Conflict-Sensitive Human Rights Due Diligence for Tech Companies

Authors

• Ayesha Khan

  Former Manager, Technology Sectors, BSR

• Jennifer Easterday

  Co-Founder and Executive Director, JustPeace Labs

  ---

  Jennifer Easterday

  Co-Founder and Executive Director, JustPeace Labs

  ---

  Close

Key Points

• Tech companies in conflict-affected areas face heightened risks of involvement in serious human rights violations.
• Due to the vast diversity in technologies, no two due diligence processes will be the same.
• BSR’s Toolkit provides analytical and operational decision-making guidance for tech companies on navigating conflict-related issues.

The last decade has seen an increase in state fragility and the number of violent conflicts around the world and a decrease in rule of law. Conflict-affected and high-risk markets are often characterized by serious human rights violations and harm to individuals—including loss of life, basic freedoms, or livelihoods.

Companies operating in these contexts face heightened risks of involvement with human rights harms and could exacerbate conflict and instability through hiring and procurement decisions, partnerships with local entities, compliance with local laws, or the use of their products and services. This exposes companies to potential reputational damage, interruptions in business operations, legal liability, and financial penalties

The tech industry has a particularly complex connection with conflict and instability. Emerging digital technologies have become increasingly essential and ubiquitous factors in our lives, communities, and societies. At the same time, there is increasing evidence of the industry’s role in exacerbating conflict. Moreover, the malicious use or disruption of technology to undermine international peace and security is a growing concern among states and regulators.

Conflict, fragility, and human rights are closely linked: grievances over human rights violations can destabilize and drive conflict, while violent conflict creates additional fragility and heightens human rights risks. The UN Guiding Principles on Business and Human Rights (UNGPs) call on companies to conduct heightened—or more in-depth—due diligence in conflict settings due to the proportionately higher risk of adverse human rights impacts.

What is eHRDD?

Heightened “HRDD” or “eHRDD” is, in essence, HRDD plus conflict sensitivity. It requires identifying human rights impacts as well as conflict impacts.  For tech companies, conducting eHRDD in conflict-affected and high-risk areas (CAHRA) poses unique challenges and requires a rethinking of how technology can impact conflict and pose heightened risks of human rights harms.

CAHRA are “areas in a state of armed conflict or fragile post-conflict as well as areas witnessing weak or non-existent governance and security, such as failed states, and widespread and systematic violations of international law, including human rights abuses.”

They can include situations of mass violence as well as areas with weak governance or rule of law; extensive corruption or criminality; significant social, political, or economic instability; historical conflicts linked to ethnic, religious, or other identities; closure of civic space; and a record of previous violations of international human rights and humanitarian law.

Due to the vast diversity in business models, products, services, and technologies used in the tech industry—such as social media platforms, search engines, facial recognition, AI, machine learning, cloud computing, software companies, quantum computing, telecommunications, or network infrastructure—no two due diligence processes will be the same. However, there are clear phases to eHRDD and concrete steps all tech companies can take.

BSR’s Toolkit provides analytical and operational decision-making guidance for tech companies on navigating conflict-related issues. This practice-oriented guidance was written in close consultation with both the technology industry and other diverse stakeholders, including local civil society from high-risk markets.

We lay out nine steps for eHRDD, and each step has multiple components. By adapting these nine steps, we hope that tech companies can develop robust enhanced human rights due diligence processes that can help reduce the risk that technology contributes to conflict. These steps are:

1. Develop a Formal eHRDD Policy and an eHRDD Process
2. Build and Strengthen Cross-Functional Capacities
3. Scope eHRDD Application: Triggers and Thresholds For eHRDD
4. Conduct a Conflict Assessment
5. Analyze Actual and Potential Impacts
6. Address Impacts
7. Communicate Progress
8. Cross-Cutting Issue: Stakeholder Engagement
9. Cross-Cutting Issue: Leverage Industry-Led and Multi-Stakeholder Collaboration

The guidance is targeted to larger multinational technology companies, but it can also be scaled down and applied by small and medium-sized technology companies or startups. We’ve also developed a short accompanying primer that summarizes the steps above and can serve as a rapid reference framework for companies as they build out these processes. 

Next Steps

However, additional work remains to be done. This guidance is meant to be a starting point for further collaboration, research, and diligence. Specific areas of future focus should include a robust analysis of the impact of different types of technologies on conflict, additional guidance on how to conduct conflict-sensitivity analyses for diverse types of technology, such as artificial intelligence or machine learning, social media, telecommunications, etc., and deep dives or pilots of this methodology in diverse parts of the world.

We look forward to building on this guidance and invite tech companies to get in touch to find out how to get involved.