75+ organisations call on EU to ensure tech sector accountability
November 30th, 2022

We, the undersigned organisations and institutions, seek to draw your attention to aspects of the draft Corporate Sustainability Due Diligence Directive and its application to the use of technology and the technology sector, which is responsible for some of the most egregious human rights harms. There are four key areas which need amending.

Scope of companies subject to the law

The threshold for companies covered under the Directive, in relation to their size and turnover, should be revised and significantly lowered for all companies. Further, under the current framework of defining lower thresholds for ‘high impact sectors’, the technology sector needs to be included in the list of such sectors. Inclusion of those financing technology and other companies must also be retained and strengthened, and current limitations of their due diligence duty lifted.

Scope of rights 

The scope of due diligence obligations must cover all human rights. The list of rights and international instruments and conventions enumerated in the Directive should be considerably expanded to include those often impacted by and relevant to technology, such as freedom of expression, and all protective instruments for human rights defenders. It should be made clear the lists are non-exhaustive and there is no hierarchy.

Further, the Directive should explicitly mandate companies to examine the intersectionality of rights and contexts of marginalisation. This includes requirements for companies to assess, address and remedy their impacts on marginalised groups and specifically to undertake gender-responsive human rights, good governance and environmental due diligence.

Value chains and business relationships

The technology sector is often characterised by the sporadic nature of relationships which, despite their transience, have profound human rights implications. Facial recognition technology, for example, typically begins with a coding process by one firm for a buyer, and while their relationship is not ‘established’, the initial code contributes to a potentially very harmful end product.

The Directive should follow the UN Guiding Principles and OECD Guidelines, which stipulate that a business’ responsibility to respect human rights, good governance and the environment covers its whole value chain, with a focus on severity and likelihood of risks.

It must not limit the value chain scope of companies’ due diligence duty to certain types of business relationships, to impacts in the upstream supply chain, or otherwise, as this would allow impunity to persist.

Coverage of risks and harms across the full value chain needs to be retained and strengthened if the Directive is to address technology-related abuse, which often occurs in technology companies’ downstream value chains.

Stakeholder engagement & access to justice and remedy

In the technology sector (as in all others), engagement with affected rights- and stakeholders is essential for effectively determining human rights risks, impacts and appropriate action.

The Directive needs to transition from characterising stakeholder engagement as an option available to companies to being a mandatory pillar of effective corporate due diligence.

Protection for the rights of those critical stakeholders who come forward for engagement – including those who may deliver hard truths to the sector, such as human rights defenders and workers’ organisations – should be explicitly included without reservation. Further, marginalised groups must be included in the process.

Crucially, there needs to be robust enforcement of the Directive through administrative penalties and civil liability for harms, without any blanket exemptions for companies but including explicit provisions to lift barriers to access to justice, which are pervasive in the technology sector as in so many other sectors.