Checklist: Human rights due diligence in supply chains (UK)

Introduction

This checklist will assist organisations of all sizes to integrate the protection of human rights into their supply chains. The checklist is aligned with the UN’s Guiding Principles on Business and Human Rights (UNGPs), the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct (OECD Guidelines) and the OECD Due Diligence Guidance for Responsible Business Conduct (Guidance).

This checklist covers the following steps:

1. Identify and assess actual or potential adverse human rights impacts
2. Integrate findings of human rights due diligence and take appropriate action to cease, prevent and remedy any adverse human rights impact
3. Implement effective tracking and communication
4. Establish effective and transparent grievance mechanisms along the supply chain

This checklist should be used in conjunction with How-to guide: Understanding the legal framework for human rights and the importance of human rights due diligence (UK), which provides background information on human rights (including the UNGPs and OECD Guidelines). It should also be used with Checklist: Conducting environmental, social and governance (ESG) due diligence in supply chains (UK), as the steps set out below are additional and complementary to the steps set out in that checklist.

This checklist focuses on human rights due diligence (HRDD) as contemplated in the UNGPs and OECD Guidelines rather than any particular legislation. Whilst compliance with the UNGPs and OECD Guidelines is considered best practice, any applicable HRDD legislation must also be reviewed in case of any differences.

The checklist is presented as a list of considerations that can be checked off as they are addressed. After the checklist, there are explanatory notes corresponding with each requirement in the checklist.

Step 1 – Identify and assess actual or potential adverse human rights impacts

Step 2 – Integrate findings of human rights due diligence and take appropriate action to cease, prevent and remedy any adverse human rights impact

Step 3 – Implement effective tracking and communication

Step 4 – Establish effective and transparent grievance mechanisms along the supply chain

General notes

HRDD is a recognised best practice method for organisations to identify, prevent, mitigate and account for any potential and actual adverse human rights impacts with which they are involved.

HRDD should underpin an organisation’s human rights procedures and relevant policies (eg, Human Rights Policy and Supplier Code of Conduct) and should be properly integrated within an organisation, by gaining top-level commitment, training employees and integrating HRDD within the organisation’s overall strategy.

Legal framework

Human rights legal frameworks do not impose direct legal obligations on businesses, and the UNGPs and OECD Guidelines were developed with the objective of assisting States with the translation of their international human rights law obligations into domestic law. The UNGPs and OECD Guidelines are recognised as the ‘source code’ for HRDD legislation.

Several jurisdictions have adopted legislation that requires human rights considerations to be taken into account in an organisation’s operations, for example:

• the Corporate and Sustainability Due Diligence Directive (CSDDD) (EU);
• the Law No. 2017-399 on the duty of vigilance (France);
• the Supply Chain Act (Germany);
• the Batteries Regulation (EU); and
• the Uyghur Forced Labor Prevention Act (USA).

Other aspects of the legal framework for human rights include international regulations requiring organisations to make human rights disclosures, such as Regulation (EU) 2019/2088 – the Sustainable Finance Disclosure Regulation (SFDR) and Directive (EU) 2022/2464 – the Corporate Sustainability Reporting Directive (CSRD). Both require organisations to know about the human rights performance of their supply chains in order to make the required disclosures.

For further information about the legal framework for human rights and the increasing importance of HRDD, see How-to guide: Understanding the legal framework for human rights and the importance of human rights due diligence (UK).

Organisations should ensure that all relevant personnel are familiar with the UNGPs, the OECD Guidelines, the Guidance and any applicable HRDD legislation, and that they understand the purpose of HRDD and why it is important.

Step 1 – Identify and assess actual or potential adverse human rights impacts

An ‘adverse human rights impact’ is defined by the Office of the UN High Commissioner for Human Rights (OHCHR) in its guide ‘The Corporate Responsibility to Respect Human Rights: An Interpretive Guide’ as an impact that ‘occurs when an action removes or reduces the ability of an individual to enjoy his or her human rights’.

Use a proportionate and reasonable risk-based approach to identify any salient human rights impacts and risks for the organisation. Salient human rights impacts and risks are those that are the most severe or where a delayed response would make them irremediable. Severity is determined by:

• scope – how widespread the impact is or would be;
• scale – how grave the impact is or would be; and
• irremediability (how hard it is or would be to put right the resulting harm).

Likelihood is a secondary consideration and requires consideration of those impacts that have some likelihood of occurring in the future, recognizing that these are often, though not limited to, those impacts that have occurred in the past. (See UNGP: Salient Human Rights Issues).

Identify and assess human rights impacts and risks by geographic context, sector and business relationships – both at home and abroad – and throughout the supply chain, recognising that particular jurisdictions and sectors are high risk (see 2.3 below).

1.1 Map the supply chain

Undertake detailed mapping of the supply chain. It is a good idea to create a visual representation of all the entities and functions across the organisation – from raw materials to final product (and any high-risk items or sectors). Understand the flow of goods, services and funds within the supply chain and investigate (on a proportionate and reasonable basis) suppliers and subcontractors, and other entities involved in the supply chain.

Supply chain mapping is an important part of the HRDD process and includes identifying stakeholders and understanding the relationships between parties (map out tiers of multiple suppliers if applicable) in order to assess potential impacts on people.

See Sedex: Supply chain mapping: What is it and why is it important? for a summary of the steps involved with mapping a supply chain

1.2 Understand whether the organisation operates in high-risk countries and/or sectors

HRDD will vary in complexity depending on the size of the organisation, the geographical spread of the supply chain, the risk of severe human rights impacts and the nature and context of the business operations.

In terms of sector risk, use human rights databases and tools to understand what human rights abuses may exist in an organisation’s supply chain. The UNEP Finance Initiative – Human Rights Toolkit for Financial Institutions was developed for the financial sector, but contains information that can be used by all sectors.

The risk of human rights abuses increases in conflict-affected areas (regions with political instability, weak governance, a history of armed conflict or violence and lack of development). Any operating environment can become high risk if violence and social conflicts occur or escalate quickly, and political stability can degrade rapidly. As a result, communities and vulnerable groups can face changing and escalating risks to their lives, wellbeing and livelihoods.

Heightened HRDD should be carried out in conflict-affected and high-risk areas (CAHRAs), and organisations should:

• identify whether they source products from or have operations in CAHRAs;
• escalate HRDD in proportion to the severity of risk;
• adopt a crisis plan for responsibly remaining in a CAHRA or responsibly exiting a CAHRA; and
• assess their own operations and the operations of suppliers to see if they require reinforced security arrangements – noting that the use of security firms can create potential human rights risks that must be appropriately managed (for example the expansion and globalisation of the private security industry has led to increased instances of sexual and gender based violence, and labour abuses).

Seek advice from UK embassies about human rights risks related to local corruption or conflict. Implement the Voluntary Principles on Security and Human Rights, where appropriate.

1.3 Decide which form of human rights due diligence to undertake

There are many forms of HRDD, including undertaking a:

• human rights impact assessment;
• human rights risk assessment; and
• sector-wide impact assessment.

For HRDD to be effective as a method of protecting human rights and preventing harm, assessment and follow-up needs to be informed by meaningful engagement with rightsholders (see Education In Emergencies glossary) and rooted in the international human rights framework, rather than being a ‘tick-box’ exercise. While social audits have been widely used to assess an organisation’s impact on society (see The ESG Report: What is Social Auditing?), they are conceptionally different and often do not effectively identify and prevent impacts – such as the Rana Plaza disaster (see Anti-slavery: The inadequacies of social auditing: why we need worker-led solutions and UK government: Case study: The Rana Plaza disaster).

The form of HRDD used should make use of internal or independent relevant human rights experts (or both) and incorporate meaningful consultation with potentially affected rightsholders and other relevant stakeholders (eg, trade unions or civil society organisations).

Tailor the approach at factory level if possible, if not then at country level, and in the worst case, regional level.

1.4 Conduct meaningful engagement with stakeholders

HRDD should be ongoing, as the risks to human rights may change over time. It should also be informed by meaningful stakeholder engagement, in particular with rightsholders, human rights defenders (see The Diplomatic Service of the European Union definition) and other critical voices (managing and mitigating the personal risks to these individuals at the same time), trade unions and grassroots organisations. HRDD should be incorporated into standard business practices alongside environmental and other due diligence processes.

Engaging with stakeholders – in particular rightsholders – is not a ‘nice to have’, but a requirement under the UNGPs, the OECD Guidelines and other international standards, for example, CSRD, CSDDD and the International Finance Corporation’s Performance Standards on Environmental and Social Sustainability. Governments increasingly require evidence of engagement to satisfy HRDD obligations.

1.4.1 Define stakeholders

Organisations need to define their stakeholders – as well as rightsholders and other potentially impacted people, they include people with an interest or concern in the business activity, including government officials, organisation managers, industry associations, trade unions, civil society organisations, lawyers and journalists. This can mean physically going to remote communities to ensure their identification.

Organisations should recognise that not all rightsholders are the same. For example, children, women, migrant workers, indigenous peoples or LGBTIQ+ people may be impacted by business operations differently. In particular, organisations should be sensitive to differentiated impacts to women and apply a gender framework to HRDD (see Gender Responsive Due Diligence).

1.4.2 Identify the best method of engagement with each group of stakeholders

Use appropriate local and international expert advice on what engagement methods are best in each circumstance. Use international standards such as the UNGPs to guide meaningful engagement.

Organisations should consult with potentially affected stakeholders (or their legitimate representatives) directly in a manner that takes into account language and other potential barriers to effective engagement. While the roll-out of HRDD legislation is progressing fast, there is strong evidence that businesses are not sufficiently engaging with stakeholders, including affected communities and human rights advocates.

Facilitate platforms for honest and transparent communication, respecting cultural and social norms. Acknowledge and embrace the local cultural context, including language, traditions and customs. Ensure the active participation of affected parties in decision-making processes, respecting their autonomy and opinions. Maintain continuous dialogue and consultation to maintain trust and build relationships.

1.4.3 Evaluate effectiveness of engagement

Regularly evaluate the effectiveness of engagement through feedback and monitoring. Provide regular updates to all stakeholders, including public reporting where relevant, on the process and outcomes of engagement.

Step 2 – Integrate findings of human rights due diligence and take appropriate action to cease, prevent and remedy any adverse human rights impact

The UNGPs state that ‘where a business enterprise contributes or may contribute to an adverse human rights impact, it should take the necessary steps to cease or prevent its contribution and use its leverage to mitigate any remaining impact to the greatest extent possible’.

2.1 Develop human rights impact management plan

This involves the creation of a plan (which might be called an impact management plan, action plan, or similar) for ceasing, preventing, mitigating and remediating any negative human rights impacts identified through the HRDD.

Developing an action plan involves:

• identifying and engaging with relevant staff and teams to design feasible solutions and allocate appropriate (and ring-fenced) budgets;
• consulting with external stakeholders, to understand their perspectives and to hear their ideas about how to prevent or reduce human rights harms;
• acting on the lived experience of those who have been impacted (see British Institute of Human Rights: Lived Experience);
• engaging with relevant business partners to work to address any risks and impacts involving them;
• identifying a set of actions, determining who is responsible for delivery and the time frame; and
• adopting and implementing appropriate and robust oversight mechanisms to ensure delivery of the action plan.

Actions should be prioritised by the severity of the impacts or potential risks to people – not by the simplest to resolve. Consider whether the risks may cause death or serious injury, whether the consequences are irreversible, and how likely and soon the impact could occur. When prioritising how to respond to risks that are not life-threatening, it is relevant to consider how many people could be affected.

2.2 Identify appropriate action to take to cease, prevent and mitigate any adverse human rights impacts

The response to adverse impacts is based on an organisation’s relationship to the impact. This will vary according to:

• whether the organisation causes or contributes to an adverse impact, or whether it is involved solely because the impact is directly linked to its operations, products or services by a business relationship; and
• the extent of its leverage in addressing the adverse impact.

Marks and Spencer have produced a useful flowchart in their Food Human Rights Standards:

Human Rights Due Diligence and remedy Guidance to help identify what action is required by an organisation:

2.2.2 Stop the adverse impact

Where an organisation causes or may cause an adverse human rights impact, it should stop or prevent the actual impact. In situations of actual impacts having already occurred, the organisation should also provide remedy to affected individuals.

2.2.3 Prevention and mitigation

The prevention and mitigation of human rights risks refers to actions taken to reduce the likelihood of a certain adverse impact occurring. If prioritisation becomes necessary, more severe risks should be addressed first. In such cases, organisations should look at the severity of the risk (scale, scope and irremediability) and likelihood of it occurring in order to decide which risks must be addressed first.

The mitigation of adverse human rights impact refers to actions taken to reduce its extent, with any residual impact then requiring remediation.

2.2.4 Using leverage

‘Leverage’ refers to the ability of an organisation to effect change in the wrongful practices of another party that is causing or contributing to an adverse human rights impact. The extent of the organisation’s leverage determines the appropriate actions it should take to mitigate adverse impacts. Leverage may stem from commercial influence (eg, use of contractual terms or audits to set standards) or business influence (eg, capacity building or preferential purchasing).

If there is sufficient leverage, identify and take actions to prevent or reduce the impact of any risks identified. If there is insufficient leverage, seek to exert leverage by collaborating with business partners, government, NGOs, civil society or trade unions. Participate in – or set up – multi-stakeholder initiatives to address systemic issues.

In addition, set up ethical supply chain initiatives to engage small suppliers, such as providing training, using bespoke training solutions if possible. One size does not fit all in the human rights space – remember to listen to all stakeholders, particularly those impacted by activities.

2.3 Provide remediation and remedy for any adverse impacts that the organisation has caused or contributed to

Remediation and remedy refer to:

• the processes of providing remedy for an adverse human rights impact; and
• the substantive outcomes that can counteract, or make good, the adverse impact.

Under the UNGPs, remedy may include apologies, restitution, rehabilitation, financial or non-financial compensation and punitive sanctions, as well as the prevention of harm through, for example, injunctions or guarantees of non-repetition.

Affected stakeholders should be consulted on their desired remedial outcomes. A remediation plan should consider their perspective, needs and concerns. Consider both the remedial actions (ie, fixing or reversing the adverse impact) and systematic actions that could be taken to prevent same or similar impacts from re-occurring.

2.4 End relationships where necessary

The UNGPs recognise that:

There are situations in which the enterprise lacks the leverage to prevent or mitigate adverse impacts and is unable to increase its leverage. Here, the enterprise should consider ending the relationship, taking into account credible assessments of potential adverse human rights impacts of doing so.

The UNGPs set out considerations that will factor into the appropriate response by an organisation, including how crucial the relationship is to the organisation, the severity of the abuse and whether terminating the relationship would itself have adverse human rights consequences.

As further noted in the UNGPs:

for as long as the abuse continues and the enterprise remains in the relationship, it should be able to demonstrate its own ongoing efforts to mitigate the impact and be prepared to accept any consequences – reputational, financial or legal – of the continuing connection.

Step 3 – Implement effective tracking and communication

3.1 Track effectiveness of responses to human rights impacts

To verify whether adverse human rights impacts are being adequately and robustly addressed through their impact management plan and related activities, organisations should track the effectiveness of their responses. Such tracking should be based on appropriate qualitative and quantitative indicators and draw on feedback from both internal and external sources, including affected stakeholders.

3.2 Communicate how human rights impacts are being addressed

Communicate to the public how the organisation is addressing its human rights impacts. This is especially necessary for businesses operating in high-risk sectors and geographies.

Communications should:

• be of a form and frequency that reflect a business’s human rights impacts and that are accessible to its intended audiences;
• provide information that is sufficient to evaluate the adequacy of a business’s response to the particular human rights impact involved; and
• not pose risks to affected stakeholders, personnel or to legitimate requirements of commercial confidentiality.

Organisations may consider publishing annual or more frequent human rights reports.

Step 4 – Establish effective and transparent operational-level grievance mechanisms along the supply chain

An operational-level grievance mechanism is a non-judicial process where stakeholders can raise grievances. They support organisations’ HRDD by helping organisations identify adverse human rights impacts and make it possible for identified grievances to be addressed and remediated by the organisation.

4.1 Understand the meaning of an effective grievance mechanism

Effective grievance mechanisms also provide a platform for businesses to prevent similar harms from arising and improve communication on management of human rights impacts.

Under the UNGPs, an effective grievance mechanism is:

• Legitimate – it is trusted by the stakeholder groups that it is intended for.
• Accessible – those for whom it is intended know about it and adequate assistance is provided to any groups who may face particular barriers to access – for example, providing translation services.
• Predictable – there is a clear and known procedure with indicative time frames and clarity on the processes and outcomes available and means of monitoring implementation.
• Equitable – measures are taken to address power imbalances so that parties can access information, advice and expertise to engage on fair, informed and respectful terms.
• Transparent – parties to a grievance are regularly informed about its progress and information about the mechanism’s performance is publicly shared (subject to confidentiality requirements).
• Rights-compatible – outcomes are in line with internationally recognised human rights.
• A source of continuous learning – grievance mechanisms can be early warning systems for organisations. By regularly analysing the frequency, patterns and causes of grievances, organisations can identify and amend policies, procedures or practices to prevent future harm.
• Based on engagement and dialogue – organisations should engage with affected stakeholders on the design and performance of a grievance mechanism to help ensure that it meets their needs, that they will use it in practice and that there is a shared interest in ensuring its success.

4.2 Assess whether there are any gaps in grievance mechanisms

Assess whether there are any gaps in existing grievance mechanisms along the supply chain, and work at every level, and with relevant partners, to strengthen their availability and effectiveness, using the UNGPs, OECD Guidelines and any applicable legislation for guidance.

4.3 Review grievance mechanisms from workers’ perspective and expectations

Workers’ perspectives and expectations are central to understanding whether a grievance mechanism is working or not. Workers must be at the centre of the design and implementation of mechanisms, as they are the ones who best understand their working conditions and have the strongest interest in ensuring that their rights are respected.

4.4 Offer support along the supply chain

Reach out to organisations, particularly MSMEs (ie, micro, small and medium enterprises) along the supply chain to assess their needs and offer support and training on grievance mechanisms and effective handling of workers’ complaints. Ensure that the presence of grievance mechanisms does not become a tick-box exercise for legal or audit purposes by actively monitoring (eg, via spot checks) producer commitment, mechanism availability, use and impact.

Ensure that grievance mechanisms implemented or supported by organisations higher up the supply chain do not replace or undermine grievance mechanisms at lower levels.

Support supply chain participants, particularly MSMEs to investigate and resolve issues and to enable sectoral efforts to overcome and respond to systemic risks, including developing effective channels and escalation procedures for grievances that cannot be resolved by individual employers.

Recognise the power imbalances in a supply chain, particularly between organisations in the global North and organisations in the global South and seek to foster equity up and down the supply chain.

4.5 Follow the Grievance Mechanism Dos and Don’ts

The following ‘Grievance Mechanism Dos and Don’ts’ were developed by The Remedy Project for UNDP:

• do partner with third parties that are trusted by workers;
• do socialise the grievance mechanism;
• do have a worker welfare committee that truly represents the workers;
• do take retaliation threats to parties seriously;
• do protect the confidentiality and anonymity of parties;
• do ensure that your grievance mechanism incorporates the principles of gender equality, disability and social inclusion;
• don’t treat a complaints or suggestions box as a grievance mechanism;
• don’t create a structure that is hard to navigate; and
• don’t treat a grievance mechanism as publicised simply because it is available.

Additional considerations regarding effective grievance mechanisms can be found in ‘In Search of Effective Corporate Grievance Mechanisms: Can Mandatory Due Diligence Laws be a Progressive Force?’.

Additional resources

Marks and Spencer – Food Human Rights Standards: Human Rights Due Diligence and Remedy Guidance
United Nations – The Corporate Responsibility to Respect Human Rights: An Interpretive Guide
UN Guiding Principles Reporting Framework
OECD – OECD due diligence guidance for responsible supply chains of minerals from conflict-affected and high-risk areas
Shift
Monica Vinader – Human Rights Policy 
PRI – How to identify human rights risks: A practical guide in due diligence
Marks and Spencer – Human Rights & Our Supply Chain
The Remedy Project
The UN Global Compact
ILO – Human Rights Due Diligence: Policies, Practice, and Implementation
Voluntary Principles on Security and Human Rights 
Ethical Trade.org – Recommendations for Effective Operational Grievance Mechanisms

Related Lexology Pro content

How-to guides:

Understanding environmental, social and governance (ESG)
What general counsel (GC) need to know about environmental, social and governance (ESG)
How to consider and navigate the consequences of ESG risks
Overview of climate legislation and regulation in the UK and Europe
How to understand and implement the ‘S’ in environmental, social and governance (ESG)
How to assess suppliers for modern slavery risk (UK)
How to create a supplier code of conduct (UK)
How to navigate the regulatory and litigation risks associated with greenwashing in the UK and EU
Understanding the legal framework for human rights and the importance of human rights due diligence (UK)

Checklists:

UK Modern Slavery Act reporting requirements: Section 54 (UK)
Greenwashing risk assessment (UK)
Conducting environmental, social and governance (ESG) due diligence in supply chains (UK)

Reliance on information posted:

While we use reasonable endeavours to provide up to date and relevant materials, the materials posted on our site are not intended to amount to advice on which reliance should be placed. They may not reflect recent changes in the law and are not intended to constitute a definitive or complete statement of the law. You may use them to stay up to date with legal developments but you should not use them for transactions or legal advice and you should carry out your own research. We therefore disclaim all liability and responsibility arising from any reliance placed on such materials by any visitor to our site, or by anyone who may be informed of any of its contents.