Anna Triponel | September 2020
Companies are expected—by soft law, hard law in some jurisdictions, their investors and their consumers—to build their understanding of where there could be negative impacts on people occurring in their value chain. Where could the company inadvertently be relying on child labour? Forced labour? Workers who face reprisals for speaking up? And the list goes on.
Mapping potential human rights risks throughout complex value chains and across multiple countries can be daunting for companies. The process first entails building awareness of a company’s supply chain, beyond tier one, before being able to evaluate the most severe risks to people and planet within it.
A number of companies in recent years have made significant progress in this mapping exercise, and the process is helping them focus on a select number of the most important, most severe – also known as the most ‘salient’ – human rights issues within their supply chains.
But, what is it then that companies are looking for? What factors are helping them assess human rights risks in their supply chains?

It will come as no surprise to you that the authoritative framework for business on human rights – the UN Guiding Principles on Business and Human Rights – and documents that build on it – such as the OHCHR’s Interpretive Guide and the UN Guiding Principles Reporting Framework – help provide guidance to companies on what to look for.
The assessment of human rights risk across an entire value chain depends on a number of factors. It will be helpful for companies to gain a sense of the risks inherent in four main buckets:
- The operating context (the country and/or region where a company or supplier sources raw materials, manufactures products, or has other operations);
- A specific business activity (such as a resource extraction, refining and processing raw materials, manufacturing, etc.);
- Relationships with specific business partners (who will have human rights risks in their own operations and supply chains and different levels of policies and processes to manage these risks); and
- The presence of vulnerable groups in operations or supply chains (such as children, women, LGBTQ+ individuals, indigenous peoples, ethnic minorities and other marginalized groups, migrant workers, etc.)
This article provides further information for companies seeking to assess human rights risks in their value chains, based on lessons learned from companies undertaking this process. The table below elaborates further on the four risk factors of operating context, business activity, business relationships and the presence of vulnerable groups.
Risk factor | What does this risk factor mean in practice? |
The operating context (the country/ region) | In some operating contexts, there is a much higher likelihood that human rights impacts will occur – and if they do, they can lead to much more severe harm on people than in other operating contexts. Looking into the operating context entails considering questions such as:
Because human rights risks evolve constantly, and desktop resources may quickly be out of date in some contexts, it can be particularly helpful to complement this assessment with conversations and interviews with key stakeholders. This can include civil society and trade unions operating in the area, as well as confidential lesson-sharing conversations with peers that have been exploring similar questions in the same operating context. For further information on country risk, see Assessing Country Risk in Company Supply Chains: Publicly available indices and lessons learned. |
An activity | Some activities carry higher risks that human rights impacts will occur – and if they do, they can lead to much more severe harm on people than in other activities .Looking into risks inherent to business activities entails assessing which activities are more prone to human rights risks than others. For instance:
Colleagues in the business will typically have some level of insights into the risks involved with the activities the company undertakes or outsources. Even if they are looking at risks from a risk to business standpoint (e.g. this kind of work is prone to accidents and increases the company’s potential legal liability; this mining activity may trigger community protests and increases the company’s security risk), these remain helpful insights to bring in to the assessment. It can be helpful to bring professionals with deep understanding of what an activity entails together with the sustainability/ human rights expertise (in-house or external to the company) who can help pull out the risks to people involved with a specific activity. Corroborating the findings with a few external partners who are close to the activities in question can provide further insights into activity risk that the company may not have considered. |
Business partners | Some business partners will have weaker mitigation measures in place to manage human rights risks than others. Looking into this area includes determining whether certain business partners carry certain risks by virtue of:
There are some pitfalls to keep in mind here. For instance, some companies assume that large well-established business partners have processes in place and carry less human rights risk. In practice, the reverse can be true – since smaller companies may have a strong working culture based on respect, while large companies may be relying disproportionately on policies on paper. |
The presence of vulnerable groups | Where some vulnerable groups are present in the company’s value chain, this increases the likelihood that human rights harm could take place – and it also increases the severity of this harm. These groups can be, for instance, children, women, LGBTQ+ individuals, indigenous peoples, ethnic minorities and other marginalized groups, or migrant workers. Examples are:
This kind of assessment can be initiated on desktop basis. At the same time, the assessment of the presence of these stakeholders will depend on the company’s unique value chain and therefore the inputs into this assessment are to be created by the company itself (e.g. requesting its business partners to disclose where it uses labour brokers and migrant workers; requesting business partners for gender data points). |