I. Introduction
In recent years, the literature has highlighted the regulation of risk as “central to the modern governance of global value chains”.Footnote 1 Representative of this centrality is the recent attention dedicated by legal scholars to the study of the regulation of value chains through a plethora of legal lenses, arguably generating a “momentum towards developing a ‘law of global value chains’”.Footnote 2 While there is no “settled legal definition of the value chain”, the concept is understood to describe at least a company’s subsidiaries and suppliers, covering to different extents equity and contract-based value chain structures.Footnote 3 Legislative developments in this area have been explained in the recent literature as being part of a broader movement in value chain regulation from sustainability,Footnote 4 human rightsFootnote 5 and corporate social responsibility perspectives.Footnote 6 These initiatives are often categorised with regard to the stringency of the regulatory duties they involve for corporations. In this context, we have witnessed a progressive transformation of the focus of value chain laws from disclosure and reporting regimes to more substantive obligations that “go beyond reporting requirements and oblige transnational corporations to identify, prevent and mitigate non-financial risks in their value chains”.Footnote 7 While initial legislative interventions in this respect targeted specific sectors or issues, a new generation of due diligence laws is broadening substantive obligations, rendering them “more horizontal, cross-sectoral and cross-issue”.Footnote 8 Key developments in this respect are, for instance, the adoption of due diligence laws in France,Footnote 9 GermanyFootnote 10 and Norway.Footnote 11 In the same way, formal legislative proposals have been made concerning the subject in the NetherlandsFootnote 12 and Belgium,Footnote 13 while a European Union (EU)Footnote 14 directive is also being negotiated. These laws are largely inspired by non-binding instruments that have popularised risk-based due diligence such as the United Nations Guiding Principles (UNGPs)Footnote 15 and the Organisation for Economic Co-operation and Development Guidelines for Multinational Enterprises (OECD Guidelines)Footnote 16 – which have recently been updated.Footnote 17 These frameworks are the “international recognised standard[s] of reference” in matters concerning due diligence,Footnote 18 and they serve as the starting point of analysis for understanding the ways in which due diligence is meant to be carried out by enterprises. Both frameworks are complemented by important interpretative guidance documents that are relevant to this research – specifically, the UNGPs Interpretative GuideFootnote 19 and the OECD Guidance.Footnote 20
Value chain due diligence norms are a type of risk-based regulation. Risk-based regulation is an increasingly well-established topic that is studied within several academic and practitioner networks, referenced in numerous pieces of legislation and covered by major international publications with gradual development occurring over close to forty years.Footnote 21 This type of regulatory intervention is designed and adopted to prevent or mitigate risks (both empirically measured and subjectively perceived), aiming at making responses tailored to the specifics of each risk and proportional to the relative importance of different risks.Footnote 22 In risk-based regulations, prioritisation and proportionality assume important dimensions. While regulating every risk might be possible on paper, in practice such a capacity is limited by the level of resources needed to control and implement such regulations. Risk-based regulations with an excessively large scope can thus result in difficulties for compliance, as well as possibly harming the rule of law if it is widely accepted that compliance is impossible.Footnote 23 Furthermore, excessively risk-averse regulatory approaches can have a negative impact on the aggregate risk level, even when compliance is possible, “if the negative economic impact is particularly high, while the direct positive safety impact is low”.Footnote 24 In this context, risk-based prioritisation “looks specifically at focusing resources where the highest risk level is”, while risk proportionality “considers both the level and the characteristics of the risk to determine the most suitable content for regulations (level of standards, degree of prescriptiveness, etc.) and the choice of regulatory instruments (e.g. ex-ante permitting, ex-post controls, certification, registration, etc.)”.Footnote 25 While a plethora of different risk-based regulations and risk regulatory concepts are being used in different areas, value chain due diligence would fall under a specific type of risk regulation that is called “management-based regulation” (or “meta-regulation”).Footnote 26 Coglianese aptly sums up the concept (and provides examples) by stating that management-based regulations impose on corporations “the obligation to ‘Plan–Do–Act–Check’ with respect to addressing a public regulatory problem”, often requiring firms to begin by conducting an internal risk analysis.Footnote 27 The underlying concept of this type of regulatory command is to deploy regulatory authority in a way that leverages the private sector’s knowledge about its particular circumstances and engages firms in developing their own internal procedures and monitoring practices that respond to risks.Footnote 28 Value chain due diligence thus sets out a series of commands that require corporations to adopt very general means that would lead to the achievement of the outcomes of ultimate concern to the regulator (avoidance, prevention and mitigation of adverse impacts) without imposing per se the avoidance of this outcome (occurrence of adverse impacts).Footnote 29
Despite the momentum in favour of enacting due diligence obligations, a gap in the literature exists with regard to the study of an often-overlooked yet (arguably) essential aspect of due diligence obligations: the way in which corporations are meant to prioritise assessments and actions to comply.Footnote 30 Prioritisation mechanisms seem to be particularly relevant in the new generation of cross-issue and cross-sectoral due diligence laws. The United Nations Office of the High Commissioner for Human Rights (UN OHCHR)Footnote 31 and the OECDFootnote 32 have recommended that prioritisation mechanisms be a part of the novel legal frameworks translating non-binding due diligence obligations into law. Reporting and disclosure frameworks have also strengthened their requirements concerning prioritisation-specific disclosures.Footnote 33 Furthermore, empirical evidence suggests that despite the utilisation of prioritisation mechanisms by companies conducting value chain due diligence,Footnote 34 significant risks are deprioritised by corporations,Footnote 35 and that prioritisation remains a key challenge for companies.Footnote 36 Also, as will be seen in this article, all novel laws and proposals on due diligence make explicit reference in their text to prioritisation mechanisms.
This article compares the system of prioritisation and hierarchisation of risks devised by the UNGPs and OECD Guidelines to the ones found in European laws and proposals. The research reveals that most new laws on due diligence have regulated questions on prioritisation in a manner that is, at best, incomplete, failing to clarify some important aspects of the operation of the mechanism. Moreover, the analysis conducted identifies approaches that deviate from internationally recognised standards on the subject. The remainder of the article proceeds as follows: Section II is dedicated to developing the system of prioritisation designed by influential soft law instruments concerning value chain due diligence. Section III analyses how these systems have been regulated in different laws and proposals on the subject, comparing the solutions found to the ones developed in Section II. Section IV concludes by focusing on the outlook of the issues analysed.
II. The prioritisation of risks under the UNGPs and the OECD Guidelines
To align their behaviour with the UNGPs or OECD Guidelines, corporations are expected to take several steps to implement the due diligence process. In this context, both frameworks emphasise the possibility for corporations to prioritise their assessments and actions considering the level of risk present in their value chains. The initial step of due diligence that is most relevant for prioritisation, and that helps determine the level of risk, is that of the assessment of adverse value chain impacts. Both the UNGPs and OECD Guidelines place firmly on corporations an obligation to conduct impact assessmentsFootnote 37 ; however, the precise methodology for conducting such assessments is not clearly outlined in the frameworks, it still developing in practice and arguably is highly context-dependent.Footnote 38 While a full exploration of the subject of impact assessments in the context of due diligence is beyond the scope of this paper, some aspects need to be outlined. First, it is important to outline the moments when these assessments take place under the due diligence process, as they are inherently related to prioritisation requirements. Second, it is necessary to outline the criteria that a corporation needs to evaluate when conducting these impact assessments. The UNGPs and OECD Guidelines suggest that corporations prioritise action in two stages: at the initial due diligence stageFootnote 39 and at the level of taking action to address identified impacts.Footnote 40 In this context, it is important to shine a light on two key issues. The first issue relates to the eventual impossibility for corporations to conduct in-depth assessments of all of the entities associated with their value chains. In these scenarios, according to the UNGPs and the OECD Guidelines, corporations are expected to identify general areas where the risk of adverse impacts is most significant and prioritise these for due diligence.Footnote 41 The second issue relates to the eventual impossibility for corporations to address all of the identified and assessed impacts at the same time. In these cases, enterprises are expected to prioritise the order in which they act based on the severity and likelihood of the adverse impact.Footnote 42 This is important because the prioritisation rules regarding the assessment of impacts are distinct from those concerning how companies should address their adverse impacts. This subject is developed subsequently for each of the stages of the due diligence process.
1. Prioritisation at the stage of identification and assessment of impacts
When the number of entities in a value chain is too high to allow for due diligence to be conducted in relation to all of them, enterprises may engage in a “scoping” exercise, trying to identify “general areas of risk” where impacts may be more significant.Footnote 43 The OECD Guidance clarifies that this scoping exerciseFootnote 44 is not a mandatory step in a due diligence context but may apply to companies with diverse operations and complex value chains.Footnote 45 The exercise relates to the “mapping” of operations and the value chain structure a company conducts to identify higher-risk activities, geographies, products or business relationships.Footnote 46 Scoping allows enterprises to evaluate the particular risks of their operations by looking at sectoral, geographical, product and enterprise risk factors, including known risks that the enterprise has faced or is likely to face.Footnote 47 This preliminary assessment thus focuses on “risk factors” and on knowledge of specific impacts. Risk factors are analysed mainly through desk-based research based on credible sources, including information external to the enterprise.Footnote 48 Nonetheless, corporations should consult with “relevant experts and stakeholders” when information gaps exist.Footnote 49 This exercise relates to priorities established for in-depth identification and assessment but not to priorities concerning the order in which a corporation should address or respond to the impacts that have been identified and assessed.Footnote 50 Therefore, companies may, due to the consideration of certain value chain areas as high risk, prioritise those areas and business relations for in-depth evaluation and assessment of risks, effectively delaying the identification and assessment of impacts concerning areas or relations deemed as low risk.
A recent OECD report develops this subject by explaining the idea behind the system. Enterprises should carry “out an initial high-level scoping exercise – across their operations and types of business relationships – to first identify and prioritise their most severe and likely risk issues … on the basis of ‘risk factors’”.Footnote 51 This means that “companies take a holistic approach and consider a broad range of contextual risk factors and data sources [helping] to ensure … prioritisation decisions are, from the very outset, informed and tailored to their own circumstances”.Footnote 52 The whole value chain of an organisation and any associated business ties may not necessarily need to be mapped out completely or in detail for the scoping exercise – businesses are rather expected to comprehend the broad categories of risks and consequences to which they can be exposed depending on their industries, particular sourcing strategies or important client connections.Footnote 53
This may be relevant for compliance in at least two ways. Firstly, the acceptability of justifications for not having identified or assessed certain impacts or risks will depend on prioritisation decisions made by the company at the scoping level. A credible prioritisation exercise is thus directly relevant to demonstrating compliance with due diligence norms. A prioritisation exercise can be “credible” if it follows the relevant guidance of (soft) legal frameworks concerning its exercise, providing justifications for prioritisation decisions based on an analysis of risk factors. By doing so, companies can demonstrate that, despite the occurrence of an impact (or non-detection of a risk), due diligence expectations may still be fulfilled. By contrast, when the company does not make an in-depth assessment of risks in areas of the value chain that should have been deemed as high risk (considering contextual risk factors or previous knowledge), it may already breach the norms, regardless of the occurrence or materialisation of any impact.
Secondly, even when a company may select high-risk areas for further analysis, this further analysis, wherever it may be focused, needs to encompass at least the various issues regulated by due diligence. A company would thus not be able to say that it prioritised, for instance, carrying out in-depth impact assessments in relation to human rights but ignored carrying out in-depth assessments in relation to environmental matters. Instead, the approach requires corporations to measure and assess impacts relating to all positions protected by due diligence but not necessarily relating to all or the same areas of the value chain. This is not to say that impacts pertaining to different protected interests are necessarily located in the same areas of the value chain. Rather, when and if a company prioritises at the scoping level, it nonetheless needs to determine, for all protected interests regulated by due diligence, what are those high-risk areas, so that it can subsequently prioritise them for more in-depth assessments.
2. Prioritisation at the stage of addressing identified impacts
The second circumstance in which prioritisation may be relevant relates to the high number of impacts assessed when it is impossible to address them all simultaneously. Once certain areas of the value chain are eventually prioritised during scoping, corporations are then expected to conduct further in-depth assessments to precisely evaluate the impacts they may be involved in. After conducting such assessments, the corporation already knows what the impacts involved with its activities are, has already measured them and can locate them in specific areas of the value chain. In this case, soft law frameworks recognise that there may be “legitimate resource and logistical constraints on the ability of the enterprise to address them all immediately”.Footnote 54 This principle is “about sequencing responses”, but corporations would still be accountable for addressing all of their actual and potential impacts.Footnote 55 Furthermore, at this stage, corporations should consult with impacted or potentially impacted stakeholders and rightsholders specifically about prioritisation decisions.Footnote 56 Thus, when a corporation cannot address all impacts, it should prioritise addressing some over others. In this context, a traditional risk assessment approach is followed, ranking impacts relative to each other according to their significance. The significance of an adverse impact is determined with reference to indicators of severity (comprising scale, scope and irremediability) and likelihood.Footnote 57 Fully exploring the meaning of these concepts is beyond the scope of this paper; however, it is important to highlight that indicators of severity appear to be measured differently depending on the type of adverse impact to be assessed. For example, in the field of human rights, the scale of an impact may be expressed as the gravity or extent of infringement of those rights, whereas in the environmental field, this may be understood as the gravity of adverse environmental changes connected to the corporation’s activities. In the same sense, the scope of an impact is usually expressed in the number of people impacted or the percentage of identifiable groups of people that are impacted in the human rights field.Footnote 58 However, in the environmental field, this factor can be expressed by the geographical reach or the number of species impacted.Footnote 59 Despite these differences in metrics, the determination of the level of significance of impacts is an important aspect of what is expected from corporations when conducting in-depth assessments. The significance framework provides evaluation criteria to assess the level of risk for all impacts affecting adversely the different interests protected by due diligence norms.
3. Conclusions on prioritisation under soft law frameworks
The analysis of soft law frameworks reveals important conclusions concerning the moments when prioritisation takes place and the different criteria meant to be used at each stage. Furthermore, both scoping procedures and impact assessments stand out as important tools for prioritisation. At the initial stage of prioritisation, the scoping exercise should deliver an analysis of risk factors that justifies focusing further in-depth impact assessments in certain areas of the value chain. At a later stage, in-depth impact assessments are instead aimed at obtaining a measure for comparing and ranking the various impacts identified against each other. While the methodology to be adopted by corporations for these impact assessments is still developing in practice, soft law frameworks provide some clarity with regard to the outcomes that they are meant to yield. These are, on the one hand, the quantification of the significance indicators associated with specific impacts and, on the other hand, the determination of the type of involvement tying the corporation to those specific impacts. Assessing the significance of adverse impacts yields measurements that allow for a comparison of specific impacts relative to each other – an essential aspect when prioritising. Assessing the type of involvement that ties a corporation to an adverse impact will rather determine the nature of the responsibility binding the corporation with regard to remediation and the use of leverage.Footnote 60
However, even if impact assessments can yield such outcomes, the question remains as to determining how corporations can integrate these assessments within their corporate governance structures concerning the management of risks. Fasterling explores the challenges of integrating value chain risk assessments within broader frameworks of enterprise risk management (ERM), highlighting the inherent tensions involved in integrating broader public regulatory goals such as environmental or human rights protection within ERM systems that presuppose that all relevant risks can be ultimately rendered in strongly commensurate terms.Footnote 61 The analysis of prioritisation conducted here further reveals important limitations of risk management approaches related to the question of commensurability: namely, concerning the comparability of the significance of impacts pertaining to different policy domains. As seen, indicators of severity (scale, scope and remediability) are measured in different ways depending on the type of impact considered. There is thus difficulty in comparing measures of severity that do not pertain to impacts affecting the same protected interests under due diligence regulations. Even assuming one can compare these measures of severity, the different weight attributed to the likelihood component in the case of human rights impacts complicates the establishment of a cross-issue hierarchy of impacts. Contrary to other types of impacts, the likelihood of human rights risks will have a lesser weight in the assessment of its overall significance because a delayed response may affect remediability.Footnote 62 Corporations are not meant to delay their responses to human rights impacts that have a low probability of occurring, and the dominant factor to consider is instead the severity of the impact.Footnote 63 Thus, if a human rights impact is determined to have the same level of severity as an environmental impact, it will be difficult for an enterprise to assess when the likelihood of that environmental impact would justify determining its significance as superior to that of the human rights impact. This is problematic since, to comply with due diligence obligations, a corporation should be able to justify why it prioritises addressing certain impacts over others; however, if it does so, it opens itself up to the possibility of being held accountable for this decision. Impacts pertaining to the same policy domain appear to be measured by indicators of significance that are comparable, and corporations could arguably devise a methodology to demonstrate credibly why addressing one concern should take priority over another. The situation is different when choosing to prioritise across different protected positions, and it is not clear, neither in the literature nor in any of the frameworks, how this challenge is to be addressed. A final note in this section should also mention that due diligence is a dynamic process. As such, over time, the nature, quantity and significance of risks present in a firm’s value chain can vary. This complicates the process for corporations, as it requires a constant monitoring of the levels of risk already identified as well as a constant monitoring of possible risks not yet identified. Only by ensuring such monitoring can corporations guarantee that the level of significance of different impacts is correctly assessed and ranked against other adverse impacts identified.
III. The prioritisation of risks under due diligence laws and legislative proposals
This section analyses the various laws and proposals that are “hardening” due diligence obligations. Comparing the solutions found in these laws on the question of prioritisation to those found in soft law frameworks can be useful for understanding whether regulatory action in this field is aligned with non-binding normative frameworks. Even though all frameworks analysed contain at least references to risk prioritisation, the level of detail and development of these requirements and their operation are variable across the different norms analysed. As will be seen, two different approaches are identified in this context: a more limited and general approach as well as a more detailed and specific approach.
1. Laws on value chain due diligence
a. A limited and general approach
Some of the laws enacted on this subject in the EU opt to regulate the question of prioritisation following a limited and general approach. This approach consists in mentioning the concept of prioritisation without detailing the ways in which it is meant to operate. For example, the French law merely contains references to prioritisation without specifying the stages at which it can take place nor the criteria to be followed by enterprises when prioritising.Footnote 64 Similarly, the Norwegian law also merely contains a reference to prioritisation appearing to be directed only at the stage of addressing impacts.Footnote 65 The question raised is thus that of knowing how the concept of prioritisation should be interpreted under these laws. Good arguments would support interpreting the concept of prioritisation under these laws in accordance with that developed under international soft law frameworks of reference. For example, parliamentary works on the French law referred to the UNGPs and OECD Guidelines as sources of inspiration to interpret the obligation,Footnote 66 and the Norwegian law goes further by making clear that due diligence should be carried out “in accordance with the OECD Guidelines”.Footnote 67 Nevertheless, these laws and proposals can be said to regulate the question of prioritisation mechanisms in a limited and very general manner. The concept of prioritisation is merely placed within these regulations without much explanation concerning the relevant aspects of its operation.
b. A detailed and specific approach
Other laws opt to follow a different approach by regulating in more detail the question of prioritisation. The German law is the case in point here, in that is provides in its text a set of prioritisation criteria to be followed by corporations by alluding to various factors in a non-exhaustive list.Footnote 68 A recent interpretative guidance document issued by the German administration on the question of prioritisation also clarifies that prioritisation can take place at the scoping level and that corporations should focus efforts on data collection regarding high-risk suppliers, provided that they are aware of their integration into the value chain.Footnote 69 The guidance also makes clear that, at this stage, the abstract assessment of risks should take place by reference to risk factors (mentioning at least sector-specific and country-specific factors).Footnote 70 In this respect, the interpretation set out in the guidance by the German administration seems to be aligned with international frameworks of reference. However, with regards to prioritisation criteria at the level of addressing adverse impacts, the German law outlines criteria that go beyond what is developed by international frameworks of reference. The guidance document on the prioritisation of risk concerning the law clarifies that the German legislator intended to apply the significance framework only to a select group of entities in the value chains of companies bound by the legislation: namely, high-risk direct suppliers.Footnote 71 The criteria to be used in prioritisation decisions on addressing impacts related to other entities in the value chain (eg indirect suppliers) is thus broader than the one found in the soft law frameworks. This solution found in the German law was justified because of concerns relating to the proportionality of the regulation and the need to limit further the vertical value chain scope of the regulation by introducing an adequacy criterion based on a sliding model of involvement in adverse impacts (instead of the graduated model found in soft law frameworks).Footnote 72 However, the solution found appears to be problematic for prioritisation in at least one sense. It frustrates the objective of requiring corporations to address, in the first place, those adverse value chain impacts that are more significant. It does so by displacing factors used for other purposes and bringing them into the analysis of prioritisation and hierarchisation of risks. For example, the nature of the causal relationship between a company and a given risk determines the kind of response that corporations should take. Certain stronger or closer causal relations (causation or contribution) will, in principle, warrant remediation, whereas weaker or more distant ones (linkage) may only give rise to an obligation to prevent or mitigate a risk. However, this question is different from knowing which impacts corporations should prioritise when prioritisation is necessary. It may well be that an impact to which a corporation is merely linked should be prioritised for action because it is more significant than one that the same corporation may have caused or contributed to. Thus, factors “such as the degree of leverage a company has over a particular business relationship, will impact the actions companies take to address an impact – but not how they prioritise”.Footnote 73 By adding an expanded set of prioritisation criteria, the German legislator may have increased the flexibility awarded to companies to comply with the regulation; however, this flexibility comes at the expense of not requiring corporations to prioritise addressing the most significant risks present in their value chains.
2. Legislative proposals on value chain due diligence
Despite not being formally enacted laws on value chain due diligence, a mention of current legislative proposals on this subject is useful for reflecting on the approaches identified in Section III.1 and for showcasing the realm of possibilities suggested by different legislators when regulating the question of prioritisation.
The Dutch proposal goes further than a mere mention of prioritisation by setting a clear obligation for companies to collect information on sectoral, geographical, product and enterprise-level risk factors in the initial stages of due diligence.Footnote 74 The initial version of the Belgian proposal only contained a reference to prioritisationFootnote 75 ; however, the amended version of the proposal goes further by developing prioritisation criteria, adding that companies must assess the “significance, the risk and the urgency” of adverse impacts, using language arguably inspired by the OECD Guidelines.Footnote 76 In providing such additions, these texts furnish additional normative content related to aspects that are relevant for prioritisation: namely, the assessment of risk factors in the Dutch case or the assessment of significance indicators in the Belgian case. The pathway of the EU negotiations on the due diligence text also showcases interesting aspects. The European Commission proposal only had short references to prioritisation in its recital,Footnote 77 making unclear the ways in which corporations are supposed to prioritise in the operative part of the text. However, later versions of the text start to enter the terrain of more specific and detailed approaches. The European Council’s general approach added a new “Article 6a” on the subject of prioritisation and explicitly mentioned the scoping procedure (contemplating the possibility for corporations of conducting it and, through it, deciding on priorities for in-depth assessment).Footnote 78 The recent European Parliament (EP) political compromise more clearly defines the concept of risk factors,Footnote 79 as well as their relevance in the context of prioritisation decisions at the initial stages of due diligence.Footnote 80 In relation to the significance framework, all of the EU documents analysed here mentioned it to some extent as the criteria to be followed in the context of prioritisation at the level of addressing impacts by referring to the severity and likelihood of adverse impacts.Footnote 81 However, only the European Council’s general approach makes clear that, at the level of addressing the impacts identified and assessed, the significance criterion is the one that provides exclusive guidance on prioritisation decisions.Footnote 82 While the final text of the law is still being negotiated, it is worth noting that the inclusion of contextual risk factors as criteria to be “taken into account” at the stage of addressing impacts appears not to be aligned with the aims of prioritisation established by soft law frameworks internationally, which reserve for this stage the significance of identified risks as the exclusive criteria for prioritising action. In this sense, the recent EP proposal appears to deviate from internationally recognised guidance on the subject. The analysis of these proposals also reveals that, as they evolve through different versions, prioritisation mechanisms tend to be regulated in an increasingly detailed and specific manner, as can be seen in the evolution of the Belgian and EU proposals.
3. Stakeholder engagement and prioritisation
An aspect where all laws and proposals are silent is the question of stakeholder engagement concerning prioritisation decisions. Only the EU,Footnote 83 DutchFootnote 84 and BelgianFootnote 85 frameworks clearly state that the measures and plans to be established by a company should be elaborated based upon a consultation of interested stakeholders. The NorwegianFootnote 86 and GermanFootnote 87 laws, respectively, adopt less stringent formulations by requiring corporations to “communicate” or “give due consideration to the interests” of affected stakeholders and rights-holders. Nevertheless, none of the frameworks address the question of whether prioritisation decisions imply specific stakeholder engagement, as is made clear by the OECD Guidance.Footnote 88 As argued elsewhere, stakeholder engagement requirements have different functions in the different stages of the due diligence process.Footnote 89 At the initial stage of identifying and assessing impacts, stakeholder engagement would serve to help one to understand the specific impacts of a corporation’s value chain, support prioritisation decisions, reveal whether stakeholders have different perspectives on what the impacts are and how significant they may be and identify different perspectives within and between stakeholder groups.Footnote 90 This contrasts with the role of stakeholder engagement at a stage when corporations are addressing specific impacts. Here, stakeholder engagement is rather expected so that stakeholders can contribute ideas on appropriate actions to take.Footnote 91 In particular, taking into account the prioritisation mechanisms just described, it can be argued that stakeholder engagement at the scoping level can help ensure that corporations are selecting the correct areas of the value chain for further analysis, and that the adverse impacts addressed in those areas are probably the most significant in each policy field. By contrast, at the level of prioritising specific actions, stakeholder engagement should focus on the specific prioritisation decisions being considered by the enterprise to address certain impacts over others. If companies are not transparent about their prioritisation decisions, stakeholders may have difficulties understanding them and be concerned that corporations are not being held accountable for all of their impacts. This analysis highlights that stakeholder engagement can arguably contribute to better prioritisation decisions. However, for the moment, the question of stakeholder engagement in the context of prioritisation decisions is not regulated by any of the laws and proposals within the realm of theoretical possibility.
IV. Conclusion
This analysis shows how the system of prioritisation and hierarchisation of risks developed by the UNGPs and OECD Guidelines has permeated into laws and legislative proposals, suggesting that it holds considerable normative influence in regulatory initiatives relating to due diligence. As these mechanisms become integrated into hard law, prioritisation decisions may imply responsibility for non-compliance when corporations do not identify, assess or address specific impacts. This paper argues that whether and how prioritisation is conducted should not be a matter solely at the discretion of corporations but should rather be mandated by legislation. Given this, specifying prioritisation requirements and modes of operation within the legislative text has the advantage of detailing what is expected from corporations when prioritising, the moments when this prioritisation can take place, the criteria to be used by corporations to this effect and the stakeholder engagement requirements concerning these decisions. Not developing or specifying such aspects leaves these questions unanswered and open to interpretative leeway. This absence of clarity may have repercussions for the application and interpretation of those laws, such as knowing whether and what kinds of justifications a corporation might advance for conducting in-depth assessments and evaluations concerning certain specific corporate activities or business relations but not others, or for deciding to address certain adverse impacts over others. This article thus argues that the specification of these aspects in the text of the norms is welcomed, particularly when it is aligned with international soft law standards on the matter. To facilitate this task, new laws being designed on the subject should clearly address the questions of when and how to prioritise. A correct understanding and application of prioritisation allows companies to prioritise consistently and effectively across jurisdictions without “giving undue weight to other factors”, such as the proximity of or influence over a business partner or the nature of the causal connection to the harm.Footnote 92 Deviating from the significance framework risks leading companies to spend time and resources mapping and evaluating risks and impacts whose significance is probably low, thus frustrating the aims of due diligence.Footnote 93 The analysis of laws and proposals raises awareness of the fact that some frameworks regulate prioritisation mechanisms in ways that might not be entirely aligned with soft law frameworks on the matter, with a case in point being the conflation of the significance framework with other prioritisation criteria at the stage of addressing impacts found in the German law and EP proposal. This article thus alerts us to the potential nefarious effects that such conflation might entail: namely, those of frustrating the aims of risk-based prioritisation of requiring companies to address in the first place those impacts that are relatively more significant in the overall context of their value chain. A clearer understanding of the prioritisation mechanisms contained in soft law frameworks provides an important basis for understanding what is expected of corporations in this context. This article provided this analysis, filling a gap in the literature and also highlighting the difficulties that remain concerning the comparability of adverse impacts pertaining to different protected interests regulated by due diligence.
Financial support
This article has received funding from the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (grant agreement No 949690).
Competing interests
The author declares none.