Over the last 16 years, GNI has facilitated a unique, evolving, multistakeholder approach to transparency and accountability for technology companies. After substantial internal review and discussions, GNI’s Board approved a number of significant changes that will be introduced into the fifth cycle of independent assessments, which commenced on 1 July 2024. This post is the first of several that explain these changes and how they will make the GNI assessment process even more relevant and impactful today and in the future.
GNI’s assessment process is designed to allow GNI’s Accountability Committee and Board to assess each member company’s good faith efforts to implement the GNI Principles on Freedom of Expression and Privacy and Implementation Guidelines, according to our public Assessment Toolkit (together, “GNI framework”), with improvements over time. Assessments are conducted by independent third-party assessors accredited and trained by GNI. In order to verify and document the ways in which GNI member companies are implementing this framework, assessors review a range of public and non-public information, conduct interviews with relevant staff, analyze case studies nominated by GNI non-company members, and synthesize relevant information into confidential reports shared with GNI. After the assessments are concluded, GNI summarizes and shares non-confidential information from the process, together with the determinations by the Board in its Public Assessment Reports, the latest of which was published in October 2023.
GNI assessments have evolved steadily since the first such assessments in 2013/14. The changes made to GNI’s Assessment Toolkit ahead of the fifth assessment cycle represent the most significant evolution to date. It recognizes the needs of our membership for a dynamic, adaptable, meaningful, and efficient process that addresses the evolution of GNI, its members, and the external environment. This article describes five key changes that have been made for the fifth assessment cycle. Subsequent articles will explore each of these changes in further detail.
1. Incorporating mandatory due diligence regulations
Last year, our Executive Director Jason Pielemeier noted how the emergence of mandatory risk assessment and due diligence audits and reporting creates potential synergies with the GNI assessment process. To achieve these synergies, we have developed a method for recognizing steps taken by member companies pursuant to mandatory regulations in the assessment process. We have provided detailed guidance to member companies and assessors on how to identify when specific GNI requirements may be deemed to have been met through compliance with equivalent requirements of mandatory due diligence regulations. (N.B. For safety and other reasons, this guidance is not part of the public Assessment Toolkit to ensure the safety of companies’ employees in restrictive jurisdictions.) For instance, in the context of the EU’s Digital Services Act (DSA), GNI assessors may be able to verify the human rights due diligence (HRDD) approach of a member that is designated as a Very Large Online Platform by reviewing the independent audit reports that the company is required to produce under Article 37. This cross-referencing creates efficiencies for GNI assessments without compromising on the quality of assurance provided
Conversely, we also recognize that information and findings from the GNI assessment may help companies satisfy regulatory obligations. For instance, the recently enacted EU Corporate Sustainability Due Diligence Directive (CSDDD) indicates that companies can use multistakeholder initiatives to support implementation generally and fulfill certain requirements, including developing and verifying “preventative action plans” and engaging in “meaningful stakeholder engagement.” GNI will continue to work to ensure that its assessments provide the rigor and support necessary to meet these requirements as they become clearer and begin taking force in 2027.
These synergies are due in part to the extensive advocacy that GNI has done to encourage convergence between the CSDDD’s and DSA’s approach to risk assessment and mitigation and longstanding guidance set out in the OECD Guidelines on Multinational Enterprises, the UN Guiding Principles on Business and Human Rights (UNGPs), and the GNI Framework. GNI continues to encourage such convergence in its discussions with the European Commission, as well as in our discussions with companies and civil society, such as the events held with the Digital Trust & Safety Partnership (DTSP) in 2023 and 2024. GNI is also engaging with other relevant regimes and regulatory bodies, including Australia’s eSafety Commissioner and the U.K.’s Ofcom, as well as broader discussions such as UNESCO’s Guidelines for the Governance of Digital Platforms.
2. Enhancing participation and improving the mechanics of assessment
For the first time, GNI assessment reviews will be conducted by the Accountability Committee, which will make a preliminary determination and provide recommendations for Board review. This will allow us to draw upon the increasingly diverse expertise and experience of GNI’s growing membership, which now numbers over 100 experts and organizations. In addition, going forward, assessments will be staggered across the full assessment cycle, allowing us to accommodate the growing number of companies going through the assessment and create a regular cadence for the work of producing and reviewing assessments. This will also help us align the timeline of GNI assessments with key regulatory timelines.
3. Sector-specific tailoring
GNI company members provide a variety of products and services that range across the technology stack. The impact of government requests, demands, laws, and regulations on freedom of expression and privacy can differ based on, among other factors, a company’s business model and its technical capability to view and influence content and data. In acknowledgment of this diversity, we have provided guidance that helps assessors understand and specifically investigate the range of government restrictions and demands that may be placed on each type of service. This allows for more tailored and nuanced assessment reports and reviews. This guidance is based on extensive consultations with our multi-stakeholder membership, allowing assessors to cover a comprehensive range of government requests and needs, improving both the efficiency and comprehensiveness of their assessment while allowing GNI’s Board and Accountability Committee to provide valuable and relevant feedback to our company members.
4. Addressing new trends in platform governance and information integrity
We have and will continue to guide assessors in identifying and recommending improvements to how company members respond to more nuanced and sophisticated forms of government restrictions and demands through the case study section of the assessment process. As the internet and user behaviors evolve over time, so does the way governments articulate restrictions and demands that may negatively impact users’ freedom of expression or privacy rights. While direct restrictions and demands to GNI company members (as witnessed during the inception of GNI in 2008) continue, governments have implemented supplementary measures that provide plausible deniability while creating the same negative impact on rights. Examples include but are not limited to broadly defined legislation around platform governance aimed at controlling “illegal” or “harmful” content (including the steady erosion of safe harbor provisions and mandatory automated content moderation), broad surveillance legislation (including mandatory age verification), and various modalities of state-sponsored actions to disrupt information integrity. By incorporating such examples of nuanced government restrictions and demands through the case study section of the assessment process, GNI ensures the continued implementation of the GNI Principles in an increasingly dynamic and challenging online environment while allowing GNI’s Board and Accountability Committee to provide contemporary and relevant feedback to our company members.
5. AI due diligence
We will also guide assessors in identifying and recommending improvements to how company members conduct due diligence on the use of AI-enabled features and services (including GenAI) through the case study component of the assessment process. The past few years have witnessed both rapid technological advancements and wide-scale commercial deployments of generative AI (GenAI). Last year, together with the UN B-tech project, GNI organized a workshop on “AI, Human Rights, and the Evolving Regulatory Environment.” In addition, GNI contributed to a series of foundational papers explaining how the UNGPs can facilitate effective understanding, mitigations, and governance of the risks of GenAI, which were launched at the UN genAI Summit. Building on this work and other internal discussions, we aim to evaluate our members’ approaches to the use of AI (including GenAI) within their operations, including through the case study section of the assessment process.