taxonomy Regulation.5 It is, therefore, necessary to consider the OECD Guidelines when planning to report a financial product as having sustainable investment as its objective, under article 9 of the SFDR, or a certain economic activity as taxonomy-aligned. Furthermore, it inspired national due diligence laws in France,6

Germany7 and Norway,8 sectorial European due diligence legislation,9 and the upcoming Corporate Sustainability Due Diligence Directive (CSDDD).10 Also, recital 3111 of the Corporate Sustainability Reporting Directive (CSRD)12 states that due diligence disclosure requirements13 should be detailed to guarantee alignment with the OECD Guidelines and the UNGPs. Last but not least, the OECD Guidelines are referred multiple times in the European Sustainability Reporting Standards (ESRS) under the Commission Delegated Regulation supplementing the CSRD,14 in particular in relation to the due diligence process to be reported under the CSRD,15 and in the double materiality concept, which is the basis for sustainability disclosures.16 When following a double materiality approach, undertakings should provide relevance not only to sustainability-related circumstances that could reveal a financial risk to the undertaking (financial materiality), but also on how the undertaking could impact people and the environment (impact materiality).17 The impact materiality covers both the actual or potential positive and negative impacts. According to the ESRS, ‘[t]he materiality assessment of a negative impact is informed by the due diligence process defined in the international instruments of the UN Guiding Principles on Business and Human Rights and the OECD Guidelines for Multinational Enterprises.’18 The ESRS and the CSRD do not, however, impose any conduct requirements for due diligence to the undertakings – the due diligence process is seen as informing the materiality assessment of a negative impact. It is, therefore, clear that the European legislator provides considerable relevance to the due diligence process, and that it considers the OECD Guidelines and the UNGPs as the reference for this process.19

The due diligence process under the UNGPs and the OECD Guidelines is therefore not only a part of voluntary responsible business conduct under soft law. It was now integrated in sustainable finance legislation and it is referenced in the heart of corporate sustainability reporting. With the approval of the upcoming CSDDD, the due diligence process under the UNGPs and the OECD Guidelines will become of even higher significance. It is thus of great relevance to understand it. This article is dedicated to analysing the 2023 revision of the OECD Guidelines and to providing an overview of the due diligence process under the OECD Guidelines.20

2. The OECD Guidelines and the 2023 revision

The OECD Guidelines are divided in two parts: Part I, which defines standards for responsible business conduct, and Part II, which sets out procedural guidance to implement the recommendations in Part I. Part I includes eleven chapters.

Chapter I (concepts and principles) defines the general concepts and principles of the OECD Guidelines, as well as their nature, potential scope of application and relationship with national laws. Chapter II (General Policies) describes the common fundamental principles underlying the recommendations in the OECD Guidelines. Chapters III to XI contain specific guidance addressed to undertakings on each relevant topic, including standards, expectations, and recommendations on how undertakings may have a positive impact on each topic and how they may work on avoiding having an adverse impact. Each chapter, with the exceptions highlighted below, contains explicit recommendations for due diligence in relation to the relevant topic developed in the chapter.

The implementation of the OECD Guidelines is supported by National Contact Points (NCPs), agencies established by governments with a twofold mandate: (i) to promote and implement the OECD Guidelines, and related due diligence guidance, and (ii) to serve as a non-judicial grievance mechanism, with the aim of providing remedy to people affected by adverse corporate impacts on topics covered by the OECD Guidelines.

As previously mentioned, the OECD Guidelines have been subject to six reviews. For the purposes of this article, the 2011 revision is as noteworthy as the 2023 revision and calls for a particular note.

In 2011, following the publication of the UNGPs, the OECD Guidelines were reviewed by, inter alia, introducing a new chapter on human rights (Chapter IV) and a new and comprehensive approach to due diligence and responsible supply chain management. In line with the UNGPs, Chapter IV starts by referring the States’ duties to protect human rights. Undertakings are expected to respect human rights, even where states fail on their duties. The respect of human rights refers at a minimum to the internationally recognised human rights expressed in the International Bill of Human Rights,21 and to the principles concerning fundamental rights set out in the International Labour Organisation Declaration on Fundamental Principles and Rights at Work.22 It also refers to the international human rights obligations of the countries in which they operate and relevant domestic laws and regulations.

For respecting human rights, undertakings should avoid infringing on the human rights of others, by avoid causing and contributing to adverse human rights impacts, and seeking ways to prevent or mitigate adverse human rights impacts that are directly linked to their business operations, products, or services by a business relationship, even if they do not contribute to those impacts. Undertakings should also address adverse human rights impacts which they caused or contributed to. For those purposes, undertakings should (i) have a publicly available policy commitment to respect human rights, (ii) carry out human rights due diligence, and (iii) provide for or co-operate in the remediation of adverse human rights impacts where they identify that they have caused or contributed to these impacts. It is important to highlight that the due diligence process does not only refer to the adverse impacts of a business’ operation, but also to the impacts connected to their business relationships.23 The due diligence process under the OECD Guidelines is also mentioned in chapters II (General Policies) in relation to the ‘matters covered by the Guidelines’,24 and in Chapter V (Employment and Industrial Relations).

The due diligence process under the OECD Guidelines was further developed in 2018 with the publication of the OECD Due Diligence Guidance for Responsible Business Conduct (Guidance).25 This instrument provides recommendations on how business enterprises should implement due diligence under the OECD Guidelines. The due diligence process foreseen in the Guidance is in line with the UNGPs, but it is extended to additional topics:26 adverse impacts to human rights (including workers’ rights and industrial relationships), to the environment, to consumer interests, in relation to bribery and corruption and regarding disclosure, associated with the undertakings’ own operations, their supply chains and other business relationships. Therefore, the OECD Guidelines adopt the concept of human rights due diligence presented by the UNGPs and extend it to other topics.

The 2023 revision27 provides greater relevance to the due diligence process. Changes include, inter alia:

  • The due diligence process is included in Chapter II, where the common fundamental principles underlying the recommendations in the OECD Guidelines are foreseen.
  • Reference is made to the Guidance and OECD sector due diligence guidance, including the six steps for due diligence set out in the Guidance.
  • Additional aspects covered by the UNGPs are mentioned, such as the adoption of the measures to conduct due diligence according to a risk-based approach, in line with the severity and likelihood of the adverse impact and in a way appropriate and proportionate to its context, and the prioritisation of the measures to be adopted (where it is not possible to address all impacts at once) according to a severity and likelihood analysis of the adverse impact.
  • Other aspects related to the due diligence process are described more comprehensively, such as:
    - Development of the ‘business relationship’ definition, including the downstream part of the value chain.28 Also, reference is made to consumers’ adverse impacts, even though the relationship with consumers is generally not considered as a business relationship for the purposes of the OECD Guidelines. Likewise, the importance of not limiting due diligence to contractual, ‘first tier’ or immediate relationships is emphasised.
    - Meaningful stakeholder consultation is further developed;29
    - Increased emphasis is given to marginalised or vulnerable groups and individuals, including indigenous people30 and human rights defenders;31
    - Creation of a space for flagging apprehensions about adverse impacts in the undertakings’ operations or in the operations of entities with which they have a business relationship.
  • Introduction of due diligence expectations for science, technology and innovation. Due diligence requirements now relate to the adverse impacts associated with the operations, products and services of the enterprise in all topics covered by the OECD Guidelines, with the exception of competition and taxation.
  • Inclusion of a non-exhaustive list of environmental impacts, including amongst others climate change and biodiversity loss.
  • Broadening of the scope of due diligence as regards corruption, comprising all forms of corruption.
  • Introduction of climate-related expectations for enterprises, including the approval of science-based policies, strategies and transition plans on climate change mitigation and adaptation, and for the adoption, implementation, monitoring, and reporting on short, medium and long-term mitigation targets covering scope 1, 2, and, as far as possible, scope 3 greenhouse gas emissions.32

The due diligence process is introduced and explained in Chapter II (General Policies), where reference is made to the Guidance. Specific recommendations are set out in each chapter where relevance is provided to due diligence:

  • Chapter III (Disclosure): disclosure requirements in relation to the due diligence process were included.
  • Chapter IV (Human Rights): maintains its position on human rights due diligence and now includes reference to OECD sectorial guidance on due diligence. A special allusion is made to indigenous people and human rights defenders.
  • Chapter V (Employment and Industrial Relations): reference to due diligence expectations was included in the introduction of the chapter. The inclusion of a safe and healthy working environment in line with the 2022 amendment to the ILO Declaration on Fundamental Principles and Rights at Work is also remarkable.33 On the other hand, it is expressed that, even in the absence of an employment relationship, undertakings are required to undertake risk-based due diligence. Due diligence requirements are applicable to all workers in the enterprise’s value chain.34
  • Chapter VI (Environment): an express reference to risk-based due diligence for adverse environmental impacts was introduced as regards the establishment and maintenance of an environmental management system. Additionally, a descriptive and non-exhaustive list of adverse environmental impacts that should be considered was added, including climate change, biodiversity loss, degradation of land, marine and freshwater ecosystems, deforestation, air, water and soil pollution and mismanagement of waste, including hazardous substances. It should also be noted that a reference to meaningful engagement with relevant stakeholders affected by adverse environmental impacts associated with an enterprise’s operations, products or services was introduced. Additionally, as referred to above, enterprises are expected to approve and adopt science-based plans for climate change adaptation and mitigation, and to report on greenhouse gas emissions.
  • Chapter VII (Combating Bribery and Other Forms of Corruption): the reference to risk-based due diligence was included in the context of the implementation of internal controls, ethics and compliance programmes or measures for preventing and detecting all forms of corruption.35
  • Chapter VIII (Consumer Interests): no explicit reference to due diligence is made on this chapter. However, reference is made in the Guidance to consumer interests in relation to risk-based due diligence. In addition, when providing guidance about the application of minimum safeguards on the context of the Taxonomy Regulation, which, as mentioned, contains a reference to the OECD Guidelines, the Platform on Sustainable Finance integrates consumer interests in human rights, by interpreting in the context of minimum safeguards consumer interests as ‘consumer rights’, intended to avoid damage to consumers and not to endorse their interests.36
  • Chapter IX (Science, Technology and Innovation): the inclusion of due diligence requirements for science, technology and innovation is one of the novelties of the 2023 revision. The 2011 version of the OECD Guidelines referred mainly to the positive impact undertakings may have on science, technology and innovation. The 2023 revision, in line with the technological advancements, the importance of the protection of personal data, and the upcoming artificial intelligence regulatory developments,37 includes the expectation that enterprises undertake risk-based due diligence to actual and potential adverse impacts related to science, technology and innovation. A particular reference is made to the protection of the rights and well-being of children and youth in the digital environment.38
  • Chapter X (Competition): an express exclusion is made for competition on Chapter II (General Policies) as regards the implementation of risk-based due diligence. Nevertheless, enterprises are expected to take positive actions to avoid breaching competition law.
  • Chapter XI (Taxation): an express exclusion is made for taxation on Chapter II (General Policies) as regards the implementation of risk-based due diligence. Nevertheless, enterprises are expected to adopt measures to comply with both the letter and spirit of the tax laws and regulations of the countries in which they operate, including implementing tax risk management systems.
3. Due diligence process under the OECD Guidelines

After highlighting the importance of the due diligence process under the OECD Guidelines and analysing the 2023 revision, the examination of the due diligence process is called for. However, the scope of this short article does not allow for a thorough analysis of the idiosyncrasies of each topic or sector of activity. This section aims to provide an overview of the due diligence process under the OECD Guidelines and further developed under the Guidance, without covering every point.

The due diligence process is vital for enterprises to address human rights adverse impacts and other negative externalities arising from their business operations.39 It is defined under the OECD Guidelines as ‘the process through which enterprises can identify, prevent, mitigate and account for how they address their actual and potential adverse impacts as an integral part of business decision-making and risk management systems.’40 Hence, the due diligence process is expected to (i) form an integral part of business decision-making and risk management systems and (ii) be suitable for enterprises to be able to identify, prevent, mitigate and account for how they address their actual and potential adverse impacts on human rights (including employment and industrial relations and consumer rights), on the environment, on the combat of bribery and other forms of corruption, and on science, technology and innovation (hereinafter jointly referred to as the Relevant Areas).

3.1. Characteristics of the due diligence process

According to the Guidance,41 the essential characteristics of due diligence are:

  • Due diligence is above all preventive, i.e., meant to avoid causing, contributing, or being directly linked through business relationships to adverse impacts. Only if it is not possible to prevent an adverse impact, should the enterprise take measures to mitigate its effects, avoid their repetition and, where appropriate, remediate.
  • Due diligence is not a single process, but a bundle of interrelated processes integrated in the decision-making and risk management systems.
  • Due diligence is risk-based. Considering it is not always possible for enterprises to identify or to address risks and adverse impacts concerning their activities or business relationships simultaneously and with the same dedication, enterprises are encouraged to (i) employ their attention and resources on where they are most immediately needed, by prioritising the risks and impacts that are most severe, and (ii) adopt measures tailored to the nature, severity and likelihood of the specific risks and adverse impacts identified. In other words, both the measures taken to conduct due diligence and the prioritisation of adverse impact to be addressed should be judged according to a risk-analysis of the adverse impact. Contrary to traditional risk assessments, where the impact and likelihood are assessed according to the likelihood and impact that an event can pose to the enterprise, in the due diligence process under the OECD Guidelines (and the UNGPs), enterprises should consider the severity and likelihood of the adverse impact on the Relevant Areas. The severity of the impact should be understood as comprising scale (seriousness of the adverse impact), scope (spread of the impact, e.g., number of persons affected or extent of the damage), and irremediability (possibility to return the individuals or environment affected to a situation equivalent to the one before the adverse impact).42 Additionally:
    - Adoption of measures: due diligence should also be tailored to the nature of the adverse impact on the Relevant Areas, adopting the approaches to specific risks and considering how they impact different groups.43
    - Prioritisation: where not all adverse impacts can be addressed at once, enterprises should prioritise them according to their severity and likelihood, dealing first with the most substantial impacts, and later with the less substantial impacts. Severity should take precedence to likelihood as regards human rights, in particular if a late response could turn the impact irremediable.
  • Due diligence is dynamic – ongoing, responsive and changing, and not a static process. Enterprises should be able to respond to changes in the risk profile and continuously learn from the previous work and aim to progressively improve their systems and processes. 
  • Each entity should own its responsibility as regards an adverse impact, since due diligence does not shift responsibilities from, e.g., governments to enterprises, or from enterprises causing the impact to enterprises merely directly linked.
  • Due diligence refers to internationally recognised standards and is not limited to law compliance. Even though the first obligation of undertakings should be to obey national laws,44 undertakings are expected not to limit their actions to law compliance. Even where States do not approve legislation aligned with the OECD Guidelines or their international commitments, undertakings are still recommended to comply with the OECD Guidelines. In the case of human rights, this is reflected in the requirement to respect the framework of internationally recognised human rights.45 Where the national law conflicts with the OECD Guidelines, due diligence can support enterprises following the OECD Guidelines to the possible extent which they do not infringe national law.
  • Both the nature and the extent of the due diligence process should be adapted to the particularities of each situation, including the size of the enterprise, its available resources, the operational context, the business model, the position in the supply chain, and the nature of the products or services it offers. The OECD provides guidance for due diligence within specific sectors of activity. Where the size or resource capacity of an enterprise is limited, the Guidance clarifies that the responsibility of the enterprise to conduct due diligence is not affected, but only the way it is carried out. The Guidance suggests seeking support from collaborative approaches and existing resources and requesting technical assistance from industry associations.46 In addition, the due diligence process may be adapted to the legal and particular circumstances of the business relationships, such as the influence of an enterprise. However, enterprises may seek to increase their influence in the business relationship, for example through ‘contractual arrangements, pre-qualification requirements, voting trusts, license or franchise agreements, and also through collaborative efforts to pool leverage in industry associations or cross-sectoral initiatives.’47
  • Due diligence should be informed by continuous48 meaningful stakeholder engagement. Stakeholders, i.e. ‘persons or groups who have interests that could be affected by an enterprise’s activities’49 (especially rightsholders) should be engaged with in every stage of the process to inform all steps of due diligence. Engagement should be a two-way communication, involving the sharing of the relevant information, in a timely manner.50 The information should be shared in a format the stakeholders can understand (for example, taking into account language) and access, and all parties must be in good faith. When individual engagement with each stakeholder is not possible, enterprises may engage with representatives or proxy organisations. Also, consultation with experts may also be advisable when implementing due diligence.
  • Due diligence encompasses ongoing communication about the due diligence processes, including the findings on adverse impacts and the plans the enterprise has set, in a manner accessible to all intended audiences. Communication should, however, consider commercial confidentiality and other competitive and security issues.

3.2. Steps of the due diligence process

The due diligence process is composed of six steps, which are interrelated:51

  1. Embed responsible business conduct into policies and management systems.
  2. Identify and assess adverse impacts in operations, supply chains and business relationships.
  3. Cease, prevent or mitigate adverse impacts.
  4. Track implementation and results.
  5. Communicate how impacts are addressed.
  6. Provide for or cooperate in remediation, when appropriate.

The Guidance clarifies that the due diligence process is not a ‘tick-the-box’ exercise and should be adapted to the situation of the enterprise, the risk of the concrete situation, and other circumstances. Additional measures not specified in the Guidance may be necessary in the concrete case.52

The Guidance is clear regarding the first step: ‘[d]ue diligence can be included within broader enterprise risk management systems, provided that it goes beyond simply identifying and managing material risks to the enterprise itself, to include the risks of adverse impacts related to matters covered by the OECD Guidelines’.53 Hence, as referred to above, undertakings should be going beyond the traditional risk management following an outside-in perspective, and integrate in their management systems the analysis of how the operations of the enterprise, of their group companies and their business relationships can affect the Relevant Areas. This includes adopting policies, and reviewing and updating the existing ones, on the Relevant Areas, to integrate the principles and standards contained in the OECD Guidelines, including a due diligence plan. Subsequently, these policies should be embedded into the enterprise’s oversight bodies and into the management systems, so that they are adopted as part of the regular business processes. Other advice in the Guidance include developing channels or communication, providing trainings and creating incentives for workers and business units. Lastly, the Guidance advises incorporating the Relevant Areas expectations and policies into engagement with the business relationships.54

The second step relates to the identification and assessment of actual and potential adverse impacts associated with the enterprise’s operations products or services, as well as to its business relationships.

If the enterprise is not a small-sized enterprise with few diverse operations, the enterprises are advised to develop a scoping exercise before moving to identifying and prioritising specific impacts, in line with a risk-based approach. This scoping exercise involves identifying all areas of the business operations and relationships (including in the value chain)55 where risks in the Relevant Areas are more likely to exist and be more significant. Where enterprises have numerous suppliers, they are also encouraged to identify areas where the risk is most significant and prioritise such suppliers for due diligence.56 Risk factors include sector, product, geography, and enterprise-level risks.57 This should allow the enterprise to develop an initial prioritisation of areas for further assessment.

Starting with the significant areas of risk identified, corporations may then perform continuous and gradually in-depth evaluations to identify and assess specific actual and potential adverse impacts on Relevant Areas. Effective stakeholder engagement is crucial in this stage, especially engagement with rightsholders or credible representatives for the identification and assessment of human rights impacts. Special attention should be paid to adverse impacts on vulnerable or marginalised persons. Subsequently, the enterprise should understand its involvement with the identified actual and potential impacts: if the enterprise is causing,58 contributing to,59 or is directly linked to the impact through its operations, products or services by its business relationships.60 The mentioned categories do not override the legal definitions for legal liability or criminal liability.61 The enterprise’s responsibility in addressing the impact shifts depending on the enterprise’s involvement. However, the Guidance refers that the enterprise’s involvement may change over time, considering the evolution of the situation. Lastly, the enterprise is expected to prioritise the most significant risks and impacts for action and draw a plan to address firstly the most significant impacts, and later the less significant ones.62

The third step is to cease, prevent and mitigate adverse impacts. Building on step two, the enterprise should address the potential and actual impacts identified. Potential impacts should be addressed through prevention or, if not possible, mitigation, and actual impacts should be addressed through ceasing, and if not possible, mitigating the effects of the impact, and remediation. It should be noted that the measures to be adopted vary in accordance with the enterprise’s involvement with the impact, and should be risk-based, appropriate to the severity and likelihood of the adverse impact and suitable and proportionate to its situation. In general, the expected conduct is:

  • Enterprise causes the adverse impact: cease or, if not possible, mitigate actual impact, and remedy; prevent or, if not possible, mitigate potential impact.
  • Enterprise contributed to the adverse impact: cease or prevent contribution to the actual or potential impact; use leverage to mitigate any remaining impact to the greatest extent possible; contribute to remediation.
  • Enterprise is directly linked to the impact through its operations, products or services by a business relationship: use leverage63 to influence the entity causing the adverse impact to cease, prevent or mitigate the impact.

In addition, the enterprise is expected to draw and implement suitable plans to prevent and mitigate potential adverse impacts. This may be particularly relevant for complex actions or where challenges exist in stopping the actions or omissions creating or contributing to the adverse impact. Stakeholder engagement may be essential for drawing this plan.

Also, the plan is called for when the entity is only directly linked to the enterprise’s operations, products, or services by business relationships, and should be based on the prioritisation made by the enterprise. As mentioned, the enterprise is expected to use its leverage to influence the entity causing the adverse impact to cease, prevent or mitigate the impact. The Guidance states as appropriate measures: continuing the relationship but adopting risk mitigating efforts; temporarily suspending the relationship during risk mitigation; as a last resource, disengagement, considering, however, the potential social and economic adverse impacts of this decision, as well as other circumstances (e.g., legal or practical considerations that may prevent disengagement and how crucial the relationship is64). If an enterprise decides not to disengage, it should continue monitoring the business relationship, rethink the decision if circumstances change, or as part of the enterprise’s plan to address all adverse impacts, be ready to account for its risk mitigation efforts, and consider the potential reputational, financial and legal risks of maintaining the business relationship. When the leverage of the enterprise is low, the latter should seek to increase it, including through contracts,65 use of market power, and, to the extent possible, collaborating with other entities.66

The fourth stage is to track implementation and results. The enterprises are called for tracking the implementation and the effectiveness of the measures adopted to identify, address and, where appropriate, remediate the adverse impacts. This includes periodic reviews of the internal processes and periodic assessments of the business relationships, as well as stakeholders engagement. For human rights, the affected rightsholders and their representatives should be consulted. The results of this exercise should feed the improvement of the due diligence process.67

The fifth stage is communicating how impacts are addressed, by publicly reporting through an appropriate and accessible form – considering language and accessibility concerns – relevant information on the due diligence process. The information should include policies, processes and activities undertaken under the due diligence process to identify and respond to adverse impacts, the findings (areas of significant risks and the adverse impacts and risks recognised, prioritised, and evaluated), the criteria for prioritisation, the measures adopted to address the impacts and to track implementation and results, and the outcomes of such measures. Enterprises should, however, consider commercial confidentiality, competitive, and security concerns. In addition, for human rights adverse impacts, the enterprise should consider communicating with impacted rightsholders in a timely, culturally sensitive, and accessible form.68

The last step is to provide for or cooperate in remediation when appropriate. Remediation is only expected when the enterprise has caused or contributed to an actual adverse impact, and not when it is merely directly linked to such impact through its operations, products or services by a business relationship. In case of an actual adverse impact, the enterprise should provide remedy or cooperate in the remediation, by aiming to restore the situation the affected person or persons would be if the adverse impact had not occurred, to the greatest extent possible. The enterprises should comply with the law and search for international guidelines on remediation, or, where these are not available, ponder remedy that would be alike with that provided in comparable cases. The appropriate remedy should be proportionate to the significance and scale of the adverse impact and will depend on the nature and extent of the adverse impact. The Guidance provides as examples apologies, restitution, rehabilitation, financial and non-financial compensation, punitive sanctions, and the adoption of measures to prevent future adverse impacts. In case of human rights impacts, engagement with rightsholders and their representatives is expected in the establishment of remedy.

Lastly, the OECD Guidelines recommend enterprises to provide for a grievance mechanism, and to cooperate with legitimate judicial and non-judicial remediation mechanisms. These grievance mechanisms may be State-based and non-State-Based, and judicial and non-judicial, and are intended for impacted stakeholders and rightsholders to raise complaints and see them addressed by the enterprise.

The State-based-judicial mechanisms include, for example, prosecution and litigation, and relate to impacts caused by the enterprise which constitute criminal, administrative or civil offences. The non-State-based-judicial mechanisms include amongst other NCPs, regulatory and supervisory entities, environmental protection agencies, and consumer protection agencies. The non-State-based-non-judicial mechanisms include inter alia agreements between companies and trade unions, and multi-stakeholder grievance mechanisms. In particular, the establishment by the enterprise of operational-level grievance mechanisms is of great relevance. The operational-level grievance mechanisms may be very useful for the enterprise to solve a dispute internally and at an early stage through an internal complaints process. In case of adverse human rights impacts, the operational-level grievance mechanisms should be aligned with the OECD Guidelines and UNGPs criteria of legitimacy, accessibility, predictability, equitability, compatibility with the OECD Guidelines, transparency, rights-compatibility, being a source of continuous learning, and dialogue-based engagement.69

The appropriate process for remediation will depend on the concrete case, including factors such as the legal framework, the stakeholder preferences, the mechanisms available, the nature of the impact and if the impact occurred within the enterprise’s operation or its value chain.70

4. Conclusion

The due diligence process introduced by the UNGPs and adopted by the OECD Guidelines in 2011 enables enterprises to identify, prevent, mitigate, and account for how they address actual and potential negative impacts on human rights (including employment and industrial relations and consumer rights), on the environment, on the combat of bribery and other forms of corruption, and on science, technology and innovation. This process calls for a revision of the managing systems of corporations, in particular the risk-managing and decision-making systems, which are constructed on a financial outside-in approach. With the due diligence process under the UNGPs and OECD Guidelines, enterprises are no longer expected to only consider how an event affects them – they are now expected to adopt an impact inside-out perspective, by taking into account and adopting measures considering how their activities and business relationships may affect people and the environment. 

The due diligence process under the UNGPs and the OECD Guidelines is of increasing importance. It started as soft law, and, over the years, became part of sustainable finance legislation, informed the approval national due diligence law, sectorial European-level due diligence obligations, the upcoming European-level due diligence obligations under the CSDDD, and was incorporated into the heart of sustainable reporting.

The growing relevance of the due diligence process for undertakings is reflected in the 2023 revision of the OECD Guidelines. This revision focused on broadening the scope of the due diligence process and on providing greater clarification on various aspects. The greater relevance to environmental due diligence, to the environmental impacts (including climate change and biodiversity loss), to the obligations on climate due diligence (including the adoption of a transition plan with science-related targets) and the broadening of the due diligence recommendations to science, technology and innovation are a reflex of the developments and increasing concerns faced nowadays. The expansion of the definition of business relationships and the greater focus on stakeholder engagement should also be highlighted.

The latest chapter of this article aimed to provide an overview of the due diligence process. The author of this article, conscious of the increasing relevance of the due diligence process to enterprises and to the growing awareness by business on avoiding having a negative impact on people and the planet, aimed to demystify this process. Many undertakings have already adapted their internal systems to include this “new” perspective of due diligence, contributing to a more responsible business and greater respect for human rights. With the entry in force of the CSRD and the CSDDD, it is expected that more and more undertakings will follow this tendency.

Author

Inês Crispim

Inês Crispim

Lawyer

What would you like to do?

Download PDF
  1. OECD Guidelines for Multinational Enterprises on Responsible Business Conduct, 2023 update (2023).
  2. OECD, OECD Guidelines for Multinational Enterprises on Responsible Business Conduct (2023), p. 3
  3. Human Rights Council, “Guiding Principles on Business and Human Rights: Implementing the United Nations “Protect, Respect, Remedy” Framework”, A/HRC/17/31 (21 March 2011).
  4. Regulation (EU) 2019/2088 of the European Parliament and of the Council of 27 November 2019 on sustainability‐related disclosures in the financial services sector. The concept of ‘do not significant harm’ principle is developed under the regulatory technical standards adopted by the Commission Delegated Regulation (EU) 2022/1288 of 6 April 2022 supplementing Regulation (EU) 2019/2088 of the European Parliament and of the Council.
  5. Regulation (EU) 2020/852 of the European Parliament and of the Council of 18 June 2020 on the establishment of a framework to facilitate sustainable investment, and amending Regulation (EU) 2019/2088.
  6. Loi no. 2017-399 du 27 mars 2017 relative au devoir de vigilance des sociétés mères et des entreprises donneuses d'ordre, or French Duty of Vigilance Law.
  7. Lieferkettengesetz, or German Supply Chain Act.
  8. Forbrukertilsynet, or Norwegian Transparency Act.
  9. Such as Regulation (EU) 2023/1542 of the European Parliament and of the Council of 12 July 2023 concerning batteries and waste batteries, amending Directive 2008/98/EC and Regulation (EU) 2019/1020 and repealing Directive 2006/66/EC.
  10. This Directive will foresee mandatory due diligence obligations for the in-scope undertakings. On the date this article was prepared, the Council and the European Parliament had already reached a provisional deal on the CSDDD. The final text was yet to be published. The draft CSDDD has been analysed on the basis of the OECD Guidelines by, amongst others, National Contact Point for Responsible Business Conduct the Netherlands, Analysis of the draft Corporate Sustainability Due Diligence Directive, on the basis of the OECD Guidelines (30 June 2023); J. Wilde-Ramsing, Three keys the EU CSDDD can take from the revised OECD Guidelines to unlock the potential of effective due diligence legislation (Nova Centre on Business, Human Rights and the Environment Blog, 18 October 2023).
  11. Even though recitals do not have a binding legal force, as stated by the Court of Justice of the European Union in Judgement of 28 June 2012, Fabio Caronna, C-7/11, para. 40, in Judgement of 11 April 2013, Poste Italiane SpA, C-290/12, para. 38, and in Judgement of 11 November 2021, Regione Veneto v. Plan Eco Srl, C-315/20, para. 28, they may, nevertheless, elucidate the content of the rules of the relevant EU legislation, or support the interpretation of the intention of the author of the relevant legislation.
  12. Directive (EU) 2022/2464 of the European Parliament and of the Council of 14 December 2022 amending Regulation (EU) No 537/2014, Directive 2004/109/EC, Directive 2006/43/EC and Directive 2013/34/EU, as regards corporate sustainability reporting.
  13. Articles 19a(2)(f) and 29a(2)(f) of the CSRD.
  14. Commission Delegated Regulation (EU) 2023/2772 of 31 July 2023 supplementing Directive 2013/34/EU of the European Parliament and of the Council as regards sustainability reporting standards.
  15. Para. 59 of ESRS 1.
  16. Section 3 of ESRS1.
  17. Paras. 25-53 of the ESRS; About the double materiality assessment, Matthias Täger, Double materiality’: what is it and why does it matter? (Grantham Research Institute on Climate Change and the Environment, 21 April 2021); Josef Baumüller, Karina Sopp, Double materiality and the shift from non-financial to European sustainability reporting: review, outlook and implications (Journal of Applied Accounting Research, 14 December 2021).
  18. Annex I, section 3.2 of the ESRS 1 (General Requirements), paragraph 45
  19. The due diligence process is defined in para. 59 of ESRS 1, followed by the reference that the process is described by the UNGPs and the OECD Guidelines.
  20. This article is not meant to be interpreted as legal advice, or individual advice for undertaking the due diligence process, nor as a complete and comprehensive analysis of the due diligence process to be undertaken by the enterprises.
  21. Consisting of the Universal Declaration of Human Rights, proclaimed by the General Assembly, Resolution 217 A (III), A/RES/3/217 A, 10 December 1948, the International Covenant on Economic, Social and Cultural Rights (ICESCR), adopted by the General Assembly by its resolution 2200 A (XXI) of 16 December 1966, the International Covenant on Civil and Political Rights (ICCPR), adopted by the General Assembly by its resolution 2200 A (XXI) of 16 December 1966, and the two ICCPR Optional Protocols, adopted by the General Assembly by its resolution 2200A (XXI) of 16 December 1966 and the General Assembly by its resolution 44/128 of 15 December 1989. The two optional protocols are not referred to in the OECD Guidelines.
  22. Expressed in the Declaration of the International Labour Organisation on Fundamental Principles and Rights at Work, corresponding, since the 2022 revision, to:
    - Freedom of association and effective recognition of the right to collective bargaining;
    - Elimination of all forms of forced or compulsory labour;
    - Effective abolition of child labour;
    - Elimination of discrimination in respect of employment and occupation;
    - Safe and healthy working environment.
  23. Business relationship is defined in the OECD Guidelines as including ‘relationships with business partners, sub-contractors, franchisees, investee companies, clients, and joint venture partners, entities in the supply chain which supply products or services that contribute to the enterprise’s own operations, products or services or which receive, license, buy or use products or services from the enterprise, and any other non-State or State entities directly linked to its operations, products or services.’
  24. OECD Guidelines, p. 17.
  25. OECD, “OECD Due Diligence Guidance for Responsible Business Conduct” (2018).
  26. National Contact Point for Responsible Business Conduct the Netherlands, Analysis of the draft Corporate Sustainability Due Diligence Directive, on the basis of the OECD Guidelines, section 1.2.
  27. For further details on the process of the 2023 revision, J. M. Botelho and L. P. Castro, Updated OECD Guidelines for Multinational Enterprises: A Boost for Good Practices (Nova Centre on Business, Human Rights and the Environment Blog, 27th October 2023).
  28. About this topic, L. Feld, A (Slight) Raise of the Bar: Due Diligence in the 2023 Update of the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct (Nova Centre on Business, Human Rights and the Environment Blog, 9 November 2023).
  29. C. O. Lichuma, Meaningful Stakeholder Engagement 2.0.?: Tracing Developments in the Revised 2023 OECD Guidelines for Multinational Enterprises (Nova Centre on Business, Human Rights and the Environment Blog, 24 October 2023).
  30. J. Carling, Putting commitment to action for real changes on the ground: Implementing the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct relating to Indigenous Peoples (Nova Centre on Business, Human Rights and the Environment Blog, 31 October 2023).
  31. D. A. Pamplona, The OECD Guidelines for Multinationals and the Escazú Agreement: enhancing protection to human rights defenders (Nova Centre on Business, Human Rights and the Environment Blog, 26 October 2023).
  32. Regarding this topic, C. Macchi, A timely development the EU can learn from: The climate change dimension of the 2023 OECD Guidelines (Nova Centre on Business, Human Rights and the Environment Blog, 14 November 2023).
  33. The ILO Declaration on Fundamental Principles and Rights at Work (1998) was amended in 2022 to include a safe and healthy working environment as a fundamental right at work. At the moment, the fundamental principles and rights at work are:
    (a) freedom of association and the effective recognition of the right to collective bargaining;
    (b) the elimination of all forms of forced or compulsory labour;
    (c) the effective abolition of child labour;
    (d) the elimination of discrimination in respect of employment and occupation; and
    (e) a safe and healthy working environment.
  34. B. Harwell, Resetting the Employment and Industrial Relations Standards in the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct (Nova Centre on Business, Human Rights and the Environment Blog, 17 October 2023).
  35. Paul A. Davies, Michael D. Green and James Bee, OECD updated Corporate Due Diligence Guidelines (Lexology, 27 June 2023).
  36. Platform on Sustainable Finance, “Final Report on Minimum Safeguards” (October 2022), p. 10.
  37. Paul A. Davies, Michael D. Green and James Bee, OECD updated Corporate Due Diligence Guidelines (Lexology, 27 June 2023).
  38. About the updates to Chapter IX, Shreeja Sen, Missed opportunities in the OECD Guidelines tech-related updates (OECD Watch, 2 November 2023).
  39. L. Feld, A (Slight) Raise of the Bar: Due Diligence in the 2023 Update of the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct (Nova Centre on Business, Human Rights and the Environment Blog, 9 November 2023).
  40. OECD Guidelines, p. 17. The Guidance, pp. 48-49, explains how to identify the relevant stakeholders.
  41. OECD Guidelines, pp. 16-19.
  42. Guidance, pp. 42-45. Table 3 provides examples of indicators of scale, scope and irremediable character. For more information on risk-based due diligence, OECD, Translating a risk-based due diligence approach into law: Background note on Regulatory Developments concerning Due Diligence for Responsible Business Conduct (2022); Principles for Responsible Investment, How to identify human rights risks: A practical guide in due diligence (5 June 2023).
  43. OECD, Translating a risk-based due diligence approach into law: Background note on Regulatory Developments concerning Due Diligence for Responsible Business Conduct (2022), p. 5.
  44. OECD Guidelines, p. 12.
  45. At a minimum, the ones expressed in the International Bill of Human Rights, and the principles concerning fundamental rights set out in the International Labour Organisation Declaration on Fundamental Principles and Rights at Work. The circumstances under which enterprises are operating may demand the consideration of additional standards, as referred to in the OECD Guidelines, p. 26.
  46. Guidance, p. 46.
  47. Guidance, p. 18.
  48. I.e. during the life-cycle of the project, operation or activity and not only as a one-time event, according to the Guidance, p. 50.
  49. Guidance, p. 18.
  50. Before decisions are made, according to the Guidance, p. 49.
  51. Guidance, p. 16.
  52. Guidance, p. 21.
  53. OECD Guidelines, pp. 17-18.
  54. Guidance, pp. 22-24.
  55. The Guidance refers to supply chain. However, the Guidance is prior to the 2023 revision, where the downstream due diligence is included in the definition of business relationship. Joseph Wilde-Ramsing, Setting the record straight: Downstream due diligence (SOMO, 16 December 2022) explains why the reference to supply chains should be read as both including upstream and downstream relationships.
  56.  Guidelines, p. 28.
  57. Guidance, pp. 62-63.
  58. According to the Guidance, p. 70, ‘An enterprise “causes” an adverse impact if the enterprise's activities on their own are sufficient to result in the adverse impact’.
  59. According to the Guidance, p. 70, ‘An enterprise “contributes to” an impact if its activities, in combination with the activities of other entities cause the impact, or if the activities of the enterprise cause, facilitate or incentivise another entity to cause an adverse impact. Contribution must be substantial, meaning that it does not include minor or trivial contributions.’ Following the definition, the Guidance provides factors to be considered when evaluating if an enterprise is contributing to an impact.
  60. According to the Guidance, p. 71, ‘“Linkage” is defined by the relationship between the adverse impact and the enterprise’s products, services or operations through another entity (i.e. business relationship). “Directly linked” is not defined by direct contractual relationships, for example “direct sourcing”.’
  61. Guidance, p. 72.
  62. Guidance, pp. 25-28.
  63. According to the OECD Guidelines, p. 18, ‘Leverage is considered to exist where the enterprise has the ability to effect change in the wrongful practices of the entity that causes the harm’.
  64. If it provides a product or service vital for the enterprise’s activities and no reasonable alternatives exist.
  65. About the importance of contracting for responsible business conduct under the OECD Guidelines and the concerns that may arise, B. Rutledge, What new standards on Responsible Business Conduct tell us about Contracting (Nova Centre on Business, Human Rights and the Environment Blog, 24 October 2023).
  66. Guidance, pp. 29-31, 72 and 77-81.
  67. Guidance, p. 32.
  68. Guidance, pp. 33 and 85-87.
  69. OECD Guidelines, p. 27; UNGPs, Guiding Principle 31.
  70. Guidance, pp. 34-35 and 87-91.