The Global Network Initiative (GNI) is the world’s preeminent multistakeholder collaboration in support of freedom of expression and privacy in the information and communication technology (ICT) ecosystem. Our membership includes many of the world’s leading ICT companies, as well as a wide range of expert academic, civil society, and investor actors. GNI has spent the last fifteen years systemically identifying lessons and generating consensus around good practice related to many of the key components of emerging regulatory approaches, including: effective stakeholder engagement; assessor training and accreditation; independent assessment of tech company policies and practices; meaningful transparency; and development of guidance around what effective human rights risk assessment and due diligence looks like in practice.
GNI welcomes and strongly supports the European Commission’s proposal to mandate human rights due diligence (HRDD) through the Corporate Sustainability Due Diligence Directive (“Directive”), as further elaborated by the European Council and most recently the European Parliament’s Committee on Legal Affairs (JURI). We encourage the European Parliament to adopt the JURI Committee report and for all three entities to work to pass the Directive this year.
Given our history of working to advance principles of responsible business conduct, as set forth in the OECD Guidelines on Multinational Enterprises (OECD Guidelines) and the United Nations Guiding Principles on Business and Human Rights (UNGPs), GNI is keen to share with relevant actors, including the EU Council, the Commission, and Parliament, its perspective on effective, proportionate, rights-respecting, and risk-based approaches to business and human rights, as well as the important role that multistakeholder initiatives can play in advancing those objectives.
To ensure the Directive builds on the decades of experience and lessons-learned regarding implementation of robust HRDD practices, GNI supports key improvements proposed by the European Parliament’s committee on legal affairs (the JURI Committee). As set out further below, and in line with the JURI position, GNI recommends that the Directive: (i) take a comprehensive approach to the scope of due diligence; (ii) adopt a risk-based approach across the full value chain, (iii) clarify key concepts such as meaningful stakeholder engagement, (iv) take a consistent and holistic approach to the scope of rights and sectors covered in line with international frameworks and existing expectations; and (v) help identify and incentivize participation in meaningful, credible multistakeholder initiatives.
A comprehensive and risk-based approach to due diligence
GNI advocates for a comprehensive approach to the scope of due diligence, which includes the downstream impacts on human rights, in line with both leading international approaches, and existing good practices. Given the significant downstream risks that the ICT sector faces, as well as the unique interrelationships between the different layers of the “ICT Stack,” a comprehensive value chain approach that prioritizes the most salient impacts based on severity and likelihood is critical to understanding and addressing human rights risks. In our experience, companies have demonstrated that this is not only feasible, but essential in order to comprehensively address human rights risks. We welcome the progress in the recent JURI Committee position toward due diligence requirements that cover downstream impacts, and stress that it is essential to ensure downstream risks are explicitly covered in the Directive. This “holistic” approach to human rights due diligence will also ensure alignment with other EU laws, such as the Corporate Sustainability Reporting Directive (CSRD) which already applies to many of the companies that will be covered under the Directive and takes a comprehensive value-chain approach to due diligence in its reporting requirements.
Comprehensive approach to human rights
With regards to the Human Rights listed in the Annex of the Directive, GNI recommends requiring companies to consider all human rights found in the International Bill of Rights and then identify and concentrate their due diligence efforts on those activities that pose an evidently higher risk of an adverse impact in accordance with UNGP’s approach to salient risks. If, however, the Directive continues to single-out specific rights in this Annex, it should also include freedom of expression, which is a particularly salient right for many companies in the tech sector.
Stakeholder engagement is a critical part of HRDD. We acknowledge some promising elements on stakeholder engagement in the JURI report such as the inclusion of “affected stakeholders” in line with the UNGPs, which guide companies to identify all potentially and actually affected stakeholders, usually referred to as “rights-holders.” Our experience has also proven that global civil society, academic, and investor expertise, influence, and perspectives can help companies design and implement robust HRDD frameworks and thus address relevant risks. Multistakeholder oversight of those frameworks and their implementation helps identify good practices and areas for improvement, improve peer-learning across companies, and empower those responsible for HRDD within companies.
Additionally, we appreciate the JURI’s effort to address the quality or nature of “meaningful” stakeholder engagement. In line with OECD Guidance, GNI recommends specifically articulating the importance of broad and meaningful stakeholder engagement, acknowledging challenges such as engagement fatigue, power imbalances, and the lack of follow-up with stakeholders. The Directive should also specify that engagement should inform all stages of due diligence, allowing for gender and intersectionality perspectives.
The role of multistakeholder initiatives
In the absence of mandatory human rights obligations, some companies have taken voluntary steps to understand and address human rights risks, including participation in initiatives like GNI. Most of these voluntary efforts have focused on specific contexts or scenarios, allowing for deep learning and impact on narrow but salient risks. Meanwhile, the Directive mandates that companies take a broad-approach to a wide-range of environmental and human rights risks, which could create a temptation to seek out comprehensive “turnkey” approaches. If the directive allows companies to demonstrate compliance through broad but shallow check-box exercises, it will risk undermining the incentives for companies to take bolder, more impactful approaches, which could actually move the field of business and human rights backwards.
Through GNI, companies, civil society organizations, investors, and academics come together to set expectations, share information, and collaborate toward shared human rights objectives. GNI’s uniqueness lies in its rigorous and independent methodology for assessment of companies’ practices, which empowers our multistakeholder Board to learn from company experiences, identify good practices, and help shape how tech companies conduct human rights due diligence, risk assessment, and mitigation, and how to drive improvement over time.
These assessments facilitate the sharing of non-public, sensitive information, allowing for unique insights into and collaborative responses to the challenges that ICT companies face with regard to a diverse set of products and services in a wide range of jurisdictions. As demonstrated by our growing membership, key actors see value in multistakeholder initiatives focused on HRDD, risk mitigation, and stakeholder engagement.
Multistakeholder initiatives like GNI can help identify and disseminate good practices, foster cross-company and cross-stakeholder collaboration, and facilitate meaningful engagement. However, not all initiatives involving industry are the same. They vary widely in terms of governance and accountability, with some requiring mere participation, while others like GNI, is utilizing multistakeholder governance to help companies toward continuous improvement over time.
The Directive should recognize the important role that multistakeholder initiatives and other credible processes can play in upskilling, benchmarking, and fostering accountability, and it should incentivize company participation therein. We therefore welcome the reference to “multistakeholder initiatives,” in addition to industry initiatives, in the JURI’s report. We also appreciate the report’s recognition that “independent third party verification” of company due diligence measures can be conducted by a broader range of “entities,” not solely by “auditors.” Finally, we support the expectation set out in Recital 37 that the Commission “may issue guidance for assessing the scope, alignment and credibility of industry schemes and multistakeholder initiatives” and that it should “tak[e] into account, in particular, the inclusion of the perspectives of civil society in the process,” as well as the important recognition that participation in such initiatives “should not absolve such companies of their individual responsibility to perform due diligence.”
GNI looks forward to continue contributing its experience and expertise on HRDD and corporate accountability in the ICT sector in the upcoming steps of the legislative process of this file. GNI stands ready to engage with policy-makers to drive a meaningful, multistakeholder, coherent, and comprehensive model for human rights due diligence in the European Union, rooted in international frameworks and existing expectations.
GNI members include leading academics, civil society organizations, ICT companies, and investors from across the world. Over the last decade-and-a-half, this multistakeholder membership has been working collaboratively to define a standard of responsible ICT company conduct, review company efforts to meet these expectations including through their human rights due diligence (HRDD) processes, and advocate for freedom of expression and privacy rights. GNI effective stakeholder engagement
All GNI members subscribe to and support the GNI Principles on Freedom of Expression and Privacy (Principles), which are grounded in international human rights law and aligned with the UNGPs. The Principles, together with their corresponding Implementation Guidelines, guide companies in responding to government demands, restrictions, and pressure, centering holistic HRDD as a key technique to identify, evaluate, prevent, mitigate, and account for risks to the freedom of expression and privacy rights that are implicated by companies’ products, services, activities, relationships, and operations.
Informed in part by its assessment process, GNI has developed expertise and guidance on what constitutes effective tech company human rights due diligence, risk assessment, and mitigation. For instance, GNI and Business for Social Responsibility recently developed an Across the Stack Tool to encourage collective, ecosystem approaches to understanding and addressing digital rights risks.