The latest updates to the Organisation for Economic Co-operation and Development (OECD) Guidelines for Multinational Enterprises on Responsible Business Conduct in June 2023 thrust supply chain diligence into the spotlight. What used to be voluntary standards are slowly becoming unavoidable human rights and environmental supply chain due diligence rules for multinational companies. With the European Union spearheading the charge with sustainability laws like the Corporate Sustainability Due Diligence Directive (CSDDD) – which is informed by and incorporates the OECD guidelines – the game has changed. It is time for businesses to make supply chain due diligence a top priority to prevent reputational and other major costs.

These developments are not limited to companies operating in the EU. Indeed, over the past few years, we also have seen the introduction of the US’s Uyghur Forced Labor Prevention ActCanada’s Fighting Against Forced Labour and Child Labour in Supply Chains Act and Japan’s Guidelines on Respecting Human Rights in Responsible Supply Chains, with other countries expected to follow suit with the introduction of supply chain transparency legislation. Companies also are increasingly making affirmative statements in their voluntary sustainability reports and policies that they are OECD-aligned. As scrutiny in this space grows, it will be critical that such assertions are substantiated.

Whilst the guidelines themselves are voluntary, OECD member states will need to establish a national grievance mechanism to receive complaints for violations of the guidelines. Companies should be mindful of the reputational and financial risks attached to being reported, as well as the risk of a potential finding of noncompliance being used in parallel proceedings or investigations brought under new sustainability laws. For example, noncompliance with the CSDDD could see businesses facing fines of up to 5% of global turnover, or restricted access to finance where a company can no longer satisfy the ‘do no significant harm’ principles and minimum safeguards under the EU’s Sustainable Finance Disclosure Regulation (SFDR) and Taxonomy Regulation.

We review the recently updated guidelines below and set out practical steps businesses can take to ensure they are compliant.

Background

The OECD is an international organisation focused on establishing international standards and policies to address social, economic and environmental challenges. It first released its Guidelines for Multinational Enterprises on Responsible Business Conduct in 1976, setting standards for responsible business conduct across a range of issues, such as human rights, labour rights and the environment. The guidelines also encouraged sustainable development and set expectations that businesses address the adverse impacts that they may have or have had on people, societies and the environment. Since their introduction, the guidelines have been revised a number of times. On 8 June 2023, the OECD released its latest revised update.

Additionally, on 3 May 2024, the OECD revised its AI Principles, initially adopted in 2019. As one of the first intergovernmental standards on artificial intelligence, these principles now explicitly emphasise responsible business conduct and environmental sustainability throughout the AI system life cycle, consistent with the updated guidelines. This includes co-operation with the suppliers of AI systems, as well as AI system users and other stakeholders in the supply chain.

Key updates

The 2023 updates to the guidelines do not change the nine broad topic areas covered by the original guidelines,[1] but rather seek to update these in alignment with evolving expectations for businesses concerning responsible business conduct. The key updates are:

Risk-based due diligence

The updated guidelines draw on the United Nations’ Guiding Principles on Business and Human Rights in setting out due diligence principles companies are expected to follow when conducting human rights – as well as environmental – due diligence (see the OECD Due Diligence Guidance for Responsible Business Conduct). Businesses are expected to avoid and address adverse impacts that they cause, or contribute to, and must seek to prevent or mitigate adverse impacts directly linked to their products, operations or services through a business relationship. Businesses’ due diligence responsibilities are therefore not limited to a company’s own operations, but are expected to cover the entire upstream and downstream value chain, including the impacts of a business’s product or service on consumers and users.

Climate change and environmental impacts

The updated guidelines reinforce the need to conduct business in an environmentally sensitive way. Companies are now expected to align with internationally agreed goals on climate change (such as the Paris Agreement) and biodiversity. The updated guidelines clarify the expectation that companies must identify, assess, mitigate and – where necessary – remediate potential and actual adverse environmental impacts in their upstream and downstream value chain. Environmental considerations are not limited to climate change and also include animal welfare, biodiversity, deforestation and pollution.

Stakeholder engagement

The updated guidelines expect businesses to ‘meaningfully’ engage with stakeholders throughout the due diligence process, with particular attention given to those negatively affected. Particular sensitivity should be shown to stakeholders who are more vulnerable, and businesses are advised to take steps to remove barriers to engagement.

Disclosure

The updated guidelines now provide for requirements which recommend businesses disclose information on how they comply with their environmental and human rights obligations. 

Updated enforcement mechanisms

National Contact Points for Responsible Business Conduct (NCPs) were originally introduced in 2001 with a twofold mandate of promoting the guidelines and handling complaints. The updated guidelines now give more power to NCPs and their complaint procedures to ensure their visibility, effectiveness and functional equivalence.

Science and technology

The guidelines now include due diligence expectations on the development, financing, sale, licensing, trade and use of technology – including the gathering and using of data – thereby extending due diligence requirements to the digital sphere. The OECD’s AI Principles are aligned with this recommendation and provide further guidance on what this should look like in practice.

What steps can companies take to implement the guidelines and avoid complaints?

To ensure compliance with the guidelines and minimise the risk of complaints or litigation, businesses should consider implementing the following measures:

  • Embed responsible business practices into policies and management systems and include expectations in engagement with suppliers and other business relationships.
  • Identify and assess actual and potential adverse impacts and consider the importance of environmental and human rights impact assessments.
  • Cease, prevent and mitigate adverse impacts.
  • Track implementation and results.
  • Communicate how impacts are addressed.
  • Provide for and cooperate in remediation when appropriate.

Above all, businesses should ensure that they properly represent whether they are complying with the OECD guidelines or any other human rights instrument, such as the United Nations’ Guiding Principles on Business and Human Rights.

Enforcement: Why should businesses take action?

While new supply chain due diligence legislation is introducing new enforcement mechanisms worldwide, such as the national penalties which EU member states can impose for failure to comply with the CSDDD, compliance with the guidelines’ recommendations ultimately remains voluntary for businesses.

However, companies which do not comply are at risk of being reported to a country’s NCP, bringing with it reputational damage and occasionally introducing barriers to public procurement and investment.

When receiving a complaint against a company headquartered in a particular OECD member state, in the first instance, the relevant NCP will review specific complaints brought before them and facilitate ‘good offices’ by encouraging dialogue or providing for conciliation and/or mediation. Following this stage, if agreement was reached, the NCP will issue a final report, which can contain further recommendations to be implemented by the business against which a complaint has been raised. If no agreement is reached, the NCP will issue a statement on the case and provide recommendations on how to proceed.

NCPs also have the power to set out their views on whether companies have complied with the guidelines, as well as the power to inform government agencies of good faith engagement – or absence thereof. This may have major impacts on a company’s access to public procurement and may give rise to governmental investigations against a denounced company. For those companies that are seeking to position themselves as ‘sustainable’ under the EU’s SFDR and Taxonomy Regulation, it also may restrict their access to capital, irrespective of their environmental credentials.

Companies that claim alignment with the OECD guidelines in their voluntary sustainability reports and policies also are at increased risk of enforcement action where such claims are unsubstantiated. Companies wishing to make such affirmative statements should ensure that human rights impact assessments have been conducted in order to ensure that such claims are not misleading, failing which they may be at risk of litigation.

Effectiveness

According to the OECD, 650+ cases relating to company operations in more than 105 countries and territories have been resolved. Over one-third of all cases which were accepted for further examination resulted in agreement, and half of those led to internal policy changes in the companies. Even in instances where cases are not accepted, a complaint to the OECD and the resulting reputational damage can result in corporate policy changes.

For example, in 2019, ClientEarth raised a complaint against BP before the UK’s NCP alleging that BP’s advertising campaign gave a false impression of the relative scale of renewable and low-carbon energy in BP’s business, and that it made misleading claims about the environmental impact of gas. It was reported that as a consequence of this complaint, and before the UK NCP could issue an initial assessment, BP withdrew the advertising campaign and announced it would redirect resources towards promoting climate policies.

As an additional point, the various environmental, social and governance (ESG) legislative provisions that are being adopted in jurisdictions across the world may ultimately seek to rely on the information and complaints found in the NCP mechanism to assess compliance with their respective sustainability frameworks. At a time when large corporations are facing more public scrutiny from civilians and activist organisations, the power of the OECD guidelines and NCPs should not be underestimated.

Primary insight

The updated guidelines provide companies with a useful benchmark on the expected scope of their ESG due diligence policies. Companies should note that the guidelines are not a stand-alone soft-law instrument, as they sit alongside a multitude of sustainability and supply chain legislation that is being enacted and implemented globally. Therefore, while voluntary, the updated guidelines provide useful clarity and guidance for companies looking to navigate the ever-growing global legislative framework for ESG compliance. If you would like to understand the potential implications of these developments on your business, you can contact our Cooley lawyers listed below.


[1] These are: (1) disclosure; (2) human rights; (3) employment and industrial relations; (4) the environment; (5) bribery and other forms of corruption; (6) consumer interests; (7) science, technology and innovation; (8) competition; and (9) taxation.

Posted by Cooley