Why Human Rights Due Diligence Is the Future of Business Risk Management
However, compliance is the floor, not the ceiling.
When people hear “human rights,” they often think of global declarations, not corporate strategies. However, human rights due diligence (HRDD) is fast becoming the sharp edge of business risk management and the most forward-looking companies already know it. It provides reputational defense and strategic advantage.
In today’s operating environment, marked by complex supply chains, shifting regulatory demands, and heightened expectations from consumers, investors, and workers, HRDD is no longer optional. In my opinion, it is the future of risk management.
For companies that have long treated compliance as the gold standard, this may feel like a sea change. But compliance is a good start, not a sufficient strategy. It tells you what’s legal. It does not tell you what’s ethical, sustainable, or acceptable to your stakeholders. And increasingly, that distinction matters.
If you want to future-proof your business, it’s time to move beyond legal checkboxes and embrace a holistic approach rooted in the UN Guiding Principles on Business and Human Rights (UNGPs): a proactive, risk-based process to identify, prevent, mitigate, and account for how your business impacts people, not just how your brand is exposed. If you're still managing business risk without a clear HRDD strategy, you may be flying blind.
Let’s talk about what a risk-based approach entails. But first, let’s briefly explore how we got here and what it means for the future.
A Brief History: From Compliance to Due Diligence
The rise of social compliance began in the 1990s, driven by consumer outrage over sweatshop labor in the apparel sector. In response, companies introduced codes of conduct and launched third-party audits to assess factory conditions. For the purposes of this post, I won’t be naming specific companies, but a quick search will reveal which household names were at the center of public scrutiny during that period.
Over time, a pattern emerged. Audits were often one-off, superficial, and failed to uncover systemic abuse. Even worse, some factories became adept at “audit fraud,” presenting sanitized documents and coached workers on the day of inspections. A compliance approach alone couldn’t address root causes like wage suppression, excessive hours, gender-based violence, or recruitment fees leading to debt bondage.
And that is still true today. I know because I used to lead some of this work at a small investigative non-profit that used journalistic techniques to uncover what audits routinely missed.
That’s where human rights due diligence (HRDD) enters.
Endorsed unanimously by the UN Human Rights Council in 2011, the UN Guiding Principles on Business and Human Rights (UNGPs) define the corporate responsibility to respect human rights. Their operational principles form the basis of HRDD, taking a risk-to-people lens, not just a risk-to-business approach. It marks a move from snapshots to systems, from policing violations to preventing harm. In doing so, it not only upholds human rights but ultimately safeguards the business itself.
“Conducting appropriate human rights due diligence should help business enterprises address the risk of legal claims against them by showing that they took every reasonable step to avoid involvement with an alleged human rights abuse.”
— UNGPs Commentary, Principle 17
A foundational resource for understanding the origins and evolution of Human Rights Due Diligence is Just Business: Multinational Corporations and Human Rights by John Ruggie, architect of the UN Guiding Principles on Business and Human Rights (UNGPs). Published in 2013, the book remains essential reading, and arguably more relevant today than ever as companies navigate mounting regulatory requirements, heightened stakeholder expectations, and the urgent need to align business practices with human rights expectations. Ruggie’s insights continue to shape global discourse and offer a critical framework for responsible corporate conduct.
Phot: Tu with her signed copy of John Ruggie’s book.
What Makes HRDD a Strategic Superpower?
HRDD bridges the gap between compliance and accountability. It doesn’t just ask “Are we following the rules?”—it asks “Are we doing the right thing, and are we willing to act when we’re not?” Unlike traditional risk management, which often protects the business from the world, HRDD asks: How is the business impacting the world and what’s the cost of ignoring it?
For decades, social audits have been the dominant tool for monitoring supply chain compliance. While useful for snapshot assessments, they are fundamentally limited in scope and depth. Most audits are pre-announced, checklist-driven, and often incentivize superficial fixes over systemic change. Critically, audits fail and have failed to detect serious violations or issues considered zero tolerance for companies—including forced labor and unethical recruitment—especially when workers fear speaking out. As a result, reliance on audits alone continues to face widespread criticism.
Rather than relying solely on static, transactional audits, HRDD is a dynamic, continuous process grounded in stakeholder engagement, root cause analysis, and long-term remediation. It seeks to understand why harm happens, who is affected, and how the business can prevent it.
Done well, HRDD does more than avoid harm. It:
Identifies blind spots in supply chains, labor practices, and business models.
Builds trust with stakeholders, from workers to regulators to investors.
Strengthens governance by embedding responsibility at every level.
Enables foresight because when human rights risks surface, it’s already late.
Concrete Next Steps for Companies: A Rights-Based Risk Approach
HRDD isn’t just about risk reduction, it’s about risk anticipation. I’ve seen companies lose contracts, brand equity, and executive credibility for not acting until it was too late. I've also seen how the companies that act early, transparently and consistently, gain a reputational advantage no competitor can buy.
In an age of radical transparency and real-time outrage, your supply chain can go viral. Your sourcing decisions can trigger regulatory scrutiny. Your silence can speak louder than your values.
If you’re leading sustainability, ESG, compliance, sourcing, or public affairs—here’s how to integrate HRDD into your risk management architecture:
1. Anchor HRDD in Core Governance
Elevate human rights oversight to Board or executive level
Clarify cross-functional roles—legal, procurement, human resources, public policy, operations
2. Map Human Rights Risks Across the Value Chain
Go beyond Tier 1 to include labor recruiters, raw materials, and end-use impacts
Use tools like the OECD sectoral risk guidance, U.S. Department of Labor Comply Chain and Forced and Child Labor Reports, Verite, or Business and Human Rights Resource Centre trackers
3. Assess Salient Risks—Not Just Legal Exposure
Engage affected stakeholders and rightsholders (workers, Indigenous communities, civil society)
Prioritize risks based on severity, not proximity to HQ
4. Integrate Mitigation into Business Practices
Redesign sourcing strategies, pricing models, and KPIs to incentivize rights-respecting behavior
Avoid over-reliance on social audits—complement with supplier and worker engagement tools and grievance mechanisms
5. Track and Communicate Performance Transparently
Report not only outputs and activities, but outcomes—e.g. grievance resolution rates, improved working conditions, decreased zero tolerance issues
Align with emerging EU standards (CSRD, CSDDD) and voluntary benchmarks (Shift UNGP Reporting Framework, CHRB)
6. Invest in Early Warning Systems
Partner with local NGOs, worker organizations, and human rights experts
Monitor for contextual risks—conflict, political repression, climate shocks—that exacerbate harm
The International Consensus: Risk-Based, Salience-Focused
The UN Guiding Principles on Business and Human Rights (UNGPs) remain the authoritative global standard for how companies should manage their human rights responsibilities. They set clear expectations that businesses must not only respect human rights but also adopt a risk-based approach—one that prioritizes action based on the severity of potential or actual harm to people, rather than what is most convenient, cost-effective, or legally required.
From a practitioner’s perspective, the absence of any reference to the UNGPs in a company’s human rights policy, due diligence framework, or public disclosures is a significant red flag. It suggests a lack of alignment with internationally recognized norms and raises questions about the company’s understanding of or commitment to meaningful human rights due diligence. At a time when regulatory and stakeholder scrutiny is intensifying, anchoring a company’s efforts in the UNGPs is not just best practice, it is foundational.
🔎 “Where it is necessary to prioritize actions to address actual and potential adverse human rights impacts, business enterprises should first seek to prevent and mitigate those that are most severe or where delayed response would make them irremediable.” – UNGPs, Principle 24
The UNGPs have been reinforced by:
OECD Due Diligence Guidance for Responsible Business Conduct, which provides sector-specific guidance for applying risk-based due diligence
EU Corporate Sustainability Due Diligence Directive (CSDDD) and national laws in Germany, France, and Norway, requiring companies to identify and act on salient human rights and environmental risks
UN PRI’s human rights guidance and benchmark initiatives like the Corporate Human Rights Benchmark (CHRB) outline expectations and guidance for the investor community.
Final Thought: HRDD Is Not Extra Work—It’s Better Risk Management
In today’s volatile operating environment—climate crisis, economic downturn, social unrest, regulatory pressure—companies can’t afford to treat human rights due diligence as a separate or secondary process. HRDD is not an add-on. It’s a strategic, future-fit way to manage risk in a world where doing harm to people will come back to harm your business.
The businesses that will lead in the next decade aren’t just those with the lowest costs or highest profits. They’re the ones who understand that human rights risk is business risk and they build teams and systems to prevent harm before it becomes a crisis.
Human rights due diligence isn’t a reporting exercise. It’s a management strategy for the world we live in now. Done right, HRDD builds business resilience, trust, and long-term value.