Australia: Practical tips on conducting human rights due diligence

Business ethics and anti-corruption world

There is increasing focus on the responsibility of businesses to respect human rights, most notably since the UN Human Rights Council endorsed the UN Guiding Principles on Business and Human Rights (the Guiding Principles), formulated by Professor John Ruggie, the former Special Representative of the UN Secretary General for Business and Human Rights.

The Guiding Principles are of international significance, setting out the standards of behaviour expected of States to protect, and businesses to respect, human rights. Although they do not form part of hard international or domestic law, and do not have statutory force, nonetheless they invoke respect for internationally recognised rights and are of increasing relevance legally in areas such as investment treaty disputes, state operated procurement processes, project finance contracts and rising litigation aimed at seeking redress for alleged human rights abuses.

The Guiding Principles provide guidance on the steps that businesses should take in order to mitigate possible human rights impacts and risks. As explained below, human rights due diligence (HR due diligence) is an essential step and requires the active involvement of in-house lawyers. That said, it requires a different approach from what commercial lawyers may be familiar with. This article seeks to explain the key differences and provide some practical tips on how to go about the process.

Why should lawyers engage in their business's HR due diligence?

Applicable Laws and Recognised Rights
First, Principle 23(a) of the Guiding Principles requires businesses to comply with all applicable laws. Every country in the world has some form of labour, privacy, health & safety or other law which will need to be assessed in order to meet the expectations of the Guiding Principles. Beyond domestic law, Principle 23(a) calls on businesses to respect "internationally recognised rights", set down in international treaties ratified by States such as the International Labour Organisation Conventions and the documents comprising the International Bill of Rights (i.e. the Universal Declaration on Human Rights, International Covenant on Civil and Political Rights, and International Covenant on Economic, Social and Cultural Rights). In the event of a conflict between local and international rules, businesses must "seek ways to honour" the internationally recognised rights. Depending on the circumstances, this process may require significant legal scrutiny and analysis.

Indirect Legal Risks
Second, a business's failure to comply with the Guiding Principles can, indirectly, lead to legal risk; even if the Guiding Principles themselves are not binding in law. For example:

  • It is well-documented that in some jurisdictions it is possible to bring claims against companies for human rights abuses committed abroad. In jurisdictions such as the US and UK, for example, these claims typically manifest themselves as tort actions, often brought by or on behalf of multiple claimants. Moreover, there have been many instances of companies unwittingly inheriting expensive, protracted legal disputes through mergers or acquisitions. Given the possibility of such claims, Principle 23(c) calls on businesses to treat gross human rights abuses as a legal compliance issue.
  • Tribunals in investment treaty claims (such as the International Centre for Settlement of Investment Disputes tribunal in Phoenix Action v Czech Republic (2009)) have determined that "investments made in violation of the most fundamental rules of protection of human rights" should not benefit from investment protection.
  • In the context of project finance, signatories to the Equator Principles1 (EPs), 79 of the largest financial institutions worldwide, require borrowers to comply with the IFC Performance Standards on Environmental & Social Sustainability (Performance Standards) when undertaking due diligence. If a borrower fails to do so, this could amount to an event of default under the loan documents. The latest version of the Performance Standards requires that HR due diligence, as envisaged by the Guiding Principles, be conducted in "limited high risk circumstances".

When conducting HR due diligence, any human rights issues identified should be assessed with an enquiring legal mind taking into account possible legal risks such as the ones described above.

Legal Principles Third, the language in the Guiding Principles evokes familiar legal concepts when describing how a business should go about conducting HR due diligence. For example, Principles 17 to 21 outline the main components of an effective HR due diligence process, which should include procedures designed to identify, prevent, mitigate and account for a business' human rights impacts. Principle 17(b) acknowledges that the appropriateness of any such steps will "vary in complexity with the size of the business enterprise, the risk of severe human rights impacts, and the nature and context of its operations". This language suggests the need to examine issues of scope and proportionality that lawyers frequently come across.

Further, HR due diligence should, according to Principle 17(a), "cover adverse human rights impacts...a business...may cause or contribute to". Assessing causative links is a familiar legal exercise, and the Commentary to Principle 17 relating to contribution includes references to the criminal law principle of complicity. This reinforces the need for lawyers to play an active role in HR due diligence.

Equally, it is worth noting that the Guiding Principles do not explicitly prescribe legal tests for assessing causation and contribution, but instead advocate a risk based approach, which should begin with an analysis of the risks of adverse human rights impacts. This is explained more fully below.

Human Rights Due Diligence – In Practice

HR due diligence should be an essential part of a company's risk management strategy, not least if the company operates in "high-risk" jurisdictions. Today, there exists a global trend towards developing due diligence mechanisms to assist companies in complying with relevant professional standards, sometimes against a background of increasing regulation.

Although HR due diligence is not a legal requirement, it is increasingly recognised that it is good business practice to manage potential human rights risks associated with the company's activities, in the same way that an increasing number of companies seek to manage risks such as bribery and environmental damage. HR due diligence addresses a company's responsibility to:

  • Identify and assess human right risks;
  • Prevent and mitigate adverse human rights impacts; and
  • Account for how it addresses human rights impacts.

According to the Guiding Principles, HR due diligence should be initiated as early as possible in the development of a new activity or relationship. How this is to be done will depend on the circumstances - there is no "one-sizefits- all" approach to implementing HR due diligence.

Identify and assess human right risks
The first step in carrying out HR due diligence is to identify and assess the nature of the actual and potential adverse human rights impacts with which a company may be involved. This involves carrying out human rights impact assessments (HR impact assessment) to identify potential human rights issues in existing and anticipated projects and operations. The approach to this assessment will depend on, among other things, the country and industry in which the company operates. But there are two key questions which companies should consider when carrying out any HR impact assessment of a project or operation:

  • Who are the potentially affected stakeholders?
  • What are the potential human rights impacts of the project or operation?

In the context of oil and gas companies, for example, the European Commission's Guide on Implementing the Guiding Principles sets out five steps of the HR impact assessment process.

The European Commission's Guide on Implementing the Guiding Principles comments on these steps:

  1. Building a Systematic Approach to Assessment
  2. HR impact assessment is an on-going process, which should be repeated whenever risks to human rights may change substantially. There may also be other important sources of information on impacts that need to be considered, e.g. expert reports, complaints from NGOs and grievance mechanisms at an operational-level.

  1. Understanding Your Operating Context
  2. Companies need to understand the context in which they operate at a country level so they can take steps to avoid contributing to human rights abuses. Where national laws fail to protect human rights, companies should respect internationallyrecognised human rights.

  1. Reviewing Business Relationships
  2. Companies' responsibility to respect human rights extends to its business relationships. This also includes relationships down the supply chain.

  1. Drawing on Expertise
  2. Companies need to draw on relevant expertise to make sure that their assessments of impacts are as well informed as possible. These sources of expertise may be internal to the company or external, e.g. by commissioning relevant NGOs to advise on specific issues and/or prepare reports where appropriate. This is a good opportunity to engage individuals across different functions and departments internally in a conversation about potential human rights impacts.

  1. Consulting Affected Stakeholders
  2. Meaningful consultation with affected stakeholders is vital in identifying potential human rights impacts and finding sustainable ways to address them. It is important for companies to demonstrate that they properly take into account the concerns of affected stakeholders.

In summary, an HR impact assessment is a structural process by which the company gathers the information it requires in order to understand what its human rights risks are so that it can decide how best to mitigate them. Part of any HR impact assessment must be to consult human rights experts and engage with affected stakeholders in decision making processes.

Prevent and mitigate adverse human rights impacts
It is important to stress that the identification and assessment of human rights risks and impacts should be an inherent part of the company's decision making about its business activities, and not simply be seen as a process to be followed after making a decision to pursue a project or operation. The business needs to engage with affected stakeholders at an early stage in the decision making process and throughout the life cycle of a project and provide appropriate mechanisms to raise human rights issues.

Account for how human rights impacts are addressed
Companies should be prepared to communicate externally about how they address human rights impacts. Since the amendment to the Companies Act 2006, Section 414C(7)(b)(iii) requires UK quoted companies to report on human rights issues in their strategic reports. With greater reporting obligations being introduced in countries such as the UK and the USA, companies will likely be put under increasing pressure to explain publicly how they address human rights issues and how they assess their human rights impacts, including through HR due diligence and HR impact assessments.

What makes HR due diligence unique?
First, the focus of HR due diligence includes risks to the human rights of individuals and extends beyond risks to the business itself. That requires the company to ensure that its focus is not purely internal and gives HR due diligence a dimension that may not exist in other due diligence exercises.

Second, the scope of HR due diligence, and the issues that it needs to consider, can be extremely broad. Not least, it needs to take into account all internationally-recognised human rights, including standards applying to relevant vulnerable groups. Companies need to ensure that the human rights issues and their potential scope are properly understood by drawing on relevant expertise.

Third, a proper due diligence exercise may require the company to address potentially affected stakeholders' perspectives through meaningful consultation. Again, this may require the company to address issues outside itself (and its comfort zone).

Fourth, it is difficult to measure and respond to human rights issues that are identified. For instance, human rights issues can be qualitatively different from bribery issues (where specific behaviour, such as unlawful payments, can be identified and addressed based on an examination of the company's books and records) and environmental issues (such as GHG emissions, where the impacts, and the effects of remediation, are often more measurable).

Finally, HR due diligence involves companies considering what impacts may arise from their business relationships, and may imply a greater responsibility to influence the activities of business partners than the company is used to.


There is a global trend towards developing more effective due diligence mechanisms to enable companies to understand and comply with relevant legal and professional standards. At the same time, there is growing pressure on companies to "know and show" that they are managing human rights risks effectively. HR due diligence and HR impact assessments are essential means of ensuring that this is done properly.


1The EPs apply to all project financing with a value of over US$10 million and to certain types of corporate loans, bridge loans and project finance advisory services.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

Some comments from our readers…
“The articles are extremely timely and highly applicable”
“I often find critical information not available elsewhere”
“As in-house counsel, Mondaq’s service is of great value”

Mondaq Advice Centre (MACs)
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at and we will use commercially reasonable efforts to determine and correct the problem promptly.