The past ten years have seen a steady shift in European human rights legislation, away from basic supply chain reporting requirements towards mandatory supply chain due diligence.
For many, this hardening of the legal position on human rights is best exemplified in the European Union’s Proposal for a Directive on Corporate Sustainability Due Diligence (CSDDD).
Under CSDDD, large firms in the European Union, or with a significant European presence, will be required to identify and address human rights impacts, not only in their supply chain, but also along their broader “value chain”. The latest version of the legislation defines “value chain” as more than just the “upstream” relationships traditionally associated with “supply”; it also covers “downstream” relationships, such as those responsible for the sale, distribution, transport, and storage of products.
This extension of due diligence obligations to downstream relationships is likely to be one of the key areas of focus as the CSDDD now undergoes its final stage of negotiation.
As these negotiations progress, decisions will be made that could set the tone for the next ten years of human rights legislation, both in Europe and further afield. In this piece, we will examine the impact of these developments in the crucial area of downstream due diligence.
Implications in context
Full compliance with the UN Guiding Principles (UNGPs) and OECD Guidelines requires firms to assess and address negative impacts across their value chains, including downstream relationships.
Impacts associated with these relationships vary significantly between sectors and can be much broader in scope than their upstream equivalents. A comprehensive risk-based approach requires companies to map the risks associated with all stages of their downstream value chain.
Examples of downstream risks include:
- Logistics and distribution: Transportation services can pose serious human rights risks, including excessive working hours, lack of health and safety, low wages and debt-bondage
- Marketing: Manufacturers of products such tobacco, alcohol and drugs, risk negative downstream impacts when their products are marketed to vulnerable consumers
- Technology: Firms in the technology sector face the risk that their products may be become associated with negative impacts such as illegal surveillance or algorithmic discrimination
- Waste management: Improper disposal of waste, e.g. as part of a product’s use, can lead to serious negative impacts on the health, safety and wellbeing of surrounding communities
In line with these risks, the increasing volume of value chain liability litigation is producing a de facto duty for organisations to map and monitor their downstream relationships closely.
Examples abound. In 2022 the Investigative Chamber of the Paris Court of Appeals confirmed the indictment of a computer engineering company and four of its executives for complicity in torture in Libya after they sold a computer system to the Libyan government that was used to intercept internet communications. Last year, in the ground-breaking Maran case, the Court of Appeals for England and Wales ruled that a UK broker who acted on behalf of a ship owner in selling a vessel to a demolition cash buyer could be liable for the death of a worker at a shipyard in Bangladesh.
Although there are many important considerations for organisations approaching downstream due diligence, we focus below on three that can act as a helpful starting point.
1. Be proactive
For organisations not already affected by the limited downstream elements of existing legislation, it may be tempting to wait for negotiations to progress at the European level before taking action.
However, significant amendments to the CSDDD’s wording on downstream due diligence have already been agreed by the European Parliament this year. Although nothing is certain, this suggests that the downstream elements of the new legislation are unlikely to change again dramatically.
Regardless of whether companies are directly within the remit of due diligence laws like CSDDD, they may indirectly be impacted as suppliers to larger entities that are within its scope.
Moreover, these developments are part of a broader “direction of travel” in which laws are aligning with the requirements of the UNGPs and OECD Guidance, which call for firms to extend their due diligence activities into human rights impacts linked to their products.
Firms would, therefore, be well advised to consider what actions they would need to take if the CSDDD’s clauses on downstream due diligence were enacted in their current form, to ensure that they stay ahead of the short-term enactment of this legislation, as well as this longer-term trend.
2. Work with what you have
In implementing the new downstream requirements, some organisations may be inclined to think that they lack the basic infrastructure to manage due diligence activities at this level.
Organisations in this position should consider what governance structures they already have in place to manage more traditional due diligence activities associated with upstream relationships.
Existing systems for risk-rating of upstream suppliers and third-party risk-management, for example, can be repurposed where necessary to help organisations determine the level of human rights risk posed by downstream relationships, so that due diligence activities can be prioritised on this basis.
By integrating downstream relationships into existing third-party risk-management processes, firms will be able to avoid any unnecessary duplication of efforts.