The Rapidly Changing World of Human Rights Regulation: A Resource for Investors

Subodh Mishra is Global Head of Communications at Institutional Shareholder Services, Inc. This post is based on a publication by Clare Bartram, ESG Specialist, Modern Slavery; Marie-Anaïs Meudic-Role, Associate, Norm-Based Research; Abigail Kyla Antonio, Analyst, Norm-Based Research; and Thiago Toste, Senior Associate, ESG Methodology Lead, Norm-Based Research at ISS ESG, the responsible investment arm of Institutional Shareholder Services.

Related research from the Program on Corporate Governance includes The Illusory Promise of Stakeholder Governance by Lucian A. Bebchuk and Roberto Tallarita (discussed on the Forum here); Reconciling Fiduciary Duty and Social Conscience: The Law and Economics of ESG Investing by a Trustee by Max M. Schanzenbach and Robert H. Sitkoff (discussed on the Forum here); and Exit vs. Voice by Eleonora Broccardo, Oliver Hart and Luigi Zingales (discussed on the Forum here).

Key Takeaways

  • The human rights regulatory landscape is changing rapidly, evolving from soft to hard law and with momentum towards mandatory due diligence.
  • These changes are driven by jurisdictions responding to human rights challenges with the introduction and strengthening of mandatory disclosure legislation and import controls.
  • Companies, and also increasingly investors, are subject to regulation that is expanding in its scope and enforcement and that requires identification, mitigation, remediation, and disclosure of adverse human rights impacts.
  • This post provides a resource for investors to navigate the human rights regulatory landscape, focusing on human rights due diligence, along with single-issue regulation on modern slavery, indigenous rights, and artificial Along with highlighting the strengths and limitations of current regulatory models, the paper includes an overview of key legislation on human rights globally.


SFDR, MSA, CSDD, UNGPs, CSRD, WRO—the rapidly evolving human rights regulatory landscape is challenging to navigate. Governments are increasingly looking to institutionalise corporate transparency and due diligence obligations through national and regional regulation on human rights. There is growing momentum to mandate corporate due diligence on a broad spectrum of ESG challenges, including human rights.

The European Union’s (EU) consideration of wide-reaching regulation is setting a precedent for other jurisdictions to consider holistic legislative approaches to human rights and environmental protection. In parallel, several countries are expanding and strengthening their legislative responses to specific human rights concerns, such as modern slavery, focusing on transparency as the key mechanism to drive improvements in corporate practices. Other jurisdictions have banned imports of goods produced with exploitative practices and introduced targeted sanctions of individuals and entities over human rights violations.

The United Nations Guiding Principles on Business and Human Rights (UNGPs) have become the global authoritative standard on the role of business in preventing, mitigating, and remedying human rights harm, since they were unanimously endorsed by Member States at the United Nations (UN) Human Rights Council more than a decade ago.

The UN Working Group on Business and Human Rights’ assessment of the last 10 years of the UNGPs concluded that that the UNGPs have led to “significant progress” in managing business-related human rights risks and impacts. The UNGPs set the foundation for business due diligence on human rights, establishing expectations for companies to identify and assess actual and potential adverse human rights impacts, and to provide remedy for victims.

In the absence of an international legally binding treaty on business and human rights, the UNGPs, and the subsequent Organisation for Economic Co-operation and Development (OECD) Guidelines for Multinational Enterprises, have been instrumental in establishing expectations of responsible business conduct, prompting a proliferation of standards and guidance, audit mechanisms, and multi-stakeholder initiatives—primarily voluntary in nature. Increasingly, however, governments are embedding the principles into hard law, recognising that repeated corporate controversies concerning modern slavery, the use of technology for discriminationatory practices, and the destruction of indigenous cultural heritage highlight the shortcomings of voluntary, soft law approaches.

Over 15 countries have implemented, or are considering, regulation on business and human rights. ISS ESG’s research indicates that more than half (approximately 65%) of the ESG rating universe is domiciled in a country with human rights regulations in force or proposed, and may be subject to legislative requirements. The map overleaf focuses on proposed or actual legislation on mandatory human rights due diligence, mandatory disclosure legislation on modern slavery, and legislation on indigenous rights and artificial intelligence (as outlined in Appendix 1 of the complete publication, available here). Countries may also have other human rights-related regulation, such as the criminalisation of modern slavery or sanctions based on human rights violations, which are not captured in this map.

Human rights regulation is relevant to investors for several reasons. First, investors can be directly subject to specific regulation on investment activity and human rights, such as the EU Taxonomy Regulation, under which investors must adhere to certain minimum human rights-related standards, or modern slavery reporting legislation, which in some jurisdictions requires investors to disclose the steps they are taking to assess and address modern slavery risk across their portfolio. The European Commission’s latest Proposal for a Directive on Corporate Sustainability Due Diligence (CSDD Directive) even prescribes that some large financial actors conduct ex ante due diligence into the potential human rights impact associated with their services.

Second, investors play an influential role, through screening and engagement activities, in promoting compliance with human rights regulations, particularly in the absence of strong enforcement mechanisms. The move towards ESG and sustainable finance has also highlighted to policymakers the demand for transparent, robust corporate disclosures, a development mirrored by the UNGPs 10+ Roadmap, which aims for all leading ESG frameworks and sustainability reporting standards to explicitly align with the UNGPs, including with regards to the integration of human rights due diligence as a core element of sustainable business and investment activities.

This paper provides a resource for investors to navigate the current state of human rights regulation. It focuses on human rights regulation from a corporate governance perspective, covering human rights due diligence, along with issue-specific legislation on modern slavery, indigenous rights, and emerging issues around artificial intelligence. The paper highlights the key strengths and limitations of current regulatory models globally, provides insights into what’s next for business and human rights regulation, and includes a global overview of key legislation currently in force or proposed (see Appendix 1 of the complete publication, available here).

Examples of Human Rights Due Diligence

Obligatory Due Diligence Processes

Human rights due diligence regulation creates obligations on companies to establish policies and processes to identify, address, and prevent human rights impacts stemming from their activities. The proposed CSDD Directive, which contains broad, cross-sectoral due diligence requirements across the value chain for large EU and non-EU companies (and later for medium-sized EU and non-EU companies which operate in the textile, agricultural, and extractive sectors) and their directors, fits into this category, as do France’s Duty of Vigilance Law, Germany’s Supply Chain Legislation,

Norway’s Transparency Act, and Switzerland’s Responsible Business Initiative (see Appendix 1 of the complete publication, available here). The draft directive is set to undergo further review and debate, and implementation is expected by 2027.

Mandatory Disclosure

Other initiatives aim to encourage sustainable behavior by requiring companies to report on the human rights due diligence processes they have in place to manage any human rights impacts that might be associated with their operations and supply chains. The EU’s proposed Corporate Sustainability Reporting Directive (CSRD Directive) contains provisions to that effect, under which certain large EU-based companies will have to disclose due diligence processes implemented with respect to human rights, among other sustainability matters. In response to this regulation, European policymakers are looking to align obligations under the CSRD and the CSDD directives.

New York State’s proposed Fashion Sustainability and Social Accountability Act contains similar provisions.

Import Controls

A few regulations leverage market access to encourage corporate actors to address their human rights impacts: one example is the EU Conflict Minerals Regulation. Under the Regulation, EU-based importers of certain minerals linked to high-risk and conflict areas must carry out human rights due diligence for their supply chains. This requires following a five-step framework set out in the OECD Due Diligence Guidance for Responsible Supply Chains from Conflict-Affected and High-Risk Areas. EU Member States are responsible for checking that EU importers respect the requirements that the regulation sets out.

Key Strengths

  • Human rights due diligence increases the robustness of corporate risk management processes, which in turn can help investors achieve higher risk-adjusted returns and contributes to economic Positive performance on human rights and proactive management of risks can attract investment and procurement opportunities for both companies and governments.
  • Requiring companies to undergo robust human rights due diligence processes helps investors conduct their own human rights due diligence and make more informed and responsible investment decisions and limits their risk of being connected with adverse human rights impacts.

Key Criticisms

  • Application to only a small number of
  • Watered-down due diligence requirements compared to existing UN and OECD
  • Limited enforcement
  • No provisions for conflict and security issues, which is a concerning gap in light of current world events and recent company statements about the difficulty of navigating human rights due diligence requirements in the context of the war in Ukraine.

Modern Slavery Mandatory Disclosure Legislation

The Californian Transparency in Supply Chains Act 2010, the United Kingdom’s (UK) Modern Slavery Act 2015 (UK MSA), and the Australian Modern Slavery Act 2018 (AU MSA) require companies, based on annual revenue thresholds, to disclose the steps they have taken to identify and address modern slavery risks. Rather than mandating companies to implement measures to ensure their operations and supply chains are free of slavery, the legislation relies on transparency as the key mechanism to improve corporate practices. The legislation assumes that corporate reporting will:

  • Help investors and consumers to make more informed
  • Generate a race to the top by incentivising companies to outperform their peers in their disclosure and
  • Make it more challenging for companies to disguise a competitive advantage obtained from exploitative labour practices.

In Canada, the House of Commons recently voted unanimously to send the Modern Slavery Act for further study, and the bill is advancing to become law. The legislation would require Canadian companies to report on efforts undertaken to prevent and reduce the risk of forced or child labour in companies’ supply chains, and would introduce an enforcement mechanism via fines and liabilities for company directors and officers. The Canada-US-Mexico Agreement, now two years in effect, prohibits the signatories from importing goods made by forced or compulsory labour.

The AU MSA was the first to explicitly extend the reporting requirements to investment and lending activity. The AU MSA expects that investors will assess their portfolio exposure to modern slavery at an overall, thematic level and identify how to address significant risks, noting that they are not required to report on individual investees. Proposed legislation in Aotearoa New Zealand is considering a similar approach.

Key Strengths

  • Increases awareness of modern slavery among businesses, boards of directors, investors, and the general public.
  • Modern slavery statements are a valuable resource for investors, providing a starting point to assess and track how companies are managing modern slavery risks.

Key Criticisms

  • Race to the middle” approach, where the majority of companies tick the box to meet the legal requirements of the legislation without addressing the systemic causes of exploitation. In Australia, ASX 300 disclosures highlight significant gaps in meaningful progress on modern
  • High rates of non-compliance—six years of reporting under the UK MSA shows two in five companies do not meet the minimum requirements.
  • Lack of strong enforcement mechanisms. Mandatory disclosure legislation largely relies on public scrutiny—perhaps most influentially of investors—as the main mechanism for driving improvements in corporate practice.

Modern Slavery Import Controls

Import controls, currently in force in the United States (US) and Canada, generally operate by banning a company from importing a specific commodity from a particular country or by placing a blanket ban on a specific good from a country or region, based on well-established reports of modern slavery. Since 2015, there has been a considerable increase in import bans issued by the US for goods produced wholly or in part by forced labour.

The US has also passed legislation, entered into force on 21 June 2022, which bans goods from the Xinjiang Uyghur Autonomous Region in China over concerns of forced labour of ethnic minorities. The legislation puts the onus on importers to provide “clear and convincing evidence” that forced labour was not involved. Similarly, the EU and the UK (Xinjiang only) have announced the introduction of import controls (see Appendix 1 of the complete publication, available here).

Key Strengths

  • Import bans may incentivise companies to provide remediation for workers—there are some examples of this occurring, such as the reimbursement of migrant worker recruitment fees following restrictions on major Malaysian rubber glove manufacturers.
  • Import bans may act as a deterrent, particularly through negative publicity, for other companies operating in the same region or sourcing similar There is limited evidence to date of these wider impacts.

Key Criticisms

  • A “blunt approach,” which may impact all companies operating in, or sourcing from, a region regardless of whether they demonstrate good practices in addressing modern slavery.
  • The economic impact of import restrictions on a sector or region may drive down wages and reduce job opportunities, potentially increasing workers’ vulnerability.
  • Import controls are often introduced during complex geopolitical tensions and have in some cases been followed by countermeasures from impacted countries.

Indigenous Rights

Indigenous peoples’ rights to self-determination and protection of their ancestral lands, natural resources, and heritage sites are enshrined in the United Nations Declaration on the Rights of Indigenous Peoples (UNDRIP). Following the UNDRIP, several states have adopted overarching regulations for indigenous rights which acknowledge rights to own land and to be consulted, among other rights. This legislation often recognizes the rights of indigenous peoples and the significance of their ancestral lands, but may vary in terms of coverage, implementation, and the level of autonomy granted.

Other regulatory models, such as Canada’s First Nations Land Management Act (FNLMA), focus on specific rights of indigenous peoples. Due to the request of a group of First Nation leaders, the FNLMA enables First Nations peoples to apply for and determine land codes for the use and occupancy of First Nation land, to enter into agreements with states and businesses, and to set rules on the revenue earned from the utilisation of their natural resources.

Provisions to protect indigenous rights have also been included within industry-specific legislation, such as for the mining industry. Laws on mining require the frequent involvement of indigenous peoples living in mineral-rich territories. The Philippines’ Mining Act for example, includes provisions that require the free, prior, and informed consent (FPIC) of indigenous peoples for mining activities on ancestral land, and agreements to pay royalties to the community for the utilisation of their natural resources.

More recently, business activities have brought to light regulatory shortcomings on indigenous rights. These discoveries have led to the amendment of local legislation. In 2021, the government of Western Australia adopted amendments to Section 18 of its Aboriginal Cultural Heritage Act (ACH Act) to increase statutory mechanisms to protect Aboriginal communities and guidelines for the ACH Act’s implementation. The amendment increases Aboriginal communities’ participation in and leverage on the granting of approvals and permits for activities that may affect them. Despite these developments, local legislation adopted specifically to regulate business activities in relation to indigenous peoples is not that common because companies, as part of the majority population, are already subject to the provisions within overarching national legislation for the protection of indigenous rights.

Key Strengths

  • Regulation promotes the ongoing consultation of indigenous peoples, their participation in approval processes, and adequate disclosures and indigenous impact assessments – and also helps investors to make informed decisions.

Key Criticisms

  • Cultural differences and language barriers act as a hindrance to achieving adequate and informed indigenous consultation.
  • State-determined penalties do not always encapsulate the immense value attributed by indigenous peoples to their irreplaceable resources and sacred sites affected by the breach of these legislations.

Artificial Intelligence and Human Rights

The increased use of artificial intelligence (AI) applications across businesses and industries presents a unique opportunity in technological advancement. AI can improve the allocation of resources, optimize business operations, and facilitate planning and forecasting, among other benefits that can support environmental and social objectives worldwide. The use of AI also presents several challenges concerning consumer protection and safeguarding fundamental rights, however. The use of AI-enabled decision making in contexts such as law enforcement (e.g., facial recognition technology, immigration services), social security (e.g., benefit entitlements), military operations (e.g., drones, combat robots), and finance (e.g., credit and loan decisions), among other risky contexts, can lead to severe breaches of human rights.

AI technologies may leverage flawed data and models and use opaque and complex methodologies often regarded as ‘black boxes,’ potentially leading to unpredictable and even discriminatory AI-assisted decision-making. The European Union Artificial Intelligence Act (the EU AI Act) aims to tackle the challenge of guaranteeing the protection of human rights while not stifling market competitiveness and innovation.

The EU AI Act is currently the most ambitious initiative concerning AI, but the AI debate is also ongoing in other countries. The UK has recently revealed its national AI strategy; the US House of Representatives is evaluating a proposal for national legislation to complement the patchwork of local AI-related laws already enacted across several states; the Brazilian House of Representatives approved a draft “soft law” governing AI; and China established a set of principles of governance for AI.

The EU AI Act proposes to manage the risks associated with AI by banning certain AI applications and establishing standards and safeguards to prevent the indiscriminate use of AI in specific contexts.

The proposal establishes a number of requirements, including for:

  • data governance;
  • traceability of results;
  • record keeping;
  • testing;
  • the design and quality of datasets (to minimise the risk of discriminatory outcomes);
  • adequate provision of information to users;
  • appropriate human oversight;
  • risk management; and

The legislation complements other initiatives in the EU, such as the General Data Protection Regulation (GDPR). The Act broadly defines AI as software developed using certain techniques and approaches (such as machine learning, deep learning, Bayesian estimation, and inductive logic programming) that “can, for a given set of human-defined objectives, generate outputs such as content, predictions, recommendations, or decisions influencing the environments they interact with.”

The proposal sets forth a risk-based approach to dealing with AI systems, dividing them into three risk categories and setting expectations along the entire AI value chain according to these categories: 1) unacceptable risk, 2) high risk, and 3) low or minimal risk. While those in the latter category will not be subjected to any obligations, AI systems classified as unacceptable risks will be prohibited, and those classified as high risk will be subject to extensive requirements. In addition, certain low-risk applications (e.g., chatbots) will be subject to specific transparency and information obligations.

The two risk categories that carry a prohibition or other requirements are worth describing in detail:

  • UNACCEPTABLE RISK: Refers to practices that can manipulate behaviour by using subliminal techniques or exploiting vulnerabilities, in a manner that can cause psychological or physical harm to individuals, with special attention paid to vulnerable groups (e.g., children). This risk category also covers the prohibition of general purpose social scoring by public authorities (e.g., such as instituted in China) and the use of real-time remote biometric identification systems (e.g., facial recognition technology) in public spaces for the purposes of law
  • HIGH-RISK: Refers to the intended purposes of the AI systems to determine their risk classification. AI systems intended to be used as safety components of regulated products (e.g., medical devices) are generally classified as high-risk, as are specific stand-alone AI systems that can adversely impact fundamental rights. The legislation allows for the expansion of the list of these specific stand-alone AI systems.

Key Strengths

  • The proposal has been lauded for its aim to protect fundamental rights and ensure a harmonised approach in AI regulation across the EU.

Key Criticisms

  • The consideration of individual harm as a threshold for manipulation has been a focal point of criticism, given that a causal relationship between harm and AI systems can be hard to prove. This approach is open to criticism for not encompassing manipulation which alters human decision-making by reshaping individual preferences and thereby affecting peoples’ fundamental rights generally. Further, the sole focus on individual harm does not account for the societal harm that AI systems can cause.
  • The Act does not include procedural mechanisms for affected individuals to seek
  • Researchers and civil society organizations found that the list of specific, stand-alone high-risk AI systems is lacking several intrusive practices, such as emotion recognition systems.
  • The Act lacks substantial mechanisms to ensure enforcement, as the legislation relies mostly on self-assessment as a means of compliance.
  • Industry associations and academia criticised the proposal’s definition of AI, regarding it as overarching, especially in its inclusion of statistical methods, and as having the potential to include virtually all computational techniques in its current draft.
  • The industry association European Tech Alliance highlighted that companies based in the EU will lose the ability to quickly deploy and test AI systems and therefore will become less competitive. The biggest impact is expected to be felt by SMEs and start-ups.

Investors should be mindful of how the draft regulation evolves. The Act is the first relevant attempt at regulating the development of AI systems and is likely to have an impact beyond the EU’s borders. The expectations established under the Act might inform not only product development across sectors, but also how AI is evaluated from an ESG perspective and what impacts, risks, and opportunities it brings to society and the environment. Further, AI regulation is bound to have an impact on providers of financial services, which will be expected to comply with the relevant requirements.


Regulation can be a powerful lever in addressing complex human rights challenges, driving transparency on Environmental, Social, and Governance (ESG) risks and ensuring a level playing field for companies that demonstrate leading practice. It has been noted of course that the volume of regulation does not necessarily correspond to the volume of outcomes. Only by making use of the entire investor’s toolbox, and by systematically evaluating the effects of each regulatory model, can investors and regulators alike execute on their theories of change.

For investors, however, it remains important to stay abreast of the latest regulatory developments. In particular, there are three key trends for investors to observe as the regulatory landscape evolves—the expanding scope of regulation, the strengthening of enforcement, and the growing momentum to apply human rights regulation to investment activity.

Trend 1: The scope of regulation is expanding.

Governments, led by the EU, are increasingly opting to move away from single-issue legislation to regulation that addresses the broad spectrum of human rights, including decent working conditions, indigenous rights, and community engagement. Several new human rights due diligence regulations, including in Norway (1 July 2022) and Germany (2023), require companies to address actual and potential violations of fundamental human rights, in line with the UN’s conventions on cultural rights, civil and political rights, and rights at work.

The German legislation includes environmental degradation along with human rights in its scope, one of several new regulatory initiatives recognising the intersection between human rights and environmental challenges. The focus on sustainability in the EU’s CSRD broadens corporate obligations to environmental and governance issues, along with social issues. These expanded regulatory models highlight the increasing pressure on policymakers, companies, and investors to ensure the transition to Net Zero does not come at a human cost.

Issue-specific legislation has received criticism for being too narrow in focus, allowing companies to zero in on a particular challenge without addressing the systemic rights violations that underpin the issue. Modern slavery legislation in Australia and the UK, for example, only requires companies to disclose the steps they are taking to address modern slavery risks, despite broader labour rights violations, such as underpayment of wages, hazardous conditions, and suppression of union rights, that enable and often appear concurrently with modern slavery.

In what is likely an indication of a growing trend, newly proposed modern slavery legislation in New Zealand extends to worker exploitation, which is defined as non-minor breaches of employment standards, along with severe exploitation, including forced labour and human trafficking.

Trend 2: Regulatory enforcement mechanisms are increasing in strength.

Human rights due diligence regulation, driven by EU countries at a national and regional level, is setting a precedent for use of the legislative stick, rather than relying on the carrot. The EU’s CSDD,

which envisages enforcement by member states, proposes amending the definition of breaches in directors’ duties to include the consequences of sustainability issues. The CSDD also proposes a civil liability regime, which would allow for victims to sue companies for damages, highlighting the increasing emphasis on remediation, sometimes referred to as the “forgotten pillar” of the UNGPs. Landmark legal claims for compensation and remedy over the past few years concerning forced labour in mining and cultural rights violations in renewable energy production, for example, highlight the ever-growing risk of human rights-related legal action for companies and investors. As civil society groups highlight, however, significant judicial barriers to obtaining effective remedy remain.

For modern slavery, the next year will likely see changes to strengthen and extend regulation, following strong criticism that the current lack of teeth has promoted check-box corporate responses with minimal substance. A review of Australia’s MSA this year is considering whether additional measures such as civil penalties are needed to improve compliance, while the UK has announced it intends to introduce penalties for its MSA. Proposed modern slavery legislation in Canada is considering liability for directors, along with financial penalties.

Trend 3: Investors are increasingly subject to human rights regulation.

Beyond regulatory obligations on corporations, there is growing momentum to cement the role of investors in promoting human rights and decent working conditions. Some investors are on the record as supporting the application of human rights regulation and standards to investment and lending activity. Under the EU’s Sustainable Finance Disclosure Regulation, which has been partially in force since March 2021, investors must consider whether their investment decisions have had any impact on “sustainability factors,” including human rights, and publish statements explaining whether any such adverse impacts have occurred.

Modern slavery legislation in Australia and similar legislation proposed in New Zealand requires investors to assess their portfolio exposure to modern slavery risks. The UK government is also facing pressure to extend its MSA reporting requirements to include financial investments, following research that found more than half (53%) of 79 asset managers’ modern slavery statements do not meet the minimum reporting obligations.

Beyond legislated approaches, the Sustainability Accounting Standards Board (SASB) is currently reviewing the scope of its human capital themes in the light of emerging human rights challenges. In parallel, efforts supported by the UN Human Rights Council to develop a treaty on business and human rights continue, with the current draft treaty now in its third revision. Significantly, one of the recommendations contained in the UN Working Group’s June 2021 report is for States to develop and implement policies to align institutional investment activities with the UNGPs, including with respect to due diligence.

The complete publication, including footnotes and appendix, is available here.

Both comments and trackbacks are currently closed.