Downstream Human Rights Due Diligence: Informing Debate Through Insights from Business Practice

Abstract The United Nations Guiding Principles on Business and Human Rights conceive of human rights due diligence (HRDD) as covering potential impacts across value chains, including downstream. The proposed EU Corporate Sustainability Due Diligence Directive and the revision process of the OECD Guidelines for Multinational Enterprises have sparked renewed discussion on how and whether companies should conduct HRDD downstream to identify and prevent or mitigate adverse human rights impacts. Whilst some debate has occurred previously on downstream HRDD, this has predominantly centred on specific sectors, products and services where the links to egregious human rights harms may be more readily identifiable. This piece seeks to inform the current debate by broadening the examples of sectors, products and services and current business practice which demonstrate the critical need for, and ability of, companies to consider human rights risks downstream.


I. Introduction
Contentious debate has arisen of late surrounding the extent of companies' human rights due diligence obligations downstream.This has been sparked by policy discussions within the European Union (EU) over the proposed Corporate Sustainability Due Diligence Directive (CSDDD) and at the Organisation for Economic Co-operation and Development (OECD) in respect of the revision of the Guidelines for Multinational Enterprises (the OECD Guidelines).Some emergent narratives have supported confining the requirements for downstream due diligence to a restricted set of circumstances or eliminating it altogether.
The United Nations Guiding Principles on Business and Human Rights (UNGPs) emphasize the importance of human rights due diligence (HRDD) across the entire value chain of a company, establishing a responsibility to identify and address downstream risks associated with company operations, products, services and business relationships. 1The responsibility of companies to exercise human rights due diligence in relation to downstream human rights impacts thus arises independently of regulatory requirements and flows directly from international standards. 2n this piece, we argue that downstream risks arise in a broad range of sectors and advance arguments and examples which challenge the merits of limiting or eliminating the downstream HRDD expectation within emerging legal standards.We do so based on practical examples taken from business experience.Our findings are based on work undertaken directly with the business community through the Global Business Initiative on Human Rights (GBI), the members of which undertake peer learning across diverse sectors and geographies with input from GBI's subject-matter specialists.

Learning from Business Practice
In 2020, GBI established a working group on downstream due diligence to examine how companies can identify, assess and mitigate or prevent risks to people emanating from their products and services and from their business relationships, with a particular focus on customers and end-users. 3This work culminated in a roundtable in November 2022 and a subsequent report released in February 2023. 4ur findings in this workalongside several recent reports from others referred to in this piecedemonstrate that examining a broad range of sectors, products and services, business models and types of downstream relationships can reveal critical trends, red flags and helpful practices for identifying and addressing a company's human rights risks.They show that, regardless of whether oncoming regulatory developments explicitly include downstream HRDD, for many companies downstream impacts are salient and cannot be ignored.
Failing to conduct HRDD downstream may result in significant blind spots, harmful to the human rights of those impacted by the company's products, services or business model.This may lead, if not to legal liability or penalty for regulatory breach, to equally damaging results in respect of a company's reputation with customers, consumers and prospective business partners.It may also risk affecting a company's social licence to operate and ability to enter new markets.Significant out-of-court settlements or provision for large-scale remediation may also be required where adverse impacts occur.Accordingly, quite apart from the fact that a value chain approach is a core expectation of the UNGPs, and irrespective of the final form of the CSDDD or revised OECD Guidelines, there are important reasons for companies to look downstream.

II. Downstream Risks Arise in a Broad Range of Sectors
Downstream human rights risks can be divided into several groups.These include risks related to the misuse of products and services or use that is irresponsible or unintended by the producer,5 as well as risks stemming from the company's business model, sales and marketing practices, transport and logistics, and end-of-life product disposal and recycling. 6hinking through the diverse nature of potential downstream risks is useful for practitioners as their touchpoints with business personnel and corporate processes, and thus the approach to HRDD required, can be quite different.
Discussions on the downstream HRDD responsibilities of companies have, to date, centred predominantly on specific sectors, products and types of impacts.For instance, very large online platforms, such as social media companies, have been scrutinized for their downstream impacts.These relate to the gathering, use and commercialization of personal data; impacts on freedom of expression; facilitating the spread of hate speech, misinformation, political extremism, terrorism, electoral manipulation and the suppression of democratic dissent; the impacts of content moderation and encryption; discrimination and other human rights abuses resulting from algorithmic bias; and impacts on at-risk groups including human rights defenders and children. 7In respect of this latter point, an inquest in the United Kingdom found that a 14-year-old girl 'died from an act of self-harm whilst suffering from depression and the negative effects of on-line content' she consumed on Meta's Instagram platform. 8n addition to social media companies, the responsibility of the financial sector in respect of client actions has received significant attention, 9 as have responsible marketing practices, in relation to impacts arising from discrimination, bias and children's rights. 10Whilst exploration of these cases has been useful, such examples offer a highly sector-specific understanding of downstream risk in a context where such risks are arguably the most salient ones facing companies.Failing to explore the potential impacts which a larger range of sectors, products and services can haveand their far-reaching consequences on individual rights-holders and society at largeby-passes an important opportunity to learn from the wide range of challenges companies face downstream and, crucially, how it is possible to address these risks.

III. Companies Are Being Held Liable for Their Downstream Human Rights Impacts
Several recent settlements and ongoing cases have highlighted that parties to litigation, as well as courts and non-judicial grievance mechanisms around the world, are increasingly recognizing that corporate liability may arise where a company knew or ought to have known that human rights impacts could have occurred downstream.For example, in Begum v Maran (UK) Ltd, the Court of Appeal of England and Wales has refused to dismiss a claim seeking damages from a UK-based company that sold a ship for scrappage to a third party who disposed of the ship in an unsafe manner resulting in loss of life.11In France, a case is pending against a surveillance technology company alleged to have been complicit in torture in Libya under the regime of Muammar Gaddafi. 12he opioid epidemic's impact on communities across the United States, with devastating consequences for public health and individual wellbeing, has seen efforts to hold accountable those responsible for contributing to the crisis.Whilst legal action has been taken against drug manufacturers, it is particularly of note that settlements have been reached with pharmacy chains which plaintiffs argued should reasonably have been aware of the risks associated with the dispensing of opioids in the communities that were most affected by the epidemic. 13Additionally, a management consultancy firm commissioned to boost the sales of products known to be both addictive and harmful reached a settlement totalling US$573 million with 47 state attorneys general. 14Such large settlements are not new as the high-profile In Re Agent Orange Product Liability Litigation case from 1984 demonstrates. 15ECD Watch and others have documented how cases brought before the OECD National Contact Points (NCPs) have pertained to downstream issues as various as the sale of construction machinery utilized in the service of illegal occupation; the sale of surveillance, arms and tear gas to authoritarian governments; the provision of turbines to a hydroelectric dam with adverse social and environmental impacts; the sale of drugs used in lethal injections for capital punishment; multi-stakeholder certification schemes involved in human rights violations; alleged downstream links to a terrorist organization; financing of companies and projects with adverse human rights impacts; and divestment of a subsidiary or asset to a buyer with links to adverse human rights impacts.16

IV. How Companies Are Conducting HRDD Downstream
To elucidate why companies should be placing greater focus on downstream HRDD beyond the imperatives of regulation and legal liability, it is useful to explore how companies are already approaching this work.Preventing and mitigating downstream risks requires a comprehensive approach that considers the nature of the business, the products and services being offered and their potential impact on human rights.Whilst the findings from GBI's working group and roundtable demonstrated that implementation necessitates an element of sectoral specificity, some general trends and approaches were observed crosssectorally.
It is particularly important to understand HRDD as a continuous and dynamic, iterative process that has both proactive and reactive components in the downstream context.The complexity of this part of the value chain means that there is a higher degree of uncertainty than in upstream (i.e., supply chain) contexts and, by implication, not all impacts on human rights will be foreseeable.Companies can proactively identify and assess some potential risks and take steps to prevent or mitigate them.There may also be situations where a company is called upon to react to new or unanticipated risks that arise, and to cease or mitigate their impact and prevent their recurrence.

Identifying and Assessing Downstream Human Rights Risks
Certain risks and potential impacts are likely to be identifiable independent of a given transaction.This is true both for a company's existing portfolio of products and services and any new product or service development.Some companies seek to identify such risks through the conduct of human rights impact assessments (HRIAs) that consider the impacts of products, services and the company's business model. 17Embedding a human rights approach in research and development teams can also help to ensure that risks are considered.Ensuring that operational-level grievance mechanisms are a source of continuous learning, and conducting human rights due diligence on mergers or acquisitions that covers potential downstream impacts were also highlighted by participants in GBI's working group. 18ompanies have existing ways to address transaction-specific risks which can be extended to cover human rights risks.For example, an assessment of customer human rights risk may be integrated within Know Your Customer checks established to address anti-bribery and corruption risk.Companies may also stand up a separate process.For instance, ING's Environmental Social Risk Framework considers the risks arising from both the nature of a transaction in question and the risk stemming from the individual client. 19In another industry, Siemens has developed a tool to 'support business decisions on the customer side via the early risk identification and assessment of possible environmental and social risks'. 20BI's working group discussed how a system of warning flags could be implemented in customer relationship management software to mandate due diligence on the sale of products known to present a heightened risk of potential misuse or irresponsible or unintentional use.Building an understanding of how a customer or downstream business partner operationalizes their own responsibility to respect human rights could also help to assess the risk of downstream human rights impacts.
In addition, local context is an important factor to consider.For example, GE Healthcare, a major supplier of ultrasound machines, had to consider the impact of the use of its products in India when ultrasound access was discovered to be correlated with higher levels of sex-selective abortions in the country. 21It is often the case that local sales teams will have the greatest understanding of such dynamics.Sales teams should therefore be empowered to make decisions on transactions in line with the company's human rights policy.Training can help such colleagues understand what risks to consider.Companies can also leverage their sales teams to provide feedback on observed risks, so that these can be systematically monitored.

Taking Action to Prevent and Mitigate Downstream Risks
Taking action to prevent and mitigate downstream risks requires creativity in terms of where and how interventions are made.First, it was recognized by GBI's working group that preventing and mitigating downstream risks should be considered from the product or service design phase onwards.Integrating 'human rights by design' into the research and development cycle has advanced in the technology industry in relation to user privacy. 22BI's working group considered how this approach could be relevant to many other industries and contexts to help mitigate downstream risks.
Second, it is oftenalthough not alwaysthe case that companies have reduced leverage in downstream contexts compared with upstream.How much leverage there is varies by industry and position in the value chain.It is apparent that leverage over customers is likely to be strongest before the sale is completed.Accordingly, strategies to prevent or mitigate any potential risks to people should be implemented at an early stage of negotiation and certainly prior to the conclusion of a transaction.In addition to contractual clauses that aim to prevent misuse and unintended use, companies can make use of after-sales service, support or warranties to provide an additional source of leverage, as well as offering training and guidance to end-users.In the GE Healthcare example mentioned above, enhanced training to ultrasound practitioners formed a part of the company's response. 23hird, clear governance structures can help prevent risks from materializing.For example, Ericsson has established a sensitive business framework which includes both a dedicated team and a sensitive business board to which transactions can be escalated for review.24

V. Conclusion
The debate surrounding downstream HRDD has gained momentum in recent years, driven by emerging regulatory developments.This piece aims to contribute to the discussion by emphasizing the critical need for companies to consider human rights risks downstream, independent of regulatory outcomes.However, it also stresses the need for downstream HRDD to be included in mandatory approaches, to ensure normative frameworks are effective, and in line with international standards.Finally, it highlights the importance of examining a broad range of sectors, products and services to understand downstream risks fully.
Recent settlements and cases demonstrate that companies can be held accountable for downstream human rights impacts, regardless of their actual knowledge of the potential risks.Proactive identification and assessment of human rights risks downstream, together with measures to prevent and mitigate them, are therefore crucial.
Integrating human rights considerations into areas such as product design and early in negotiations, establishing clear governance structures, empowering sales teams and providing training both to such teams and to end-users can all assist with risk identification and mitigation.Our findings demonstrate that companies canand doconduct human rights due diligence on risks downstream in their value chains.This is consistent with UNGP 13, calling on companies to 'seek to prevent or mitigate adverse human rights impacts that are directly linked to their operations, products or services by their business relationships, even if they have not contributed to those impacts'.
Regardless of the current policy debates, companies will continue to cause, contribute to and be directly linked to downstream human rights impacts.The saliency of these risks and impacts will often be too great to ignore.Limited, ambivalent or divergent approaches to downstream HRDD within and between international standards and EU legislation is likely to be detrimental to rights-holders, businesses and governments, and would fail to align with companies' experiences, existing HRDD best practices, and human rights risk concerns.