Print Friendly and PDF

5 principles to future-proof your human rights due diligence program

← back to the complete issue

5 principles to future-proof your human rights due diligence program

By Peter Nestor

In early 2024, the EU finalized the Corporate Sustainability Due Diligence Directive (CSDDD) – a landmark piece of legislation that regulated human rights due diligence for large companies in Europe.

By early 2025, concerns about overregulation and competitiveness and anti-ESG sentiment stateside caused the EU to reopen and renegotiate the CSDDD among other sustainability laws. Many companies hit pause on their new human rights compliance programs.

By the end of 2025, after several rounds of negotiations in Brussels, the CSDDD and other sustainability laws were back online. Companies are now coming off pause to reassess the CSDDD and continue building human rights programs.

The lesson is not new, but worth repeating: geopolitical winds will change, but the underlying risks remain the same. Programs designed to manage the risk, not the law, are more resilient. In 15 years working with and inside companies on human rights, I've found that programs built around the following five principles are the most resilient and credible.

  1. Prioritize

Human rights due diligence covers a daunting range of issues – from living wages and forced labor deep in supply chains to data privacy, land rights and the impacts of emerging technologies. The temptation is either to narrow the scope to only what feels manageable (and miss the issues that actually matter most) or to try to cover everything at once and end up doing nothing well.

The better approach is to start broad and prioritize rigorously. Map the full universe of potential human rights impacts connected to your operations, products and business relationships. Then focus your resources where the risks to people are most severe and most likely – not where the risks to the company's reputation happen to be loudest. That distinction matters. A salient human rights risk is defined by its severity to the affected person, not by its proximity to a news cycle.

2. Stakeholder and rights-holder engagement

No human rights program can be credible if it's built entirely from behind a desk. The people closest to the impacts – workers, communities, civil society organizations, trade unions – hold intelligence that no consulting report or desktop risk assessment can replicate. They often know where the risks are before they become impacts.

Yet meaningful engagement is where many companies stumble. It requires a willingness to sit across the table from people who may disagree with core aspects of your business, and to listen without becoming defensive. It can feel uncomfortable, but in my experience it often provides the most relevant and useful information.

Build relationships over time, return to the same groups with updates on what you've done (and what you haven't), and be prepared for the conversation to be challenging. That's usually a sign you're talking to the right people and making progress in the right areas.

3. Don't overthink due diligence

While the focus of human rights risk is on people, the process follows the same logic as traditional risk management approaches: identify the risk, assess it, act on it, track whether your actions are working and adjust. Plan, do, check, act. Get the foundational policies right – a commitment grounded in international standards, embedded in relevant internal procedures – and then move into action. Many programs get stuck in an endless loop of policy drafting and risk assessment without ever reaching the stage of adequately preventing or mitigating potential harm. That requires good governance with clear ownership, timelines and a willingness to escalate when progress stalls.

4. Remedy

Access to remedy is the ultimate test of whether a program is working. A company can have impeccable policies, thorough assessments, and extensive training – but if affected people have no route to a meaningful remedy, the entire framework is flawed.

This is also where confusion tends to creep in. Contractual clauses requiring suppliers to respect human rights are not remedy – they're prevention tools. Audits are not remedy. Training is not remedy. These are all important components of due diligence, but remedy is what happens after harm has occurred: restoring what was lost, compensating for what cannot be restored and ensuring it doesn't happen again.

Remedy is complicated, and the form it takes will depend on the nature of the harm, international and domestic legal frameworks and the company's relationship to the harm. Getting remedy right also means having accessible, trusted grievance mechanisms – and being prepared to act on what comes through them.

5. Transparency and trust

The triangle of trust – authenticity, empathy and capability – offers a helpful lens for thinking about transparency in a human rights context. Stakeholders need to believe that a company is being honest about where it stands (authenticity), that it understands the human impact of its operations (empathy) and that it has the competence to actually manage these issues (capability). Transparency is what makes all three visible and the companies' actions credible. For many companies, the instinct is to only communicate when the story is positive. But selective disclosure can erode trust. If a company only reports successes, stakeholders – particularly informed ones like investors, NGOs and increasingly regulators – will assume the gaps are being hidden rather than managed. The more resilient approach is to be honest about the journey: what you've identified, what you're doing about it and where you're still working through challenges.

It’s not business as usual

One final thought as you build or strengthen a program: human rights due diligence is not intended to simply reflect existing business practices. If your approach isn't leading to tangible changes in your company's operations, or isn't earning the external credibility it deserves, look for where you can lean into one of these principles more. Ultimately, a robust human rights program will protect people and, over the long run, the company as well.

Download article as PDF

Peter Nestor

has been the Head of Human Rights at Novartis since 2019, and currently serves as Vice Chair on the Board of Directors at the Pharmaceutical Supply Chain Initiative. He has worked with companies across industries on human rights since 2011.


Reporting Insights & The Reporting Times

Unsere Fachzeitschrift «The Reporting Times» sowie die digitalen «Reporting Insights» bieten regelmässig recherchierte Fachartikel aus dem In- und Ausland, wiederkehrende Kolumnen und Interviews. Beide Publikationen informieren, hinterfragen und inspirieren – manchmal kontrovers, manchmal augenzwinkernd, aber immer hoch professionell und aktuell. Mit diesen Publikationen sind Sie stets up-to-date hinsichtlich neuester Trends, Studien und Events rund um das Thema Unternehmensberichterstattung, Stakeholder Excellence & Value Creation.