Skip to content
GT
⚖️ Human Rights Due Diligence
Back to course
The HRDD ProcessLesson 2 of 45 min readUN Guiding Principles (2011), Principles 15-16, 18; OECD Due Diligence Guidance (2018), Steps 1-2

Step 1 & 2: Policy Commitment & Impact Assessment

Step 1 and 2: Policy Commitment and Impact Assessment

The first two steps of the OECD six-step due diligence process establish the foundation upon which all subsequent action rests. A meaningful human rights policy commitment signals intent and enables accountability. A rigorous impact assessment provides the evidence base for prioritising and addressing the most significant risks to people. Together, they answer the questions: "What does our company stand for on human rights?" and "Where are the most serious risks in our operations and value chain?"

Step 1: Embedding a Policy Commitment

UNGP Principle 16 establishes that the corporate responsibility to respect human rights requires a policy commitment that should:

  • Be approved at the most senior level of the business enterprise (board or equivalent)
  • Be informed by relevant internal and/or external expertise
  • Stipulate the enterprise's human rights expectations of personnel, business partners, and other parties directly linked to its operations, products, or services
  • Be publicly available and communicated internally and externally to all relevant personnel, business partners, and other relevant parties
  • Be reflected in operational policies and procedures necessary to embed it throughout the business enterprise

The OHCHR's 2015 Guide on How to Develop a Human Rights Policy provides further detail. An effective policy is specific rather than generic, references the international standards against which the company measures itself, identifies who in the company is responsible for implementation, and describes how the policy will be communicated and enforced with suppliers and other business partners.

What a Strong Human Rights Policy Covers

Based on the CHRB's assessment methodology, a comprehensive human rights policy commitment should include:

  • An explicit commitment to respect all internationally recognised human rights, including the UDHR, ICCPR, ICESCR, and ILO core conventions
  • Specific commitments to the rights of workers in the company's direct operations and business relationships (covering all 11 ILO core conventions)
  • Working hours commitments (CHRB specifically checks for commitments that workers will not be required to work more than 48 regular hours and 60 total hours per week, that overtime is consensual, and that overtime is paid at a premium rate)
  • A commitment to provide or cooperate in remediation where the company identifies that it has caused or contributed to adverse impacts
  • Expectations placed on suppliers and business partners to meet equivalent standards

Board-Level Approval Matters

The CHRB found that board review of human rights strategy rose to 75% of assessed companies in the 2026 iteration, up from 47% in the previous assessment. This is significant progress. However, board approval of a human rights policy is different from boards actively discussing human rights as part of strategic decision-making. Only 10% of CHRB-assessed companies demonstrate that they assess how human rights risks originate from or relate to their business model, which the CHRB identifies as a foundational step for effective due diligence under emerging regulatory frameworks.

Step 2: Identifying and Assessing Human Rights Impacts (HRIA)

UNGP Principle 18 requires that business enterprises identify and assess actual and potential adverse human rights impacts with which they may be involved across their operations, supply chains, and other business relationships. The methodology used to do this is called a Human Rights Impact Assessment (HRIA). The key elements are:

  • Scope definition: Determine which operations, geographies, and value chain relationships to assess, typically prioritised by known risk factors
  • Rights mapping: Map the full range of internationally recognised human rights against the company's activities to identify which rights are most potentially at risk
  • Stakeholder engagement: Conduct meaningful consultation with potentially affected stakeholders, including workers, communities, trade unions, civil society organisations, and vulnerable groups
  • Risk prioritisation: Assess identified risks by severity (scale, scope, remediability) and likelihood to determine salient issues requiring priority action
  • Documentation: Record findings and ensure they are accessible to decision-makers in relevant business functions

Stakeholder Engagement: The Heart of Impact Assessment

UNGP Principle 18 specifies that impact assessment requires "meaningful consultation with potentially affected groups and other relevant stakeholders." This is not a box-ticking exercise. Meaningful consultation means:

  • Engaging stakeholders before decisions are made, not after
  • Ensuring vulnerable and marginalised groups can participate, including women, migrant workers, indigenous peoples, and workers in informal employment
  • Creating conditions where stakeholders can speak freely without fear of retaliation
  • Providing information in accessible formats and languages
  • Feeding back to stakeholders what was heard and how their input influenced decisions

The OECD DDG notes that where potentially affected groups cannot be reached directly (for example, in complex supply chains where conditions are opaque), companies should work with "credible substitutes" such as unions, civil society organisations, and human rights experts with relevant expertise. Complete reliance on supplier self-reporting without any independent stakeholder engagement is insufficient.

Analogy: Diagnosis Before Treatment

A doctor does not prescribe treatment before making a diagnosis. Similarly, effective HRDD requires a thorough assessment of actual and potential impacts before implementing mitigation actions. A company that immediately launches a supplier training programme without first understanding which rights are at risk, for whom, in which parts of its value chain, and why, is prescribing treatment without a diagnosis. The assessment step, grounded in genuine stakeholder engagement, provides the diagnostic evidence that makes subsequent action purposeful rather than performative.

Severity and Likelihood Assessment Framework

The OECD DDG provides practical guidance on how to assess and prioritise identified impacts. The two primary dimensions are:

DimensionSub-factorsQuestions to Ask
SeverityScale, scope, remediabilityHow many people are affected? How serious is the harm? Can it be undone?
LikelihoodProbability of occurrence given contextHow probable is this impact, given what we know about this supplier, geography, or activity?

Severity takes precedence over likelihood in prioritisation. A low-probability but catastrophic and irreversible impact (such as loss of life, permanent disability, or the destruction of an indigenous community's land) should be treated as a higher priority than a high-probability but mild and easily remedied impact. This approach prevents companies from focusing only on frequently occurring low-level issues while ignoring rare but devastating risks.

Example: The CHRB's Supplier Engagement Gap

The 2026 CHRB found that while 87% of assessed companies embed human rights expectations in supplier contracts, only 39% commit to responsible purchasing practices. This gap exposes a fundamental failure in the policy-to-practice connection: companies set requirements for suppliers (Step 1) but their own purchasing behaviours (short lead times, price squeezes, last-minute order changes) undermine the suppliers' ability to meet those requirements. A comprehensive Step 2 assessment would identify this contradiction, because stakeholder engagement with suppliers and workers would reveal how purchasing practices drive conditions at factory level.

Key Takeaways

  • 1A human rights policy commitment, per UNGP Principle 16, must be board-approved, publicly available, communicated to all relevant parties, and translated into operational procedures
  • 2An effective policy specifically commits to all internationally recognised human rights, the 11 ILO core conventions, working hours limits, remediation, and places equivalent expectations on suppliers
  • 3A Human Rights Impact Assessment (HRIA) maps the full range of rights against the company's activities, engages affected stakeholders meaningfully, and prioritises risks by severity (scale, scope, remediability) and likelihood
  • 4Meaningful stakeholder engagement requires engaging potentially affected people before decisions are made, ensuring accessible participation by marginalised groups, and feeding back how their input was used
  • 5Severity takes precedence over likelihood in prioritisation: a low-probability but catastrophic and irreversible impact should be treated as a higher priority than frequent but mild harms

Knowledge Check

1.According to UNGP Principle 16, at what level of a business enterprise must the human rights policy commitment be approved?

2.In a Human Rights Impact Assessment (HRIA), which factor takes precedence when prioritising identified risks?

3.The 2026 CHRB found that 87% of companies embed human rights expectations in supplier contracts, but only 39% commit to responsible purchasing practices. What does this gap reveal?

2 of 4