Cloud computing has revolutionized the IT industry over the last two decades. As the largest segment of the cloud computing market, software-as-a-service (SaaS) has played a large role in this transformation. Businesses can use packaged software to address a range of solutions, from customer relationship management and cross-team collaboration to industry-specific applications such as electronic record management systems for healthcare, production scheduling software for manufacturing, and learning management systems for schools.

The SaaS model enables easier access to software for businesses of all sizes. Small and medium enterprises that were previously unable to access or afford advanced technology can now benefit from the latest technological advancements.

However, the proliferation of such technologies comes with ethics considerations and human rights responsibilities. Cases such as internet infrastructure companies removing extremist websites like “The Daily Stormer” from their services or CRM providers facing accusations of facilitating human trafficking show how B2B companies are increasingly confronted with the possibility that their products, services, and platforms may be misused or abused in ways that lead to harm.

During 2021, BSR worked with a group of SaaS companies to develop an approach to responsible product use. While it was clear that SaaS providers have a responsibility to address the harms associated with their products and services, there was a need for a deeper understanding of how their services can impact human rights and the appropriate actions that they can take to address these impacts.

To further explore the human rights impacts, we have subsequently worked with a group of SaaS companies to conduct a sector-wide human rights assessment of the SaaS sector focused on the use of B2B services and are publishing the report today. This assessment identifies the SaaS sector’s salient human rights risks and outlines ways in which SaaS providers may impact human rights—as individual companies, as a group of companies, or as a sector.

The Challenge of Size and Variability

Undertaking a sector-wide human rights assessment of the SaaS sector proved challenging due to the size and variability of the sector. As of 2021, there were approximately 15,000 SaaS companies in the US alone, addressing an infinite number of business needs. As such, we did not attempt to assess the potential impacts of every single type of SaaS service. Instead, we identified several differentiating characteristics related to the functionality and deployment of SaaS services that may surface various human rights issues and provide different degrees of leverage to address them.

For example, the level of customizability of a SaaS service may surface different implications for human rights. Highly customizable SaaS services make potential harms less foreseeable by SaaS companies since customers can change the services’ functionality and outcomes, which may also result in less (or different) leverage available to the SaaS company to address the harm. Identifying these differentiating characteristics helped us unpack company, cumulative, and sector-level strategies to address adverse impacts.

Limited Insight into End-Use

The most important considerations in evaluating the potential human rights impact of SaaS services are who uses the service and how it is used. For example, a company may use 3D modeling software to create illegal weapons, or a team collaboration software may be deployed by a company to monitor their employees. However, a common theme that emerged during BSR’s engagement with SaaS providers was that they often have little insight into how customers use their services—for example, for reasons of privacy-posing challenges to identifying downstream human rights impacts.  

Appropriate Action to Address Human Rights Impacts

This assessment takes a first step in identifying the human rights impacts of SaaS providers–both individually and as a sector—and appropriate action to address these impacts. We hope it will help provide guidance for SaaS companies seeking to implement their human rights commitments.

SaaS providers can take action by defining what customers and users can and cannot do with their services, establishing technical limitations to service functionality, communicating the limitations or potential risks of the service, and collaborating with other companies to share insights and establish best practices.   

The SaaS model has leveled the playing field for businesses and enabled access to technological advancements at a previously unimaginable scale. B2B SaaS services have tremendous potential to assist the realization of human rights. However, SaaS companies may be connected to harms and have a responsibility to establish appropriate measures to address these harms.

BSR’s report explores how the SaaS sector can both address human rights risks and pursue opportunities that promote the realization, enjoyment, and fulfillment of human rights for their individual services and the sector as a whole.