Editor's Note: Catherine Dunmore is an experienced international lawyer who practised international arbitration for multinational law firms in London and Paris. She recently received her LL.M. from the University of Toronto and her main fields of interest include international criminal law and human rights. Since October 2017, she is part of the team of the Doing Business Right project at the Asser Institute.

Introduction

The Court of Appeal in London recently handed down its judgment in Dominic Liswaniso Lungowe and Ors. v Vedanta Resources Plc and Konkola Copper Mines Plc [2017] EWCA Civ 1528 (Lungowe v Vedanta) addressing issues of jurisdiction and parent company liability. The judgment runs contrary to the historical legal doctrine that English domiciled parent companies are protected from liability for their foreign subsidiaries’ actions. This decision clarifies the duty of care standard a parent company owes when operating via a subsidiary and opens the gates to other English domiciled companies and their subsidiaries being held accountable for any human rights abuses.

Facts

In 2015, a claim was brought by 1,826 villagers from the Chingola region of Zambia against the London Stock Exchange listed metals and mining company Vedanta Resources Plc (Vedanta), which has a global asset base of almost US$40 billion. Vedanta’s subsidiary Konkola Copper Mines Plc (KCM), a Zambian public limited company which is the largest integrated copper producer in the country, was licenced to extract from the Nchanga copper mine near Chingola. The villagers claimed personal injury, damage to property and loss of income, amenity and enjoyment of land, due to alleged pollution and environmental damage caused by discharges from the Nchanga mine for over a decade. The claimants used Vedanta to anchor their claims in the English courts and received permission to serve KCM out of the jurisdiction. Both Vedanta and KCM applied for declarations that the Court had no jurisdiction to try the claims, or alternatively, that it should not exercise such jurisdiction. These challenges were dismissed at first instance by Mr Justice Coulson, and Vedanta and KCM appealed against his order.

Judgment

The Court of Appeal unanimously dismissed the appeals and confirmed jurisdiction against Vedanta and KCM. Led by Lord Justice Simon, the Court concluded that “there are no proper grounds for re-opening the Judge's decision. The appellants have not persuaded me that the Judge misdirected himself on the law, nor that he failed to take into account what mattered or that he took into account what did not matter. How the various matters weighed with him, either individually or together, was for him to decide, provided that he did not arrive at a conclusion that was plainly wrong. In my view, he did not reach a view that was wrong; he reached a conclusion that was in accordance with the law”.

In its determination of jurisdiction, the Court notably considered the following issues:

1. Whether the claimants' claim against KCM has a real prospect of success;

2. If so, whether there is a real issue between the claimants and Vedanta;

3. Whether it is reasonable for the court to try that issue;

4. Whether KCM is a necessary and proper party to the claim against Vedanta; and

5. Whether England is the proper place in which to bring that claim.

Of particular jurisprudential significance for future cases involving companies’ alleged human rights violations were the Court’s deliberations on issue two relating to parent companies and the duty of care.

Parent company liability and the duty of care

The Court of Appeal’s judgment sought to clarify the duty of care owed by a parent company through its subsidiary’s operations. The judges reviewed the benchmark cases for the imposition of such a duty of care and affirmed the following propositions:

1. “The starting point is the three-part test of foreseeability, proximity and reasonableness”, as enounced in Caparo Industries Plc v Dickman. The fact alone that Vedanta is KCM’s holding company would not make it arguable that Vedanta owed a duty of care, and additional circumstances were required to ground a properly arguable claim.

2. “A duty may be owed by a parent company to the employee of a subsidiary, or a party directly affected by the operations of that subsidiary, in certain circumstances”.

3. “Those circumstances may arise where the parent company (a) has taken direct responsibility for devising a material health and safety policy the adequacy of which is the subject of the claim, or (b) controls the operations which give rise to the claim”.

4. “Chandler v Cape Plc and Thompson v The Renwick Group Plc describe some of the circumstances in which the three-part test may, or may not, be satisfied so as to impose on a parent company responsibility for the health and safety of a subsidiary's employee”. If both parent company and subsidiary have similar knowledge and expertise and they jointly take decisions about mine safety, which the subsidiary implements, both companies may owe a duty of care to those affected by those decisions.

5. “The evidence sufficient to establish the duty may not be available at the early stages of the case”, and may be better judged after the pleadings in the case.

In its deliberations, the Court of Appeal considered certain factors as relevant to the existence of a duty of care between Vedanta and the villagers, namely:

• A Vedanta report which stressed that oversight of all its subsidiaries rests with the Board of Vedanta itself and expressly refers to problems with discharges into water at the mine in Zambia.

• A Management and Shareholders Agreement which contractually obliged Vedanta to provide KCM with, among others, geographical and mining services and employee training as well as to procure feasibility studies in accordance with “acceptable mining, metal treatment and environmental practices conducted in Southern Africa”.

• Vedanta's provision of environmental and technical information and Health Safety and Environmental training, as well as its public statements on its commitment to addressing environmental risks and technical shortcomings in KCM's mining infrastructure.

• Evidence from a former KCM employee about the extent of Vedanta's control of KCM’s operational affairs.

Following the above principles relating to the duty of care and in light of the evidence displayed by the claimants, it was concluded that Mr Justice Coulson was entitled to reach his conclusions. Whilst the claim against Vedanta may or may not succeed at trial, it could not be dismissed as not properly arguable. In other words, the Court accepted “that there is a serious question to be tried which should not be disposed of summarily, notwithstanding the question goes to the court's jurisdiction”.

The Court affirmed the long-established principle that a parent company does not automatically owe a duty of care to someone affected by its subsidiary’s actions. Yet, as Lord Justice Simon observed, the defendant's assertion that “there had been no reported case in which a parent company had been held to owe a duty of care to a person affected by the operation of a subsidiary” does not at all “render such a claim unarguable”.

Rather, the claimant must prove that such a duty of care arises; more particularly that the parent company has taken direct responsibility for material health and safety policies or controls its subsidiary’s operations. It follows that the more integration and supervision that can be demonstrated between a parent company and subsidiary, the greater the chance of a duty of care being found, and accordingly the parent company being accountable for any human rights abuses. Moreover, the Court’s hesitancy to conclude at an early stage in proceedings that no duty of care exists, and consequently that there is no real issue to be tried, will likely allow more cases to be determined during the hearing rather than at an interlocutory stage.

Lungowe v Vedanta’s duty of care in light of France’s new duty of vigilance law

Earlier in 2017, the French National Assembly adopted the loi relative au devoir de vigilance des sociétés mères et des entreprises donneuses d'ordre which established a new duty of care for large multinational companies operating in France. The law imposes an obligation of vigilance on companies incorporated or registered in France during two consecutive fiscal years that have either at least 5,000 employees themselves and through French subsidiaries, or have at least 10,000 employees themselves and through subsidiaries located in France or abroad.

The law requires such a parent company to establish and implement a publically available vigilance plan relating to its activities and those of its subsidiaries. The plan includes due diligence measures to identify risks and to prevent serious violations of human rights and fundamental freedoms, health and safety and the environment, resulting from the activities of the company and its subsidiaries, as well as the relevant activities of its subcontractors and suppliers under their commercial relationship. The law lists five such due diligence measures:

1. A risk mapping that identifies, analyses and ranks risks

2. Procedures for regular evaluation of subsidiaries, subcontractors or suppliers with whom an established commercial relationship is maintained

3. Adapted actions to mitigate risks or prevent serious harm

4. An alert mechanism and the collection of reports relating to the existence or realisation of risks, drawn up in consultation with the representative trade union organisations

5. A monitoring mechanism to follow-up on the plan’s implementation and evaluating its effectiveness.

Any company put on formal notice to comply with these vigilance obligations can face penalties if they fail to do so within three months.

    The French law is widely viewed as a major step forward, although by no means a panacea, to improving corporate respect for human rights and the environment. Although only applicable to an estimated 100-150 large companies, in passing the law the French National Assembly acknowledged the need for corporations to be held accountable for their worldwide activities, rather than hiding behind the corporate veil. The new French law requirements are markedly different from those found in the Modern Slavery Act 2015 of the United Kingdom and the California Transparency in Supply Chains Act of 2010, which only require companies to report on any efforts to identify certain forms of human rights related risk. In comparison, companies caught by the French law are actually required to implement a vigilance plan.

However, under the French law the legal emphasis is on a company evidencing it has done everything in its power to establish and implement this vigilance plan, rather than focusing on guaranteeing results in terms of human rights compliance. French corporations can therefore effectively reduce their duty of care liability by creating and executing a plan with accompanying due diligence measures. In contrast, following the jurisprudence of Lungowe v Vedanta, a parent company’s liability may actually increase if it takes responsibility for such material health and safety policies. Accordingly, in order to reduce its liability and the imposition of a duty of care, a parent company might seek to demonstrate a very low level of integration and supervision between itself and its subsidiaries.

This leads to the unsatisfactory position that parent companies in both nations might be able to avoid liability for the actual damage arising from their subsidiaries’ human rights violations. A parent company in France might avoid accountability for its subsidiary’s actions through demonstrating vigilant control and surveillance, whilst a parent company in England might similarly benefit from demonstrating distance and separation. In either case, there remains a legal lacuna whereby parent companies may evade responsibility for grave rights breaches.

Conclusions

Whilst the English courts retain a significant discretion when exercising their judgement in jurisdictional challenges, the judgment in Lungowe v Vedanta may lead to an increase in claims before the courts for alleged human rights abuses by foreign subsidiaries of English domiciled parent companies. The decision might prompt vulnerable English corporations to reassess their compliance with the United Nation’s Guiding Principles on Business and Human Rights, and to demonstrate both their own and their subsidiaries’ respect for and adherence to human rights standards throughout their training, policies and operations. Yet, the significant converse risk is run that parent companies will distance themselves from their subsidiaries’ actions. Ensuring that the responsibility for compliance with human rights obligations remains with a subsidiary may reduce the likelihood of a duty of care being found at a parent company level for any extraterritorial human rights abuses. Ultimately, only time will tell whether Lungowe v Vedanta prompts English domiciled companies to account for, or instead avoid, their subsidiaries’ human rights abuses.

Editor's note: Mercedes is a recent graduate of the LL.B. dual-degree programme English and German Law, which is taught jointly by University College London (UCL) and the University of Cologne. She will sit the German state exam in early 2022. Alongside her studies, she is working as student research assistant at the Institute for International and Foreign Private Law in Cologne. Since September 2020, she joined the Asser Institute as a research intern for the Doing Business Right project.

In Part II of this blog series, I intend to outline the different proposals for a Lieferkettengesetz. First, the Initiative Lieferkettengesetz’s model law, secondly the proposal submitted by the Ministry for Labour and Social Affairs and the Ministry for Economic Cooperation and Development, and lastly, I will present the amendments pushed by the business sector and the Ministry for Economic Affairs and Energy.

Initiative Lieferkettengesetz model law

The Initiative Lieferkettengesetz, a consortium of over 110 NGOs, presented their model law in early 2020. It draws inspiration from the ECCJ’s position paper “Key Features of Mandatory Human Rights Due Diligence.”

The scope of application of the model law covers companies with over 250 employees. However, if a business operates in a high-risk sector, it would have to implement human rights due diligence into its global supply chain even if it employs fewer than 250 people. Examples of high-risk sectors include the manufacturing of arms, the chemical and automotive industry, financial services and many others. Initiative Lieferkettengesetz also advocates for certification and auditing services to be included in the list of sectors that pose great risk for human rights and the environment; this is because this sector lacks adequate regulation, is prone to corruption and errors – with often devastating consequences.

The Initiative Lieferkettengesetz demands that not only companies that have their seat in Germany be covered by Supply Chain Regulation. Instead, all companies that show a ‘genuine link’ to Germany should be included in the scope of application. They argue for the clause to be drafted similarly to sec 54(12) Modern Slavery Act 2015, adding the following clarification: The company must either have an administrative seat, permanent establishments (i.e. branches, factories, storage facilities etc.), permanent representatives on German territory or provide German companies with some form of service at least twice a year. Foreign companies, the shares of which are sold on the German stock market, should also be covered by the model law. Initiative Lieferkettengesetz explicitly excludes mere investments in Germany.

In outlining the due diligence requirement, Initiative Lieferkettengesetz builds on the individual aspects set out in the UNGPs: (1) policy statement; (2) risk analysis; (3) countermeasures; (4) reporting; (5) grievance mechanism.

The risk analysis should be carried out once a year at the minimum. Ideally, it ought to be carried out before every strategic decision. It encompasses factual and potential risks to human rights and the environment. Risks need to be assessed according to how likely they are to occur, the extent of potential damage caused, the importance of the legal interest that needs to be protected, and the scope for restitution. On the basis of this risk analysis, businesses should implement countermeasures to prevent or mitigate any harm to human rights and the environment caused by their business activity.

The scope of the duty covers human and labor rights as well as environmental standards. The model law explicitly refers to the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, nine ILO Conventions, and four UN Conventions. Where company’s business activity is linked to production of arms or surveillance technologies, the scope of duty should also cover the Geneva Conventions with their additional protocols. The necessary standard of care to be adopted in the due diligence analysis hinges upon the term ‘appropriateness’. The ‘appropriateness’ of a measure depends on size, business activity, nexus between business activity and risk, and the severity of the threat to human rights and the environment. There is not one ready-made solution for every risk occurring in supply chains; that is why the model law provides some flexibility to companies in order to determine the most efficient measure that needs to be implemented. Initiative Lieferkettengesetz emphasizes that it is not enough to take part in multi-stakeholder sectorial initiatives or outsource their obligation to auditing or certification services in order to discharge the duty to implement countermeasures. Moreover, companies should internally document their risk analysis and countermeasures and should also regularly submit reports to the Government.

Initiative Lieferkettengesetz proposes an array of sanctions in case of breach of duty: fines, exclusion from public procurement and foreign trade promotion, and crucially, civil liability.

Civil liability in German law is based on § 823(1) of the Civil Code (BGB), which protects narrowly interpreted legal interests –bodily integrity, health, liberty, property and ‘others’, i.e. privacy.  The Initiative Lieferkettengesetz proposes to add a clause in the model law which states that human and labor rights, found in the treaties ratified by Germany, ought to be integrated to the legal interests protected by § 823(1) BGB. Where necessary, they should fall under ‘other’.

German scholars often criticize that human rights do not have any legal ‘contours’; that they are too vague to justify civil liability. The Initiative Lieferkettengesetz counterargues by comparing them to other ‘vague’ legal interests such as privacy. In order to determine if someone’s right to privacy was breached, courts engage in an analysis of proportionality: the finding that a breach of privacy occurred depends on how likely, severe, foreseeable and avoidable any harm caused was.

Considering how difficult it is for the claimant to gather evidence in the case of human rights atrocities occurring in global supply chains, Initiative Lieferkettengesetz suggests that the claimant should benefit from a reversed burden of proof: It ought to be upon the company to prove that the harm to human rights or the environment was neither foreseeable nor avoidable by implementing appropriate measures.

Crucially, the supply chain law should be characterized as overriding mandatory provision in line with Article 16 Rome II. As a result, even if rules of private international led to the application of foreign tort law, the provisions of the Lieferkettengesetz would still be given effect to.

Government’s position paper (Eckpunkte)

During their party conferences in November and December 2019, both the CDU (Christian Democratic Union) and the SPD (Social Democratic Party) came out in support for the Lieferkettengesetz. Ministers Hubertus Heil (Minister of Labour and Social Affairs, SPD) and Gerd Müller (Minister for Economic Cooperation and Development, CSU [Christian Social Union, the CDU’s Bavarian affiliate]) took it upon them to draft the government’s position paper (Eckpunkteplan) which would eventually serve as basis for any further draft.

They intended to present their paper to the public on 10 March 2020 and had already scheduled a press conference. After pressure from the Chancellery (Ministry that supports Chancellor Merkel in the execution of her duties), which in turn appeared to have been pressured by the business sector, they cancelled the press conference.

Their internal position paper, however, leaked in February 2019, causing outrage among German business representatives. It was portrayed as ‘harmful’ and based on ‘arbitrary monitoring’. The president of the Federal Employers’ Association (Bundesvereinigung der Deutschen Arbeitgeber) even exclaimed that with such a law, he would already have ‘one foot in prison’.

In June 2020, the two Ministries published a new version of the position paper. If one compares the position paper to the model law presented by Initiative Lieferkettengesetz, it becomes clear that Heil and Müller opted for a watered-down version of the law. The scope of application is limited to companies with over 500 employees. It does not account for smaller businesses, which operate in particularly high-risk industries. The Lieferkettengesetz will only be applicable to companies that either have their seat in Germany or which can show a ‘strong link’ to Germany. The position paper further clarifies that the requirement of a ‘strong link’ is fulfilled if businesses make strategic decisions in Germany; mere business activity does not suffice.

Due diligence comprises four aspects: (1) risk analysis; (2) effective countermeasures; (3) grievance mechanism; (4) reporting. Just like with the model law, companies will have to analyze how their business activity affects human rights internationally. However, the Eckpunkteplan does not refer to human rights treaties. Instead, it points to human rights risks: forced labor, child labor, discrimination, freedom of association, workers’ rights, violation of property rights. Protection is limited to the particular legal interests enshrined in § 823(1) BGB (bodily integrity, health, liberty, property and privacy). Crucially, environmental damage and corruption are in themselves not part of the risk analysis; they merely constitute factors to consider. Furthermore, the companies’ human rights due diligence does not include any obligation to engage with relevant stakeholders. 

Claimants do not benefit of a reversed burden of proof. Commentators further criticize that the position paper includes a possibility for companies to limit their liability to cases of gross negligence or intent by participating in state-accredited sectoral initiatives. This is considered regrettable because sectoral initiatives such as the ‘Green Button’ have proven to be of limited impact. Such a provision opens a way for businesses to relatively easily escape liability altogether. Lastly, the position paper provides for the law to come into force three years after it had been passed. 

The position paper should have been presented to the Cabinet in March 2020, but the Cabinet’s meeting was postponed due to Covid. Peter Altmaier, Minister of Economic Affairs and Energy (CDU), does not seem to be in a rush to discuss the Eckpunkteplan. He blocked another meeting in August. This is particularly problematic because proper procedure demands that the position paper is discussed before drafting begins. If Cabinet does not discuss the position paper this autumn, there will be no possibility to adopt the Lieferkettengesetz before the general election in autumn of 2021.

Even if Altmaier cannot postpone its passing, he at least tries to ensure the law is further watered down beyond recognition. Altmaier forcefully demands that the scope of application is limited to companies with over 5,000 employees – of which only 250 exist in Germany. While one can argue that the number of employees is open to compromise, there are aspect of the law that are non-negotiable. Altmaier strongly opposes any imposition of civil liability and exclusion from public procurement. NGOs fear that by giving in to these demands, the Lieferkettengesetz will become toothless.

The current political situation shows how much power the Ministry of Economic Affairs and Energy holds. Altmaier comes close to having a veto right – even though officially, all ministries carry equal weight in the negotiations. This is particularly dangerous because, as official documents show, the Ministry of Economic Affairs and Energy has close personal ties to industry representatives and business lobby groups.

Nevertheless, there are reasons to remain hopeful. Looking at the political and societal context prevailing in France before the loi de vigilance was passed, one can draw many parallels to the situation in Germany: Even though Altmaier seems to believe that global markets can self-regulate and that voluntary commitments are enough, many other Ministries and, crucially, Chancellor Merkel, do not. Furthermore, there is a strong NGO alliance mobilizing the German public in favor of binding legislation – and it is currently supported by 76% of the public. Public campaigns, protests and conferences put pressure on politicians. Thanks to the French campaigners in the early 2010s, it is now clear that binding legislation is achievable. Despite the lack of cooperation from the Ministry of Economic Affairs and Energy, a Lieferkettengesetz is as close as it has ever been.

Conclusion

There are reasons to believe that the Lieferkettengesetz is not only feasible, but also in sight. While NGOs provided a very ambitious and thorough model law, the government’s position paper would also constitute a step into the right direction – at least if Altmaier and the Ministry of Economic Affairs and Energy fail in bending the text further towards businesses’ needs.

In order for the Lieferkettengesetz to be passed this term, Cabinet will need to discuss the position paper this autumn. Timing is of particular importance: While Chancellor Merkel has come out in support of binding legislation, it is unclear whether her successor will do so, too.

The German debate has also important repercussions at the European level, as Germany is currently occupying the Presidency of the Council of the EU. In this context, the German government has publicly committed to pushing for substantive, cross-sectoral and mandatory human rights due diligence regulation. If the German public keeps the pressure on and the political stars align, 2020 could even be remembered as the birth year of a new brand of corporate responsibility made in Germany.

Editor's note: Morshed Mannan is a Meijers PhD candidate at the Company Law department of Leiden Law School. He received his LL.M. Advanced Studies in International Civil and Commercial Law (cum laude) from Leiden University and has previously worked as a lawyer and lecturer in Dhaka, Bangladesh. Raam Dutia is currently an intern with the Doing Business Right team at the Asser Institute. He recently received his LL.M. Advanced Studies in Public International Law (cum laude) from Leiden University and has worked at an international law firm in London on a range of debt capital markets transactions.

For many, Uber epitomises the "move fast and break things" ethos of successful Silicon Valley start-ups. The company enters new markets before regulators are ready, capitalising on regulatory bottlenecks and uncertainties in numerous jurisdictions – only to enlist its enthusiastic customer base and other means to challenge regulators when they catch up. The backlash against this mode of operation has been severe, and boycotts and a litany of lawsuits appear to have dented Uber's image and plunged the company into crisis.[1] Elisa Chiaro’s recent blogpost discussed the implications of platform economy enterprises, such as Uber, on the rights and protections of workers. In this, the first of a series of blogposts, we will take a broader view by exploring whether the company’s concerted efforts to conduct operations in a way that avoids or attempts to undermine local, state and national regulations shapes the law across the markets in which it operates. This will be done by appraising the growing literature on the effect of its regulatory arbitrage[2] and evaluating whether the company’s use of algorithms, in conjunction with standardized service agreements, rider agreements and other contracts to govern the relationships between various stakeholders, establishes it as a source of transnational lawmaking within a large network of well-defined stakeholders: drivers, riders and civil society. Uber’s business practices and litigation in the UK will be used as a case study that is illustrative of broader trends. By doing so, we hope to contribute a deeper understanding of the patterns that have emerged through Uber’s local activities in several jurisdictions. In later entries, we will examine the response to these attempts at regulatory arbitrage and private ordering as well as the repercussions this has on the contemporary regulation of the platform economy.

Exploiting regulatory uncertainties

The idea of Uber was born out of solving a need. The apocryphal story of Uber’s founders waiting in the snow for a Parisian taxi that never arrived can be interpreted in at least two ways. First, as a commentary on the tired state of local transport, a system that is perceived to be slow, infrequent, expensive and inconvenient. Second, as an indictment of the regulatory framework that distorted the supply and demand of transportation services by, for instance, restricting the number of taxi medallions available in a metropolitan area at a certain time. Instead of suggesting that these inefficiencies be ameliorated by revisiting local or national legislation, the founders of Uber created a technological means to bypass regulation altogether. From the time it was known as UberCab in San Francisco to the early years of its global expansion, the company’s modus operandi has been “ride first, ask questions later”. It would roll out its services in a new market, voraciously recruit drivers and match them to passengers at scale irrespective of local licensing requirements. By the time regulators catch up, requiring Uber to obtain a private hire vehicle (PHV) operator license or banning it outright, it would have attracted a loyal base of riders and drivers with which such a measure would be deeply unpopular. While instituting measures such as aggressive litigation[3] or lobbying national or regional authorities to pre-empt municipal regulation categorising Uber as a taxi service,[4] the company leverages its popularity in order to challenge cease-and-desist orders, unfavourable ordinances and license cancellations.[5] Whether Uber's actions are undesirable remains the subject of heated debate,[6] yet the company has ultimately been able to exploit the uncertainty over its position to its advantage, helping it (at least partially) reach a valuation of around USD 48 billion in late 2017 and establishing a presence in 633 cities in over 80 countries and territories. In London alone, there are over 30,000 drivers and 2 million registered riders. As one academic persuasively argues, Uber is the archetype of the ‘postindustrial’ corporation. In lieu of productive enterprise, the company maximizes shareholder value through regulatory arbitrage and evasion, along with (ideational) asset manipulation and speculative activity.[7] 

This is manifested in Uber’s bold claims to be a mere licensor of software.[8] This pretension, based on the rupture between the legal structure and economic reality of the business, has been the central cause of myriad legal dilemmas for its drivers and riders. As a purported consumer of Uber’s software, drivers are presented as independent contractors, with attendant consequences on their capacity to access worker rights, their insurance liability and their tax status. As elaborated in Chiaro’s blogpost, the misclassification of the employment status of drivers is the most litigated cause of action involving Uber. A common theme in these lawsuits is that the extent of control and supervision exercised by Uber effectively subrogates drivers as either employees or ‘limb (b)’ workers, in countries such as the UK that recognise a third employment category. This is done while denying drivers basic rights to a minimum wage and working time protections. This additionally causes uncertainty about the right of drivers to unionise or whether they are potentially engaged in an illegal price-fixing conspiracy via the Uber app.  Vanessa Katz highlights how the blurring of the distinction between commercial and personal activity in the US has had implications for insurance liability, as drivers are unable to rely on personal insurance policies while driving with the app on. Uber has historically been reticent to provide commercial insurance during the entire period of the app's usage by the driver, even contesting attempts to introduce statutory insurance requirements in California.^[9] In the UK, Uber drivers are required to cover their own private hire insurance. Similarly, the erosion of the distinction between personal and commercial activity through the categorisation of Uber drivers as ‘microbusinesses’ has raised tax issues given the ambiguity regarding when business deductions would be available and the difficulties in ensuring compliance and enforcement.[10] The burden of income tax filing is shifted entirely onto the driver, instead of being deducted at source by Uber.

While some of these issues are endemic in sectors where (bogus) self-employment is rife, others are particular to the operation of Uber’s app and impact both drivers and riders. For instance, one field investigation reveals that the company’s rider-sourced rating system to evaluate, monitor and sanction drivers is vulnerable to consumer bias and creates potential for employment discrimination. Conversely, another empirical study of 1,500 rides hailed on controlled routes in Seattle and Boston found a pattern of discrimination against ethnic minority riders, with African Americans facing longer waiting times and driver cancellations. Their private method of training, monitoring and evaluation has had a poor track record in ensuring rider safety, with the rape of a female passenger in India in 2014 gaining notoriety. As drivers are paid per ride and can be suspended from the app for turning down too many ride requests,[11] they are financially incentivized to accept difficult or intoxicated passengers, thereby exposing themselves to assault. Serious concerns have also been raised about how the company handles the data of its consumers, with Uber entering into a consent order with the US Federal Trade Commission in August 2017 requiring remedial action, only then to be found in November 2017 to be concealing a hack of the data of 57 million users, including the names, email addresses, phone numbers and license plate numbers of over 600,000 drivers.

While there have been an unfortunate number of settlements in disputes involving Uber, when given the opportunity courts have not shied away from providing clarity as to the substantive nature of the company’s activities. In determining whether Uber is a digital ‘information society’ service or a transportation provider, the Court of Justice of the European was forthright in its recent preliminary ruling that Uber provides transport services instead of simply digital intermediation services between a non-professional driver and a passenger using the app (para. 37). As such, they do not benefit from the more limited regulation and protection from liability to which a digital intermediary would be subject under EU law. A result of this decision can already be seen in the UK, where actions against Uber and HMRC for the establishment of Uber's Value Added Tax are being pursued with renewed vigour. Courts have been especially scathing about the contractual contortions that “armies of lawyers” have attempted so as to misrepresent the true rights and obligations of concerned parties.

Thus far, we have canvassed how the operation of Uber’s app has helped it circumvent the reach of local and national regulations, while creating an ecosystem that steers the behaviour of certain actors across the numerous locations in which it operates its platform. The following section will take a deeper look at the contractual architecture created by the aforementioned army of lawyers and the ‘choice architecture’[12] presented by its app to argue that it collectively acts as a transnational form of lawmaking, applicable to its network of drivers, riders and civil society (primarily the media, unions and other non-governmental organisations representing drivers).     

Shaping the operation of law and regulation through Uber's own contractual "rules" and algorithms

To appreciate the transnational dimension of Uber’s contractual and algorithmic management, it is necessary to have a clearer understanding of Uber’s corporate structure. This structure is somewhat opaque since Uber’s global business is carried out through a network of private entities and as such do not have public disclosure obligations as extensive as companies with publicly-traded shares. The following brief description draws from the company disclosure documents that are currently available and an informative report by Fortune in 2015 on Uber’s tax structure.

Uber Technologies Inc., the parent company, is registered as a Delaware Corporation and has its headquarters in San Francisco. However, its non-US operations are carried out from the Netherlands, where it has incorporated 10 subsidiaries. The top subsidiary is Uber International C.V., a limited partnership that is registered in Amsterdam but headquartered in Bermuda, which pays the parent royalties based on net global revenues, in exchange for the right to use the intellectual property developed by the parent. Uber International C.V. has another IP agreement with Uber B.V, one of the other Dutch subsidiaries, that permits the latter to use the application in exchange for royalties that amount to 99% of net revenue. This technology is then deployed by Uber B.V. worldwide. Uber B.V. in turn receives each payment made by riders to drivers through the application, deducts a certain percentage for its own income and via Rasier Operations B.V., another Dutch limited liability company, processes the payment made to drivers. While Uber has subsidiaries in the countries it operates, usually in the form of a private limited company, this is generally for recruiting drivers as well as marketing and support services, such as lobbying for favourable regulation and protecting brand image. In addition, Uber has a regional office in Singapore and has opened an engineering centre in Bengaluru, India. It would seem, then, that Uber's business strategy is transnationally directed and overseen from its two global hubs in California and the Netherlands.

Transnational lawmaking through contract: the UK as case study

These entities enter into a web of contracts with drivers and riders across the globe. Uber's use of contract in respect of its UK operations provides a representative illustration of this. Transactions are conducted by way of a triangular contractual relationship, with a Services Agreement entered into between Uber B.V. (UBV) and the driver, on the one hand, and a Rider Agreement between a separate Uber entity holding an operator's license, Uber London Ltd. (ULL), and the passenger, on the other. The language in the Rider Agreement makes clear that ULL provides booking services as an "agent" (Part 1, clause 1) to the driver/transportation provider (not party to the agreement) and acts also as a payment collection agent to the driver as a principal (Part 2, clause 4). The Services Agreement appears consistent with this wording. UBV's role, again, is that of "payment collection agent" as well as providing support and "on-demand intermediary and related services" to the driver (clause 1.17). Moreover, the Services Agreement refers to the driver as an "independent company in the business of providing Transportation Services" and an "independent contractor" (clause 13.1). The Services Agreement also purports to create a "legal and direct business relationship" between the driver and passenger (clause 2.3), notwithstanding the lack of any clear contractual relationship between the passenger and driver. The Services Agreement also states that "Uber [UBV] and… [ULL] do not, and shall not be deemed to, direct or control" drivers or their performance under the agreement (clause 2.4). As we have seen, as a consequence of this characterisation of the parties’ triangular relationship, protections under employment law were elided and obligations under licensing, insurance, competition and tax were added for drivers. In turn, this claim to act as a technological agent eased the regulatory burden on Uber, particularly in relation to Value Added Tax.

While there were extant laws to address such situations in the UK, they were not enforced. Between its launch (July 2012) till the act of state enforcement (i.e the decision of the UK Employment Tribunal in Aslam, Farrar and Others in October 2016), the company carved out a space in which contract created certainty as to the rights and responsibilities of Uber, its drivers and riders.

Supporting the contractual architecture through algorithmic management

The control and direction that Uber exerts through this triangular contractual arrangement has been buttressed by the workings of its app, largely replicated across its global network. The uniformity of its appearance and seamlessness of its functioning is integral to the app’s appeal. The user interface is practically identical, whether used in India or the UK.  Once a user downloads the passenger app and creates a profile, they are able to request a ride through one of Uber's service options. When a nearby driver confirms their availability for the trip on the driver app - being induced to do so at risk of being automatically logged off the app or suspended for rejecting too many trips - it confirms the ride and provides the driver's first name and license plate number to the rider. Once the rider has been picked up, drivers are prompted to take the route suggested by Uber, having to justify any deviations in case of undue delay. Once the ride is over, Uber charges the fare, the base rate being set by Uber's algorithms and from which a driver may only negotiate downwards, to the rider's credit or debit card and remits the amount to the driver less Uber's service fee. Crucially, Uber operates and monitors a feedback mechanism, whereby the rider and driver rate each other on a scale of 1 to 5. Drivers unable to improve poor scores are called in for quality checks and risk having their accounts deactivated. The supply and demand of trips are also manipulated by Uber’s surge pricing algorithm, with heat maps indicating that fares for certain undersupplied areas are temporarily increasing to entice drivers.[13] Through this system, Uber is able to nudge, control and algorithmically manage its drivers, incentivise good behaviour and engender trust between strangers.[14] While drivers can ostensibly log-off the app at any time, the combination of high initial investment (e.g. acquiring PHV license and insurance; acquiring a model of car that Uber prefers) and financial reliance on the company acts as a strong deterrent.

This cumulative set of practices is known as algorithmic management. It allows a handful of managers to direct and supervise thousands of drivers. What makes it so effective is the large volumes of data that it gathers on travel times, weather, driver and rider movement, their characteristics and their preferences. The data, gathered every 4 seconds, is stored on the drivers’ phones and in data centres across six continents. The company has two data controllers, Uber Technologies, Inc. for US residents and Uber B.V. for non-US residents, who determine the purposes for which data is processed. This data is used to help Uber’s algorithms learn where drivers and riders are, forecast where they are expected to be and improve routing from point A to B. While this is used to enhance the service provided by individual drivers at a local level, this data is also utilised at the global level to, for instance, visualise demand patterns across cities and thereby further improve the Uber app.  As we can see, the big data generated through the operation of its algorithms aids Uber in both its local and global strategies.

Moreover, Uber appears to have shaped the operation and enforcement of the law in an altogether more blunt way through a worldwide programme to deceive authorities in markets where its services are being resisted or have been altogether banned. Following a NY Times investigation, it was revealed that through a process known as "Greyballing", blacklisted enforcement officials have been identified and prevented from hailing rides by showing a bogus map of an area and seemingly cancelling (non-existent) rides before they arrive. This has hampered the ability of local governments to enforce their own regulations.

We contend that this web of contracts, in conjunction with algorithmic management has rule-making effects, with Uber proffering its own interpretation of local and national regulations, which it then applies and even enforces itself. In so doing, we argue that the company has come to define the behavioural framework in which Uber, its numerous drivers, riders and civil society interact. Paraphrasing Backer (2008), who has argued that multinational enterprises such as Walmart and Gap are sources (and objects) of transnational regulation, this framework can be seen as a “freestanding… self-communicating [regulatory] system” (p. 517) that interacts (and develops in concert) with traditional public law. In his research, Backer identifies how a network is built between actors (e.g. a company, contractors, NGOs, media, consumers) through repeated interactions, instigated by a company at the nexus of this global system. The company issues a set of standards that it embeds in its supplier contracts, compliance of which is ensured through private monitoring and sanctions, including remedial action. These contracts function everyday, governing innumerable transactions over dozens of countries, with the standards acting as de facto labour codes. If there is an egregious violation of this private regulation or substantive law, for instance through the usage of child labour, organisations that form civil society, such as the media, trade unions and human rights NGOs act to reveal and challenge these failures. Consumers – and increasingly banks and institutional investors – are thus invited to reconsider their relationship with the company, exercising significant financial pressure. While acknowledging the ontological claim that the nature of law involves both the state and private arrangements,[15] the states across which these multinational enterprises operate are present but often take a backseat to transnational private regulation, either due to the economic costs of enforcement or the difficulties in enforcing national law across borders. Whether Uber operates a parallel regulatory system to quite the same degree is yet to be determined, but the company can be regarded as overlaying or interacting with traditional legal frameworks with its own claims as to what the law is or should be, in effect transforming its application.

Throughout this blogpost, we have demonstrated how Uber’s contractual and algorithmic practices in modifying behaviour indicate a similar – though more subtle – pattern of transnational private lawmaking, thereby producing “effects on social welfare similar to the effects resulting from rule-making and enforcement by governments”.^[16] We have shown how significant violations of this regime, for instance through a massive data breach, elicits a strong response from the media and privacy groups. These civil society groups, including unions and organisations that represent drivers, have been at the forefront of exposés regarding Uber’s activities. This has evoked a swifter reaction from Uber, in terms of addressing its data protection practices (e.g. removing its chief of security), than the coordinated activities of national data protection authorities. While Uber’s activities only affect a narrow segment of economic actors, they are tied together by economic and social interest.  Thus, Uber has, at least until the most recent spate of litigation and regulation, managed to define and set the rules for its own operations as a form of transnational regulation which is enmeshed in the local and the national. At the very least, Uber has blurred the relationship between itself and regulators transnationally by interpreting the scope of the existing regulatory framework and, crucially, imposing its interpretation of these regulations over numerous actors, both public and private. It effectively defines, ex ante, how its activities are to be characterised under the law and how the relevant regulations are to apply to itself.

The next blog will take stock of recent legal developments, noting the extent to which Uber is an object of, and thus shaped by, regulations across the globe. It will examine the extent to which legal systems have been able to resist Uber's attempts to circumvent its operation and new avenues of engagement between the controversial platform and regulators.

[1] Not to mention corporate governance concerns raised in 2017, as evidenced by the exposure of sexual harassment suffered by its employees, allegations of having stolen trade secrets and bribed foreign officials and the rapid departure of its co-founder and CEO Travis Kalanick in mid-2017.

[2] Defined by Frank Partnoy as “those [financial] transactions designed specifically to reduce costs or capture profit opportunities created by differential regulation or laws.” Frank Partnoy, “Financial Derivatives and the Costs of Regulatory Arbitrage”, 22 The Journal of Corporation Law 211, 227 (1997).

[3] See Kenneth A Bamberger and Orly Lobel, “Platform Market Power” (2017) 32 Berkeley Tech LJ, 3.

[4] Nestor M Davidson and John J Infranca, “The Place of the Sharing Economy” in Nestor M Davidson, Michele Finck and John J Infranca (eds), Cambridge Handbook on the Law of the Sharing Economy (2018) (forthcoming).

[5] See, for instance, this Change.org petition to reverse Transport for London's decision to reject Uber's application for a new London license, which had over 850,000 signatures from the public, and rising, at the time of writing. For more information about Uber’s e-petitions and its solicitation of support on social media, see Sofia Ranchordás, “Digital Agoras: Democratic Legitimacy, Online Participation and the Case of Uber-petitions” (2017) 5 The Theory and Practice of Legislation 31, 33-34.

[6] See e.g. Bamberger and Lobel (n 3), 5.

[7] Julia Tomassetti, “Does Uber Redefine the Firm?: The Postindustrial Corporation and Advanced Information Technology” (2016) 34 Hofstra Labor & Employment Law Journal 1, 3, 36-38.

[8] Transcript of Proceedings at 16, O’Connor v. Uber Techs., Inc., 82 F. Supp. 3d. 1133 (N.D. Cal 2015) (No. C 13-3826 EMC)

[9] Vanessa Katz, “Regulating the Sharing Economy“(2015) 30 Berkeley Tech LJ 1067, 1094.

[10] Shu-Yi Oei and Diane M. Ring, “Can Sharing be Taxed?” (2016) 93 Washington University Law Review 989, 994; Shu-Yi Oei and Diane M. Ring, “The Tax Lives of Uber Drivers: Evidence from Internet Discussion Forums” (2017) 8 Columbia Journal of Tax Law 56, 77.

[11] In a similar vein, note the recent automatic firing of workers by the Deliveroo app.

[12] This refers to the various ways in which choices can be presented to consumers and the effect this has on their decision-making. See Richard Thaler & Cass Sunstein, Nudge: Improving Decisions about Health, Wealth and Happiness, Yale University Press, 2008.  

[13] Alex Rosenblat and Luke Stark, “Algorithmic Labor and Information Asymmetries: A Case Study of Uber’s Drivers” (2016) 10 International Journal of Communication 3758, 3765-3767.

[14] It is notable that drivers are stopped from providing their contact details to passengers and passenger details are not passed on to drivers (EAT judgment in Aslam, Farrar and Others, para. 113) Uber was recently granted a patent that enables passengers to provide alternative routing options to drivers, without having to speaking them. See O’ Hare et al., Providing Alternative Routing Options to a Rider of a Transportation Management System, US Patent No. 9857188 B1.  

[15] Simon Deakin et al, “Legal Institutionalism: Capitalism and the Constitutive Role of Law” (2017) 45 Journal of Comparative Economics 188, 188.

[16] Dan Danielsen, “How Corporations Govern: Taking Corporate Power Seriously in Transnational Regulation and Governance” (2005) 46 Harvard Journal of International Law 411, 412.

Editor’s note: Shamistha Selvaratnam is a LLM Candidate of the Advanced Masters of European and International Human Rights Law at Leiden University in the Netherlands and a contributor to the Doing Business Right project of the Asser Institute. Prior to commencing the LLM, she worked as a business and human rights solicitor in Australia where she specialised in promoting business respect for human rights through engagement with policy, law and practice.

Human right due diligence (HRDD) is a key concept of Pillar 2 of the UN Guiding Principles on Business and Human Rights (UNGPs), the corporate responsibility to respect human rights. Principle 15 of the UNGPs, one of the foundational principles of Pillar 2, states that in order to meet the responsibility to respect human rights, businesses should have in place a HRDD process to ‘identify, prevent, mitigate and account for how they address their impacts on human rights’. However, how was the concept of HRDD developed? What does it mean? What are its key elements?

This first blog of a series of articles dedicated to HRDD answers these questions by providing an overview of the concept of HRDD and its main elements (as set out in the UNGPs) as well as how the concept was developed. It will be followed by a general article looking at HRDD through the lens of a variety of actors including international organisations, non-state actors and consultancy organisations. Case studies will then be undertaken to look at how HRDD has materialised in practice. To wrap up the series, a final piece will reflect on the effectiveness of the turn to HRDD to strengthen respect of human rights by businesses.

History of the Concept of HRDD

The concept of due diligence was around well before John Ruggie assumed the mandate of Special Representative on the issue of human rights and transnational corporations and other business enterprises back in 2005. Indeed the concept was initially a creature of American securities law under the auspices of ‘reasonable investigation’. The Securities Act 1933 imposes strict civil liability on certain people for untrue statements and omissions of material fact in a securities registration statement.[1] However, an exception is carved out where ‘reasonable investigations’ have been undertaken.[2] The relevant standard of reasonableness to be applied in this situation is that of a ‘prudent man in the management of his own property’.[3]

Following this, the concept of due diligence emerged in other corporate contexts, particularly with respect to financial transactions such as mergers and acquisitions.[4] While the due diligence carried out on such transactions in the 1980s was quite limited, the process has gradually become much more extensive. Over time, the concept has been transplanted into the international human rights law framework – a positive duty has been imposed on states to conduct due diligence to prevent human rights violations by non-state actors, including businesses.[5] Thus, in the international human rights law arena due diligence has been applied as a standard of conduct that states are required to meet in order to uphold human rights within their jurisdiction.

In the business and human rights sphere, the concept of due diligence was first introduced back in 2003 when the draft Norms on the Responsibilities of Transnational Corporations and Other Business Enterprises with Regard to Human Rights (draft Norms) were introduced. Article 1 of the draft Norms placed a primary responsibility on states to ensure that businesses respect human rights. It also placed a separate obligation on businesses ‘to promote, secure the fulfillment of, respect, ensure respect of and protect human rights recognized in international as well as national law’ within their sphere of influence. The commentary to article 1 notes that businesses have the responsibility to use ‘due diligence in ensuring that their activities do not contribute directly or indirectly to human rights abuses, and that they do not directly or indirectly benefit from abuses of which they were aware or ought to have been aware’. No further explanation was provided on the due diligence to be conducted and the draft Norms were not approved by the Human Rights Council in 2004.

The concept of due diligence was brought back into the business and human rights arena when Ruggie was appointed as Special Representative. Following the failure of the draft Norms, Ruggie introduced the concept of HRDD back into the international arena in 2008 and developed it over a period of about three years until the UNGPs were endorsed by the UN Human Rights Council. As he acknowledges, until then due diligence was considered a ‘business process’ used in ‘strictly transactional terms’.[6] However, Ruggie sought to broaden the concept into ‘a comprehensive, proactive attempt to uncover human rights risks, actual and potential, over the entire life cycle of a project or business activity, with the aim of avoiding and mitigating those risks.’[7] He did this by drawing on the key elements of due diligence and combining them with the distinctive elements of human rights. This is what is now referred to and articulated as the concept of HRDD in the UNGPs. Ruggie gave HRDD such a key role in Pillar 2 of the UNGPs because he recognised that companies cannot know or show that they are respecting human rights without conducting HRDD.[8] Indeed, he envisioned that HRDD would facilitate movement from ‘naming and shaming’ businesses by external stakeholders to ‘knowing and showing’ through internalising respect for human rights.[9]

Ruggie identified a number of benefits to business for undertaking HRDD, in particular he highlighted that it wouldn’t impose additional burdens on business.[10] He argued that HRDD assists business to ‘address their responsibilities to individuals and communities that they impact and their responsibilities to shareholders, thereby protecting both values and value’.[11] He further acknowledged that HRDD assists companies to lower their risks, particularly with respect to legal non-compliance.[12] He also noted that conducting HRDD has the ability to protect Boards against claims brought by shareholders regarding mismanagement.[13]

In setting out the scope of HRDD, Ruggie stated that it is to be ‘determined by the context in which a company is operating, its activities, and the relationships associated with those activities’[14] by reference to three factors, namely: (a) the country and local context in which the relevant business activities take place; (b) what human rights impacts the business’ own activities may have within that context; and (c) whether the business’ own activities might contribute to abuse through the relationships connected to their activities.[15] Importantly, he noted that the scope of HRDD is not fixed or based on influence, rather it ‘depends on the potential and actual human rights impacts resulting from a company’s business activities and the relationships connected to those activities’.[16]

With respect to the substantive content of HRDD, John Ruggie stated that the minimum requirements are set out in the International Bill of Human Rights and the ILO core conventions, as well as additional standards relevant to the context of a particular business such as international humanitarian law.[17]

As to the HRDD process itself, Ruggie set out four minimum requirements. Businesses should:[18]

• Adopt a human rights policy.
• Conduct human rights impact assessments to ‘understand how existing and proposed activities may affect human rights’.
• Integrate human rights policies through the business, which requires a top down approach in order to ‘embed respect for human rights throughout a company’ as well as training and the ‘capacity to respond appropriately when unforeseen situations arise’.
• Track their performance through monitoring and auditing processes with regular updates of human rights impact and performance.

Following these developments, the HRDD concept was finally articulated in the UNGPs, which were endorsed by the UN General Assembly in 2011.

Concept of HRDD as articulated in the UNGPs

Meaning of HRDD and its Scope

Despite being a key element of the UNGPs, HRDD is not defined in the UNGPs itself. Rather, as stated above, the UNGPs states that HRDD is a process – that is, a process that should ‘identify, prevent, mitigate and account for how [businesses] address their impacts on human rights’. However, in interpretative guidance provided by the Office of the High Commissioner of Human Rights, due diligence is defined as follows:[19]

 such a measure of prudence, activity, or assiduity, as is properly to be expected from, and ordinarily exercised by, a reasonable and prudent [person] under the particular circumstances; not measured by any absolute standard, but depending on the relative facts of the special case”. In the context of the Guiding Principles, human rights due diligence comprises an ongoing management process that a reasonable and prudent enterprise needs to undertake, in the light of its circumstances (including sector, operating context, size and similar factors) to meet its responsibility to respect human rights. (Emphasis added)

It is clear from the definition above that HRDD is separate to the due diligence processes generally carried out by a business (for example, corporate due diligence). It is also clear that HRDD should be undertaken by all businesses in order to respect human rights. However, the extent of the HRDD to be carried out is dependent on various factors. As stated in Principle 17, the scope of HRDD is dependent on the ‘size of the business enterprise, the risk of severe human rights impacts, and the nature and context of its operations’. Accordingly, the scope of HRDD processes should be tailored to a specific business’ needs and should evolve as a business’ operations and operating context develop – therefore, the process that is applied by one business cannot necessarily be applied by another business. For example, larger businesses are required to carry out more extensive HRDD than smaller businesses.

Elements of HRDD

The four key interrelated elements of HRDD are set out in Principles 18 to 21 of the UNGPs, namely, assessing actual or potential adverse human rights impacts, integrating findings across the business and taking appropriate action, tracking the effectiveness of their response and communicating with stakeholders. This process will be explained in further detail below.

In order to conduct HRDD, businesses should start by conducting regular human rights impact assessment in order to by identify and assess ‘any actual or potential adverse human rights impacts which they may be involved’ in both their activities as well as their business relationships. Such an assessment is a critical aspect of HRDD as it is necessary for a business to evaluate its human rights risks before it can consider the steps to take to address those risks. The assessments should involve:[20]

assessing the human rights context prior to a proposed business activity, where possible; identifying who may be affected; cataloguing the relevant human rights standards and issues; and projecting how the proposed activity and associated business relationships could have adverse human rights impacts on those identified.

The findings of such assessments should then be integrated across a business’ relevant internal functions and processes to prevent and mitigate risks identified. Further, action should be taken where the business has had actual impacts so as to remediate those affected. Complexities may arise with respect to this element of HRDD, with situations existing where a business may not contribute to an adverse human rights impact, but nevertheless because of the business’ relationship with a third party the impact is directly linked to the business’ operations, products or services. Situations may also exist where a business has little or no leverage to address an impact. In such situations, businesses should seek independent expert advice.[21]

Businesses should then track the effectiveness of their response to adverse human rights impacts. Tracking allows a business to ensure that it is appropriately and adequately addressing the human rights impacts of its operations and to adapt its response if required. It should be ‘based on appropriate qualitative and quantitative indicators’ and ‘draw on feedback from both internal and external sources’.

The approach taken by businesses to address their human rights impacts should be communicated externally, including to those affected. Where severe human rights impacts exist within a business, how the business responds to impacts should be reported in a formal manner. In order to ensure that useful information is provided to external stakeholders, all communications should be accessible to its intended audience and provide sufficient information to ensure that business’ can evaluate the adequacy of their response to a particular human rights impact involved. Such communication ensures accountability and transparency on the part of the business.

The image below developed by Shift illustrates the cyclical nature of the HRDD process and shows that it is an ongoing process that must be undertaken in regular intervals in order to truly assist businesses to identify, prevent, mitigate and account for how they address their impacts on human rights.

Conclusion

As discussed above, HRDD lies at the heart of the corporate responsibility to respect human rights in the UNGPs. While the UNGPs were released in 2011, the concept of due diligence was around almost two decades before that – however, it was applied purely in the context of commercial transactions. The draft Norms imported the idea of due diligence into the business and human rights sphere. After the draft Norms failed, Ruggie revived the concept when he was appointed as Special Representative. He saw HRDD as key to businesses being able to know and show that they respect human rights to their stakeholders. Ruggie developed the concept from 2005 onwards, emphasising its benefits for businesses. Leading to the final articulation of HRDD as a central mechanism of the UNGPs in 2011.

From the discussion in this blog post, it is clear that the UNGPs as well as Ruggie’s reports and statements in the lead up to their inception do not (and probably could not) explicitly address how HRDD is to be applied and operationalised by businesses in practice. This will be explored in greater detail in the upcoming blog posts in this series.

[1] Securities Act 1933, section 11(a).

[2] Ibid, section 11(b).

[3] Ibid, section 11(c).

[4] See Michael Harvey and Robert Lusch, Expanding the Nature and Scope of Due Diligence, 10(1) Journal of Business Venturing 5 (1995); Michael Harvey and Robert Lusch, Beyond Traditional Due Diligence for Mergers and Acquisitions in the 21st Century, 19(3) Review of Business 17 (1998); Olga Martin-Ortega, Human Rights Due Diligence for Corporations: From Voluntary Standards to Hard Law at Last, 32 Neth. Q. Hum. Rts. 44 (2014), p 49.

[5] See for example Velasquez Rodriguez v. Honduras (1989) 28 ILM 294, [172] and the Council of Europe’s Convention on preventing and combating violence against women and domestic violence (2010), article 5(2).

[6] John Ruggie and John Sherman, The Concept of ‘Due Diligence’ in the UN Guiding Principles on Business and Human Rights: A Reply to Jonathan Bonnitcha and Robert McCorquodale, 28(3) The European Journal of International Law 921 (2017), p 924; Report of the Special Representative of the Secretary-General on the issue of human rights and transnational corporations and other business enterprises, John Ruggie: Business and human rights: towards operationalizing of the “protect, respect and remedy” framework (22 April 2009), UN Doc. A/HRC/11/13 (2009 Report), [25].

[7] 2009 Report, [25].

[8] John Ruggie and John Sherman, The Concept of ‘Due Diligence’ in the UN Guiding Principles on Business and Human Rights: A Reply to Jonathan Bonnitcha and Robert McCorquodale, 28(3) The European Journal of International Law 921 (2017), p 924.

[9] Keynote Address by SRSG John Ruggie “Engaging Business: Addressing Respect for Human Rights” (2010).

[10] Ibid.

[11] Report of the Special Representative of the Secretary-General on the issue of human rights and transnational corporations and other business enterprises, John Ruggie: Business and human rights: further steps toward the operationalization of the “protect, respect and remedy” framework (9 April 2010), UN Doc. A/HRC/14/27 (2010 Report), [79].

[12] Keynote Address by SRSG John Ruggie “Engaging Business: Addressing Respect for Human Rights” (2010).

[13] 2010 Report, [86].

[14] Ibid, [25].

[15] Ibid, [57]; 2009 Report, [50].

[16] Report of the Special Representative of the Secretary-General on the issue of human rights and transnational corporations and other business enterprises, John Ruggie: Protect, Respect and Remedy: a Framework for Business and Human Rights (7 April 2008), UN Doc. A/HRC/8/5, [72].

[17] Ibid, [58]; 2009 Report, [53]-[54].

[18] Ibid, [60]-[63].

[19] UN Human Rights Office of the High Commissioner, The Corporate Responsibility to Protect Human Rights: An Interpretative Guide, UN Doc. HR/PUB/12/02, p 6.

[20] UNGPs, p 19.

[21] UNGPs, pp 21-22.