Regulatory Compliance

A legal viewpoint on the tech supply chain scandals

This is a contributed piece by Professor Robert McCorquodale, Director of the British Institute of International and Comparative Law (BIICL) and Milana Chamberlain, Partner at Norton Rose Fulbright

The technology industry, it seems, is never too far away from a supply chain scandal. Just this summer, KnowTheChain, a US supply chain accountability initiative, benchmarked 20 global ICT companies on their efforts to ensure that there is no forced labour in their chains – and found that some of the world’s largest ICT operators needed to step up their efforts, with a worrying discrepancy between their public statements and what happens on the ground. Companies scored an average of just 16/100 in their success in ensuring workers have a voice throughout their supply chains and are able to communicate concerns, represent their interests and advocate their rights.

Meanwhile in January of this year, human rights organisation Amnesty International accused certain global ICT companies of failing to do basic checks to ensure minerals used in their products are not mined by children.

The International Labour Organisation estimates that forced labour generates an eye-watering $150bn in illegal profits every year. ICT companies are particularly vulnerable to the problem due to their extensive use of migrant labour in the manufacturing of technology and electronics products in countries such as Malaysia and China, and the complex and lengthy supply chains of many ICT products.

It’s a difficult issue. However, a recent study by the British Institute of International and Comparative Law (BIICL) and global law firm Norton Rose Fulbright, surveying over 150 companies around the world, has found that many of these businesses are still not doing enough to address it properly.

Our research revealed that only a half (51 per cent) of companies undertook a dedicated human rights due diligence assessment which encompassed the full range of a company’s human rights obligations. The rest only considered human rights indirectly as part of other non-human rights processes (e.g. health and safety, non-discrimination, labour). This is despite the clear recommendation of the UN Guiding Principles on Business and Human Rights, which set the international standard in this area.

The contrast in results between those undertaking dedicated human rights due diligence and those that were not, was stark.

Of those who did undertake full human rights due diligence, 77 per cent identified actual or potential human rights impacts, and 74 per cent identified adverse impacts linked to the activities of their third party relationships. A significant proportion of this group (60 per cent) also said that their company had in the past been connected to allegations of human rights – suggesting that awareness of the risk of human rights impacts is a driver for conducting a human rights due diligence process. 

Meanwhile, only 19 per cent of companies who did not conduct express human rights due diligence identified any actual or potential adverse impacts. In other words, those companies are not detecting human rights issues that do exist because they are not focusing on human rights in their due diligence processes.

It’s vital to appreciate that human rights due diligence is not general due diligence. General business due diligence considers the risk to the company of actions such as mergers and investment, and is often voluntary or subject to limited regulation. Human rights due diligence, on the other hand, examines the risk to individual rights-holders of the activities of a company. They include a wide set of stakeholders - not only employees but also local communities, indigenous peoples, workers in supply chains and others. Many of these groups are simply not being considered.

This matters primarily because no one wants to see human suffering or exploitation occurring.  But it is also a growing reputational issue for the businesses, especially in our social media age.

Regulatory pressure is rising, too. In the UK, the introduction of the Modern Slavery Act this year means that companies with turnovers above £36 ($44) million carrying on a business or part of their business in the UK must report on their steps to eradicate slavery and human trafficking in their supply chains as well as in their operations. The EU’s Non-Financial Reporting Directive requires large companies to report on their human rights due diligence processes and next month, the first Corporate Human Rights Benchmark (CHRB) will be published. Although this year’s CHRB is a pilot, the next stage will see the top 500 global companies from four key sectors researched and ranked - including ICT.

Ignorance of human rights is no defence, and businesses need to be mindful of any gap between public statements they make about their approach to human rights and reality. Companies will be liable not only for those human rights impacts that they knew about, but also for what they ‘ought to have known’, had they been diligent.

The time has come for tech companies to ensure that they really do have robust and specific human rights diligence processes, not just ones that are rolled up into other work streams. It’s important to recognise human rights issues at the operational level, where interaction with the rights-holders actually takes place. All stakeholders and operations need to be included in due diligence, supported by a multi-departmental group including lawyers and board-level decision-makers. Training, consultations with internal and external stakeholders and regular human rights impact assessments are needed.

Legal claims are on the rise across the globe against companies for human rights abuses in their supply chains. As an industry with one of the highest potential exposures to human rights issues, it’s something that tech players really need to get right. Otherwise as the regulatory and legislative pressure mounts, it could become an ever greater problem and a barrier to successful consumer engagement and acceptance as well as investment.


« How IoT companies can learn from the Mirai malware exploitation


Huawei's focus on broadband in Asia may highlight bigger rifts in global tech »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail


Do you think your smartphone is making you a workaholic?