The Human Rights Golden Thread: Streamlining Compliance in the TMT Sector Amidst Regulatory Convergence

I. Introduction: The Human Rights Imperative in the Digital Age – A TMT Focus

The global landscape of corporate responsibility is undergoing a profound and irreversible transformation. A paradigm shift is underway, moving decisively away from voluntary corporate social responsibility initiatives towards a new era defined by mandatory human rights due diligence (mHRDD). This evolution is fundamentally anchored in international standards, most notably the UN Guiding Principles on Business and Human Rights (UNGPs), endorsed unanimously by the UN Human Rights Council in 2011.1 The UNGPs establish an authoritative global benchmark, articulating the state's duty to protect human rights and the corresponding responsibility of businesses to respect these rights through their operations and relationships.1 Central to this responsibility is the concept of human rights due diligence – an ongoing, dynamic process, not a mere check-box exercise.2 It compels businesses to proactively identify, assess, prevent, mitigate, and account for their actual and potential adverse impacts on human rights and, increasingly, the environment.2 A critical element of this framework is its focus: the primary concern is the risk posed to rights holders—individuals and communities whose rights may be affected—rather than solely the material risks confronting the business itself.3 This represents a fundamental reorientation in corporate risk perception and management.

Within this evolving context, the Technology, Media, and Telecommunications (TMT) sector, particularly its largest players often referred to as "Big Tech," occupies a unique and complex position. These companies operate at the dynamic intersection of rapid technological innovation, unprecedented global scale, profound societal influence, and deeply intricate supply chains. Their products and services – encompassing social media platforms, artificial intelligence systems, cloud computing infrastructure, sophisticated hardware, and telecommunications networks – now mediate fundamental aspects of modern life, from communication and information access to commerce and civic participation. This central role, however, creates a distinct and amplified set of human rights risks. Issues ranging from data privacy and freedom of expression online to labor conditions in global electronics manufacturing supply chains are inherent to the sector's operations. Consequently, TMT companies find themselves disproportionately exposed to, and increasingly scrutinized under, the burgeoning global regime of human rights compliance. The very nature of TMT business models and technologies often magnifies potential human rights impacts; for instance, the vast user base of major platforms amplifies the consequences of content moderation decisions on free speech, while the complexity of global hardware supply chains increases exposure to modern slavery risks. Similarly, the centrality of data processing creates inherent tensions with privacy rights, and the deployment of AI introduces novel risks related to bias and discrimination.4 This inherent amplification effect necessitates a particularly robust and principled approach to human rights within the TMT sector.

The compliance challenge confronting TMT companies is formidable. They must navigate a complex and often overlapping patchwork of regulations spanning multiple jurisdictions. This includes mandatory supply chain due diligence laws, regulations governing digital content and services, and expanding environmental, social, and governance (ESG) reporting mandates. Simultaneously, these companies face intensifying pressure from a diverse array of stakeholders. Investors, consumers, and civil society organizations are applying greater scrutiny to corporate human rights performance, demanding transparency and demonstrable ethical conduct. ESG factors, with human rights as a core component of the 'Social' pillar, are now central to investment analysis and decision-making. Consumers, empowered by greater access to information, increasingly favor companies perceived as socially responsible. Attempting to manage this multifaceted compliance burden through fragmented, siloed, or purely reactive approaches is proving inefficient, ineffective, and fraught with increasing legal, financial, and reputational risk. The concurrent emergence of mHRDD laws, the integration of human rights into ESG frameworks, the recognition of the environment-human rights nexus (HREDD), and the rise of sector-specific digital regulations signals a fundamental convergence of expectations around corporate accountability for broad societal impacts. This convergence renders fragmented compliance strategies inadequate, as they fail to address the interconnected nature of these issues and lead to significant inefficiencies.

This report advocates for a strategic shift towards a streamlined, multi-framework risk assessment process specifically tailored for TMT companies. The central argument is for the adoption of fundamental human rights principles as a "golden thread"—an organizing logic that unifies diverse compliance obligations and risk management activities. This approach, grounded in internationally recognized standards like the UNGPs 1 and the broader commitments championed by the UN High Commissioner for Human Rights (UNHCHR) 4, allows TMT companies to integrate disparate legal requirements, stakeholder expectations, and ESG criteria into a cohesive and efficient strategy. By embedding human rights respect at the core of their operations and strategic decision-making, TMT firms can not only navigate the complex regulatory environment more effectively but also manage risks holistically, build stakeholder trust, and ultimately create more sustainable long-term value.

II. The Tangled Web: Navigating Global Human Rights Regulations for TMT

The regulatory landscape governing corporate human rights responsibilities is becoming increasingly complex and demanding, particularly for globally operating TMT companies. Understanding this web requires appreciating both the foundational principles and the specific legislative mandates emerging across key jurisdictions.

A. Foundational Principles: The Normative Bedrock

At the heart of the evolving regulatory framework lie internationally recognized principles that provide the normative foundation for corporate human rights responsibilities. The UN Guiding Principles on Business and Human Rights (UNGPs) stand as the authoritative global standard.1 They articulate the "Protect, Respect, Remedy" framework, clarifying the state duty to protect human rights, the corporate responsibility to respect human rights, and the need for access to effective remedy for victims of business-related abuses.1 Crucially, the UNGPs establish the expectation that businesses conduct human rights due diligence (HRDD) to identify, prevent, mitigate, and account for their impacts on human rights.2 Complementing the UNGPs, the OECD Guidelines for Multinational Enterprises offer practical guidance on responsible business conduct, including detailed recommendations on implementing HRDD.3 These foundational frameworks are not merely aspirational; they form the conceptual basis and are increasingly referenced in binding legislation, such as the EU's Corporate Sustainability Due Diligence Directive, demonstrating their direct influence on hard law. The broader human rights context is provided by the Universal Declaration of Human Rights (UDHR) 6, the International Covenant on Civil and Political Rights (ICCPR) 10, the International Covenant on Economic, Social and Cultural Rights (ICESCR) 14, and the ILO Declaration on Fundamental Principles and Rights at Work.18

B. Mandatory Supply Chain & HRDD Frameworks: A Jurisdictional Mosaic

Building upon these principles, numerous jurisdictions are enacting mandatory legislation, creating a complex mosaic of compliance obligations for TMT companies operating globally.

  1. European Union (EU): The EU has taken a significant leap with the Corporate Sustainability Due Diligence Directive (CSDDD). This directive imposes comprehensive, binding HRDD obligations on large companies operating within the EU market, including non-EU companies meeting substantial turnover thresholds within the EU. Companies covered must implement a six-step due diligence process, aligned with OECD guidance, across their entire value chain to identify, prevent, mitigate, and remediate adverse human rights and environmental impacts. The scope is broad, covering internationally recognized human rights and key environmental conventions. Non-compliance carries substantial risks, including significant fines with a maximum limit set by Member States at not less than 5% of the company’s net worldwide turnover, and potential civil liability for damages arising from failures in due diligence. Implementation will be phased, starting in July 2027 for the largest companies. The CSDDD is complemented by the Corporate Sustainability Reporting Directive (CSRD), which mandates detailed sustainability reporting, including human rights impacts, according to the European Sustainability Reporting Standards (ESRS) for a wider range of companies, starting with reports published in 2025 for the 2024 financial year.
  2. Germany: The German Supply Chain Due Diligence Act (LkSG – Lieferkettensorgfaltspflichtengesetz) is already in force, applying to companies with over 3,000 employees in Germany since 2023 and extended to those with over 1,000 employees in 2024. It mandates the implementation of a robust risk management system to identify, assess, prevent, mitigate, and address human rights and specific environment-related risks within the company’s own operations and at direct suppliers, with obligations extending to indirect suppliers upon substantiated knowledge of potential violations. The Act covers a defined catalogue of human rights risks (e.g., prohibition of child labor, forced labor, slavery, disregard for occupational safety and health, freedom of association, inadequate wages) and environmental risks related to specific pollutants and waste handling. Enforcement is managed by the Federal Office for Economic Affairs and Export Control (BAFA), which can impose significant penalties, including fines up to 2% of the company’s average annual global turnover and exclusion from public contracts for up to three years.
  3. United Kingdom (UK): The UK Modern Slavery Act 2015 (MSA) requires commercial organizations with a global turnover of £36 million or more, supplying goods or services in the UK, to publish an annual statement detailing the steps taken to ensure slavery and human trafficking are not occurring in their business or supply chains. The focus is on transparency, requiring disclosure across specific areas: organizational structure, policies, due diligence processes, risk assessment and management, effectiveness measures (KPIs), and relevant staff training. While the current Act lacks direct financial penalties for non-compliance or inadequate statements, failure to comply carries significant reputational risk. However, the UK government has consulted on strengthening the Act, potentially introducing mandatory content requirements, penalties for non-compliance, and extending obligations towards broader mandatory human rights due diligence. Furthermore, the proposed “Commercial Organisations and Public Authorities Duty (Human Rights and Environment) Bill” signals a potential move towards a more stringent regime, mandating HRDD for human rights and environmental harms, potentially imposing civil liability, and requiring publication of due diligence assessments.
  4. California (USA): The California Transparency in Supply Chains Act (TISC), enacted in 2010, applies to large retailers and manufacturers ($100 million+ annual worldwide gross receipts) doing business in California. It mandates disclosure on their websites regarding specific actions taken to eradicate slavery and human trafficking from their direct supply chains, covering verification, audits, supplier certification, internal accountability standards, and training. The Act primarily functions as a transparency tool, empowering consumers and stakeholders with information. Enforcement lies solely with the California Attorney General, who can seek injunctive relief; there are no direct financial penalties for non-disclosure, but reputational consequences and potential legal action for misrepresentation exist.
  5. Australia: The Australian Modern Slavery Act 2018 mirrors the UK approach, requiring entities based or operating in Australia with annual consolidated revenue of at least AUD 100 million to submit annual Modern Slavery Statements. These statements must address mandatory reporting criteria covering structure, operations, supply chains, modern slavery risks, actions taken, effectiveness assessment, and consultation processes. Statements are publicly available on the Modern Slavery Statements Register. A statutory review of the Act has concluded, recommending potential amendments such as introducing penalties for non-compliance and requiring entities to implement a formal due diligence system. Currently, the responsible Minister can request explanations or remedial actions from non-compliant entities and publish details of non-compliance.
  6. Canada: The Fighting Against Forced Labour and Child Labour in Supply Chains Act came into force on January 1, 2024. It imposes annual reporting obligations on government institutions and private sector entities meeting specific thresholds related to size (assets, revenue, employees) that produce, sell, distribute, or import goods into Canada. Reports must detail the entity’s structure, activities, supply chains; policies and due diligence processes related to forced and child labor; risk assessment; measures taken to remediate risks or any instances found; remediation provided to victims; and employee training. Notably, the Act includes enforcement mechanisms, with potential fines up to CAD 250,000 for non-compliance or making false statements, and potential personal liability for directors and officers who knowingly participate in an offence.

This jurisdictional overview reveals a complex, overlapping, and sometimes inconsistent tapestry of requirements. Companies operating globally face significant challenges in tracking and satisfying the specific nuances of each law – differing thresholds trigger obligations, the scope of human rights or environmental issues covered varies, and enforcement mechanisms range from transparency mandates to substantial financial penalties and liability risks. This regulatory fragmentation underscores the inefficiency of tackling compliance on a law-by-law basis and highlights the strategic value of a unifying, principles-based framework.

Furthermore, comparing earlier transparency-focused legislation (like California's TISC and the initial UK MSA) with more recent enactments (Germany's LkSG, the EU CSDDD, Canada's Act) and proposed reforms (in the UK and Australia) reveals an unmistakable global trend. The direction is clearly towards mandatory, enforceable human rights and environmental due diligence obligations, backed by significant financial penalties and potential legal liability, moving far beyond mere disclosure requirements. This escalating regulatory pressure significantly raises the stakes for corporate compliance.

Comparative Overview of Key mHRDD Legislation Impacting TMT

Jurisdiction

Law Name

Scope (Indicative Companies Covered)

Core Obligations

Enforcement / Penalties

EU

Corporate Sustainability Due Diligence Directive (CSDDD)

Large EU companies (>1000 employees, >€450m net worldwide turnover); Non-EU companies (>€450m net EU turnover)

Comprehensive HRDD & environmental DD across value chain (identify, prevent, mitigate, remediate); Adopt climate transition plan; Reporting (via CSRD/ESRS)

Max fines not less than 5% net worldwide turnover; Civil liability for damages; Administrative orders

Germany

Supply Chain Due Diligence Act (LkSG)

Companies >1000 employees in Germany

Implement risk management system; Conduct HRDD & environmental DD (specific risks) in own operations & direct suppliers (indirect suppliers if substantiated knowledge); Reporting

average annual global turnover; Exclusion from public tenders up to 3 years; BAFA oversight & orders

UK

Modern Slavery Act 2015 (MSA)

Commercial orgs. >£36m turnover supplying goods/services in UK

Annual transparency statement on steps taken to prevent modern slavery in supply chain & business (covering 6 recommended areas: structure, policies, DD, risk, KPIs, training)

Currently no direct penalties for non-compliance; Reputational risk; Potential future penalties & broader HRDD under consideration

California

Transparency in Supply Chains Act (TISC)

Retailers/Manufacturers >$100m global gross receipts doing business in CA

Disclose efforts on website regarding supply chain verification, audits, supplier certification, internal accountability, training re: slavery/trafficking

Enforcement by Attorney General via injunctive relief only; No financial penalties for non-disclosure

Australia

Modern Slavery Act 2018

Entities >AUD 100m consolidated revenue based/operating in Australia

Annual statement addressing 7 mandatory criteria (structure, operations, supply chains, risks, actions, effectiveness, consultation); Public register

Currently no direct penalties; Minister can request action/publish non-compliance; Penalties & DD system requirement under review

Canada

Fighting Against Forced Labour and Child Labour in Supply Chains Act

Govt institutions; Entities meeting size thresholds (assets, revenue, employees) producing/selling/distributing/importing goods

Annual report on steps taken to prevent/reduce risk of forced/child labour (structure, activities, supply chains, policies, DD, risk assessment, remediation, training)

Fines up to CAD 250,000; Potential personal liability for directors/officers

C. The Digital Frontier: Regulating Rights Online

Beyond supply chains and general operations, specific regulations are emerging to address the unique human rights impacts arising from digital technologies and online platforms – areas of core relevance to the TMT sector.

  1. EU Digital Services Act (DSA): This landmark regulation aims to create a safer, more transparent online ecosystem while explicitly protecting fundamental rights.22 It imposes tiered obligations on various online intermediaries, with the most stringent requirements applying to Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) – those with over 45 million monthly active users in the EU.23 Key obligations for VLOPs/VLOSEs include implementing measures to tackle illegal content, conducting comprehensive risk assessments to identify and analyze systemic risks stemming from their services (including risks related to illegal content dissemination, adverse effects on fundamental rights like freedom of expression, media pluralism, non-discrimination, consumer protection, children’s rights, and negative effects on physical and mental well-being) 23, and implementing reasonable and effective mitigation measures.25 The DSA also mandates significant transparency regarding content moderation practices, advertising systems (including targeting parameters), and the functioning of recommender systems.22 While aiming to protect users and rights, the DSA’s provisions on content moderation inevitably create complex challenges in balancing the removal of harmful material with the protection of freedom of expression, leading to ongoing debate about potential over-censorship.23 Enforcement includes potential fines up to 6% of global turnover for non-compliance.26  
  2. UK Online Safety Act (OSA) 2023: The OSA establishes a new regulatory framework imposing duties of care on providers of user-to-user services (like social media) and search services accessible in the UK.28 The primary goal is to enhance user safety, particularly for children, by requiring services to take proactive steps against illegal content and implement measures to protect children from content that is harmful to them (even if legal for adults).28 The Act mandates transparency about content policies and risk assessments 29, and requires platforms to provide users with greater control over the content they encounter.28 Specific duties relate to tackling illegal content like child sexual abuse material (CSAM) 28 and content encouraging self-harm or suicide.28 Similar to the DSA, the OSA generates significant discussion regarding its potential impact on freedom of expression and privacy rights.29 Enforcement is handled by Ofcom, with powers to impose fines up to £18 million or 10% of global turnover, whichever is higher.30
  3. Emerging AI Regulation: Although not detailed in the provided source materials, the global regulatory trajectory clearly includes dedicated frameworks for Artificial Intelligence (AI), such as the EU AI Act. These emerging regulations are critical for the TMT sector, as AI development and deployment carry profound human rights implications related to algorithmic bias, discrimination in areas like hiring or access to services, surveillance capabilities, impacts on decision-making autonomy, and the need for transparency and accountability.4

Critically, these digital regulations should not be viewed in isolation from broader HRDD obligations. The requirements within the DSA for systemic risk assessments concerning fundamental rights 25, or the OSA's focus on preventing online harms 29, are effectively specific applications of human rights due diligence principles within the digital context. They demand that TMT companies analyze and address the human rights impacts of their online platforms, algorithms, and content management practices. Therefore, compliance efforts related to digital regulations must be integrated into a company's overarching HRDD framework, rather than being treated as separate technical or legal compliance silos.

III. TMT's Distinct Human Rights Risk Profile and Associated Challenges

Technology, Media, and Telecommunications companies operate within a unique risk environment where traditional industrial challenges intersect with novel risks arising from the digital sphere. Understanding this distinct profile, and the inherent challenges in managing it, is crucial for effective human rights due diligence. TMT companies face potential adverse impacts across their value chains, stemming from their products, services, operational footprint, and complex supply networks. This dual exposure – encompassing both tangible risks associated with physical hardware and manufacturing, and intangible risks linked to software, data, and online content – necessitates a uniquely comprehensive and adaptable compliance framework.

Key salient human rights risk areas for the TMT sector include:

  • Digital Rights: This is a rapidly evolving area encompassing a wide range of potential harms:
  • Data Privacy: Violations related to the collection, processing, sharing, and security of vast amounts of user data; inadequate consent mechanisms; data breaches.
  • Digital Surveillance: Facilitation of state or private surveillance through technology infrastructure, products, or data access requests.
  • Algorithmic Bias and Discrimination: Deployment of AI and algorithms that perpetuate or amplify societal biases, leading to discriminatory outcomes in areas such as hiring, loan applications, content filtering, predictive policing, or access to essential services.4
  • Freedom of Expression: Challenges related to content moderation policies (balancing removal of harmful content with free speech), platform responses to government censorship demands, arbitrary account suspensions, and ensuring equitable access to platforms for diverse voices.4
  • Misinformation and Disinformation: The role of platforms and algorithms in the amplification and spread of false or misleading information that can incite violence, undermine democratic processes, or endanger public health.4
  • Accessibility: Failure to design hardware, software, and online services that are accessible to persons with disabilities.
  • AI Ethics: Risks associated with the development and deployment of advanced AI, including lack of transparency in decision-making, accountability gaps, and potential impacts on human autonomy.4
  • Supply Chain and Operational Rights: TMT companies, particularly those involved in hardware manufacturing, face significant risks deeply embedded in global supply chains:
  • Labor Rights: Violations in electronics manufacturing hubs, including forced labor, child labor, excessive working hours, low wages, unsafe working conditions (occupational health and safety), restrictions on workers’ rights to organize and bargain collectively (freedom of association).
  • Conflict Minerals: Sourcing of tin, tantalum, tungsten, and gold (3TG) from regions where mineral trade finances armed conflict and human rights abuses.
  • Environmental Impacts Linked to Human Rights: Issues such as hazardous e-waste disposal impacting community health, water depletion or pollution from manufacturing facilities affecting local populations’ right to water and health, and the broader contribution to climate change impacting vulnerable communities. The increasing recognition of Human Rights and Environmental Due Diligence (HREDD) underscores this link.
  • Gig Economy Labor Practices: For platforms relying on gig workers, issues related to fair wages, working conditions, social security access, and algorithmic management practices.
  • Access and Equity:
  • The Digital Divide: The potential for technology deployment to exacerbate existing societal inequalities if access to devices, internet connectivity, and digital literacy is unevenly distributed.

These sector-specific risks are not abstract concerns; they directly engage the legal obligations outlined in the expanding regulatory landscape. Labor rights abuses in the supply chain fall squarely within the scope of Modern Slavery Acts, the German LkSG, and the EU CSDDD. Content moderation practices and the impacts of algorithms are central to the risk assessment requirements of the EU DSA and the safety duties under the UK OSA. Data privacy failures connect to comprehensive data protection laws like GDPR (though not explicitly detailed in the provided snippets, it is a critical related framework) and the broader right to privacy considered under universal HRDD principles. Environmental impacts from manufacturing or e-waste link directly to the HREDD trend and the environmental components of laws like the LkSG and CSDDD. Furthermore, stakeholder pressure is often most acute around these high-visibility TMT issues, driving companies to act beyond minimum legal compliance.

A. Salient Human Rights Risks in the TMT Sector: A Harms-Based Perspective

A "regulation-agnostic" approach to human rights compliance means focusing first and foremost on the potential harm to people 3, grounded in the universal commitments outlined by the UN Human Rights framework (including the UDHR, ICCPR, ICESCR, and the work of the UNHCHR) 4, rather than solely on the letter of specific laws. This harms-based perspective, central to the UNGPs 2, helps identify the most salient risks – those with the most severe potential negative impact on rights-holders.3 Below are key salient risks, particularly relevant to the TMT sector, examined through this lens:

Human Right / Harm Area

Definition / Relevant International Standard

TMT Context / Specific Risks

Relevant Regulations

Enforcement Examples

Child Labour, Safety, and Rights

Prohibition of child labour (ILO Decl. 18, ICESCR Art. 10 14); Protection of children from exploitation, harm (UDHR Art. 25 6); Right to education (UDHR Art. 26 8, ICESCR Art. 13 15)

Child labour in electronics supply chains; Online exploitation (CSAM) via platforms 30; Exposure of minors to harmful/inappropriate content (mental health impacts) 28; Lack of age verification/protection for vulnerable users.

CSDDD, LkSG, Canada Act, UK MSA, UK OSA 28, EU DSA 25

CSDDD/LkSG fines/liability for supply chain failures; OSA/DSA fines for inadequate child safety measures/CSAM removal.26

Modern Slavery / Forced Labour

Prohibition of slavery, servitude, forced labour (UDHR Art. 4 6, ICCPR Art. 8 10, ILO Decl. 18)

Forced labour, debt bondage, human trafficking in electronics manufacturing supply chains (e.g., excessive hours, withheld documents, coercive practices).

CSDDD, LkSG, UK/AU MSAs, Canada Act, CA TISC

CSDDD/LkSG fines/liability; MSA transparency requirements (reputational risk, potential future penalties); Canada Act fines/director liability.

Working Hours / Living Wage

Right to just and favourable conditions of work, including fair wages and reasonable limitation of working hours (UDHR Art. 23, 24 8, ICESCR Art. 7 16)

Excessive working hours, denial of fair wages/living wage in supply chains; precarious conditions for gig economy workers mediated by platforms.

CSDDD, LkSG, ILO Decl. 18

CSDDD/LkSG fines/liability for failure to address wage/hour violations in due diligence.

Discrimination

Right to non-discrimination based on race, colour, sex, language, religion, opinion, origin, etc. (UDHR Art. 2, 7 6, ICCPR Art. 2 10, ICESCR Art. 2 14, ILO Decl. 18)

Algorithmic bias in AI (hiring, content delivery, services) 4; Discriminatory content/hate speech online; Unequal treatment in workplace/supply chain; Digital divide exacerbating inequality.

CSDDD, LkSG, EU DSA 25, UK OSA 28, Equality legislation, Emerging AI Acts

DSA/OSA fines for failure to mitigate discriminatory content/algorithmic bias risks; CSDDD/LkSG fines/liability for supply chain discrimination; National equality law claims (e.g., AI recruitment case study).

Security (of Person)

Right to life, liberty and security of person (UDHR Art. 3 6, ICCPR Art. 9 10)

Physical safety risks in manufacturing (unsafe conditions); Online threats, harassment, cyberstalking, incitement to violence facilitated by platforms; Mental health impacts from online abuse/harmful content.29

CSDDD, LkSG, EU DSA 25, UK OSA 28

CSDDD/LkSG fines/liability for unsafe working conditions; DSA/OSA fines for failure to address illegal/harmful content risks (threats, harassment, self-harm content).26

Privacy and Integrity

Right to freedom from arbitrary interference with privacy, family, home, correspondence; protection against attacks on honour/reputation (UDHR Art. 12 6, ICCPR Art. 17 12)

Unlawful surveillance (state/private) facilitated by tech; Data breaches; Misuse/excessive collection of personal data; Intrusive targeted advertising; Online reputational harm (doxing, disinformation).

GDPR (implied), CSDDD, EU DSA 22, UK OSA 35

GDPR fines; DSA/OSA requirements for transparency/risk assessment related to privacy impacts; CSDDD due diligence obligations covering privacy risks.

Freedom of Expression / Opinion

Right to freedom of opinion and expression, including seeking, receiving, imparting information (UDHR Art. 19 6, ICCPR Art. 19 12)

Content moderation decisions (over/under removal); Platform censorship/account suspension; Algorithmic filtering impacting information access; Spread of disinformation impacting informed opinion.4

EU DSA 25, UK OSA 35

DSA/OSA requirements for transparency, user appeals, risk assessment balancing safety and expression; Potential challenges under national laws protecting speech.

Human Dignity

Inherent dignity of all members of the human family is the foundation (UDHR Preamble 6, ICCPR Preamble 10, ICESCR Preamble 14); Freedom from degrading treatment (UDHR Art. 5 6, ICCPR Art. 7 10); Technology should respect human dignity 4

Dehumanizing online abuse/harassment; Exploitative platform practices; AI systems lacking transparency or undermining human autonomy 4; Technology used in ways that violate fundamental freedoms.36

EU DSA 25, UK OSA 28, CSDDD, UNGPs 2

DSA/OSA duties related to harmful content/user well-being; CSDDD requires addressing impacts undermining human rights broadly; UNGPs call for respecting dignity.2

Consumer Protection / Exploitation via Platform

Right to adequate standard of living (UDHR Art. 25 8, ICESCR Art. 11 14); Protection against unfair practices (OECD Guidelines - Consumer Interests 3); Protection from economic exploitation (ICESCR Art. 10 14)

Sale of unsafe/illegal goods via online marketplaces; Fraudulent advertising 28; Exploitative platform terms/practices ("dark patterns" 27); Facilitation of scams or financial exploitation.

EU DSA 22, UK OSA 28, Consumer protection laws

DSA/OSA requirements for marketplace due diligence, ad transparency, tackling illegal goods/fraudulent ads; National consumer law enforcement.

B. Overarching Challenges in Addressing TMT Risks

Addressing this diverse risk profile is compounded by inherent complexities and significant operational challenges:

  1. Supply Chain Opacity and Assessment Complexity: TMT supply chains, especially for electronics, are notoriously opaque, often involving multiple tiers of suppliers spread across numerous countries. Evaluating these intricate networks is a significant undertaking, with limited visibility beyond Tier 1 suppliers making traceability extremely challenging. Assessments must cover not only ethical practices and regulatory compliance but also financial stability, operational efficiency, and technological capabilities, further complicated by diverse global regulations and cultural norms. Achieving transparency and applying standardized criteria is hindered by this lack of visibility, varying global standards, difficulties in building trust, and the sheer volume of data involved.
  2. Internal Visibility and Data Integration: Gaining end-to-end visibility across complex internal processes is difficult, hindering the ability to respond effectively to disruptions or identify internal risk factors. Disparate IT systems and siloed teams often prevent a holistic view, while outdated technologies or manual processes can impede real-time monitoring. Integrating diverse data sources (internal audits, supplier data, HR records, platform metrics) is technically complex, and data quality issues can undermine the effectiveness of internal reviews and risk assessments.
  3. Embedding HRDD Effectively: While mandatory regulations and stakeholder expectations drive the need for robust HRDD processes, implementation faces hurdles. Identifying, assessing, mitigating, and reporting on human rights risks in complex value chains is resource-intensive. The lack of traceability beyond direct suppliers, the difficulty of conducting meaningful stakeholder engagement (especially with vulnerable groups), and the need for significant data analysis capabilities hinder effective HRDD implementation.
  4. Training and Awareness Gaps: Comprehensive training across all organizational levels is essential for effective human rights risk management, yet developing and delivering impactful programs is challenging due to the complexity and evolving nature of risks and regulations. Engaging employees, measuring training effectiveness, and securing participation from senior leadership and board members (who require tailored training on oversight responsibilities) require dedicated effort.
  5. Policy, Governance, and Reporting Burdens: Establishing effective governance frameworks and drafting comprehensive policies aligned with diverse international, national, and regional regulations (which are constantly evolving) is a significant task. Implementation requires strong communication, monitoring, and enforcement mechanisms, while balancing global consistency with local requirements adds complexity. Managing compliance in extended supply chains with limited direct control is particularly difficult. Furthermore, meeting detailed reporting requirements (e.g., under CSRD, CSDDD, MSAs) necessitates collecting, managing, and ensuring the accuracy and comparability of vast amounts of data from diverse internal and external sources, often hampered by a lack of standardization and reliable sub-tier data.

An interesting duality exists within the TMT sector: the very technologies that create or amplify certain human rights risks (e.g., data analytics, AI, global communication platforms) can also be leveraged as part of the solution for managing HRDD. Technology can potentially enhance supply chain transparency, facilitate risk analysis across vast datasets, provide platforms for stakeholder engagement or grievance mechanisms, and monitor compliance indicators. However, the deployment of technology for compliance purposes must itself be scrutinized through a human rights lens.4 For example, using technology for enhanced worker monitoring in supply chains could raise significant privacy concerns. TMT companies must therefore navigate this complex interplay, responsibly leveraging their technological capabilities for HRDD while remaining vigilant about the potential human rights implications of the tools themselves.

Mapping Salient TMT Human Rights Risks to Key Regulatory Frameworks

TMT Risk Area

Specific Risk Examples

Relevant
Regulations/Frameworks

Data Privacy

Unauthorized data collection/use, data breaches, inadequate consent, intrusive tracking

UNGPs (Right to Privacy), GDPR (implied), CSDDD, DSA (systemic risks) 25, ESG Criteria

Algorithmic Bias

Discriminatory outcomes in hiring, credit, content delivery; lack of transparency/explainability

UNGPs (Non-discrimination), CSDDD, DSA (systemic risks) 25, Emerging AI Acts, ESG Criteria

Content Moderation

Over/under moderation impacting free speech/safety, lack of due process, inconsistent enforcement, government censorship demands

UNGPs (Freedom of Expression), DSA (risk assessment, transparency) 25, OSA (safety duties) 28

Digital Surveillance

Facilitating government surveillance, sale of surveillance tech, intrusive workplace monitoring

UNGPs (Right to Privacy), CSDDD

Supply Chain Labor

Forced/child labor, low wages, unsafe conditions, restricted association in electronics manufacturing

UNGPs (Labor Rights), CSDDD, LkSG, UK/AU MSAs, Canada Act, CA TISC, OECD Guidelines, ESG Criteria

Conflict Minerals

Sourcing 3TG minerals financing conflict

UNGPs, OECD Guidelines (Specific Supplement), CSDDD, US Dodd-Frank Sec. 1502 (implied), ESG Criteria

E-waste/Environment

Hazardous waste disposal impacting community health, resource depletion, pollution from manufacturing affecting right to health/clean environment

UNGPs (Right to Health/Environment), CSDDD, LkSG (specific env. risks), HREDD principles, ESG Criteria

Digital Divide

Unequal access to technology/internet/digital literacy exacerbating inequality

UNGPs (Non-discrimination, Right to Development), ESG Criteria

Misinformation

Amplification of harmful false/misleading content impacting safety/democracy

UNGPs (indirect impacts on various rights), DSA (systemic risks) 25, OSA (illegal/harmful content) 28

IV. A Regulation-Agnostic, Multi-Disciplinary Framework for Human Rights Risk Assessment

Confronted with the complex regulatory mosaic (Section II) and the sector's distinct risk profile and challenges (Section III), TMT companies require a more strategic and integrated approach to human rights compliance than typically exists today. Current practices often suffer from fragmentation, with different departments managing related risks in silos: Legal might focus on specific statutory compliance, Procurement on supplier codes, Product Development on digital safety features, and a separate ESG team on sustainability reporting. This siloed approach inevitably leads to inefficiencies, duplication of effort (e.g., multiple supplier questionnaires asking for similar information), inconsistent application of standards across the business, and dangerous blind spots where significant risks fall between departmental responsibilities. The sheer complexity and interconnectedness of the issues demand a unified model.

The proposed solution is to adopt internationally recognized human rights principles as the central organizing logic—the "golden thread"—that weaves through all corporate functions and processes related to identifying, managing, and reporting on social and environmental impacts. This means elevating the corporate responsibility to respect human rights, as defined by the UNGPs 1, to a core strategic principle. Crucially, this involves consistently applying the UNGPs' emphasis on assessing risk to people – the potential severity and likelihood of adverse impacts on rights holders – as the primary lens for analysis and prioritization.3 This section outlines a robust, multi-disciplinary, and regulation-agnostic method for conducting Human Rights Risk Assessment (HRRA) based on this principle, drawing from the UNGPs and OECD Guidelines.

A. Defining Human Rights Risk Assessment (HRRA): Focus on People and Value Chains

  1. Core Definition: Human Rights Risk Assessment (HRRA) is fundamentally a systematic process enabling a company to identify and understand its actual and potential adverse impacts on human rights.38 This assessment extends beyond the company’s own operations, encompassing risks across its entire value chain, including supply chains and impacts associated with products or services.38 The primary objective is to develop an accurate, comprehensive understanding of these risks to inform effective mitigation strategies. It is a forward-looking exercise aimed at preventing harm.34
  2. Distinguishing HRRA from Traditional Risk Management (The Harms-Based Approach): A critical distinction sets HRRA apart from conventional enterprise risk management (ERM). While ERM primarily focuses on risks to the enterprise (financial, operational, legal, reputational), HRRA fundamentally shifts the perspective outward, prioritizing the identification and assessment of risks to people (rights-holders) who may be adversely affected by business activities.3 This outward-facing, harms-based approach, rooted in the UN Human Rights framework 4 and central to the UNGPs 2, is the defining characteristic. HRRA operates on the principle of assessing “impacts on human rights,” focusing on potential or actual negative consequences for rights-holders.3 While the primary lens is harm to people, failing to manage these impacts often translates into significant business risks (reputational damage, legal challenges, operational disruptions), creating interconnected risks where harm to rights-holders jeopardizes business value.3
  3. Distinguishing HRRA from Human Rights Impact Assessment (HRIA): While related, HRIA typically involves a more granular, in-depth investigation focused on a specific project, site, or product line, often involving extensive field research.38 HRRA, particularly initially, might be broader, screening entire portfolios, supply bases, or identifying the most significant (“salient”) risks across the business.3 HRRA can precede a detailed HRIA or function as a standalone assessment for prioritizing severe potential threats.3
  4. Operational Scope: The Value Chain Perspective: Modern HRRA, aligned with international standards like the UNGPs and CSDDD, requires a comprehensive scope across the value chain 2, considering:
    • Impacts caused or contributed to by the company’s own activities.2
    • Impacts directly linked by business relationships (upstream suppliers, downstream distributors/customers/end-users), even if not directly caused by the company.2
  5. Key Objectives: HRRA aims to identify salient risks (most severe potential negative impacts) 3, identify rights-holders at risk, inform preventative/mitigative action, understand context-specific impacts, and ensure alignment with international standards (and thus, often, national regulations).38 HRRA is the foundational assessment step within the broader, ongoing process of human rights due diligence (HRDD).3 

B. Foundational Frameworks: UNGPs and OECD Guidelines as the Global Standard

The UN Guiding Principles on Business and Human Rights (UNGPs) 1 and the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct 3 form the authoritative basis for corporate responsibility.

UNGPs: Endorsed by the UN Human Rights Council in 2011 1, they establish the "Protect, Respect, Remedy" framework.1 Pillar II, the Corporate Responsibility to Respect Human Rights, is operationalized through Human Rights Due Diligence (HRDD) – the ongoing process of assessing impacts, integrating findings, tracking responses, and communicating.2

OECD Guidelines: Government-backed recommendations for multinational enterprises, updated most recently in 2023, explicitly aligned with the UNGPs. They cover a broader scope of Responsible Business Conduct (RBC) topics (human rights, environment, labor, anti-bribery, etc.) and emphasize risk-based due diligence across all areas. Adhering governments establish National Contact Points (NCPs) for promotion and grievance handling.3

These frameworks provide a regulation-agnostic foundation because they are universal, principles-based (allowing tailored application based on severity of impacts) 3, and, particularly the OECD Guidelines, inherently integrate multiple disciplines (human rights, environment, social, governance) under the umbrella of RBC and due diligence.3 Crucially, these "soft law" standards are increasingly referenced in binding legislation (like the EU CSDDD, CSRD, German LkSG), effectively hardening expectations and making adherence a legal and commercial necessity.3 Their alignment provides a clear pathway for a single, globally applicable HRRA/HRDD approach.

C. Core Methodologies: UNGP HRDD vs. OECD Due Diligence Steps

While converging on the core expectation of risk-based due diligence, the frameworks articulate the process slightly differently:

UNGP HRDD Process (UNGP 17-24): Focuses on the corporate responsibility to respect human rights through four ongoing components 2:

  1. Assessing Impacts: Identify and assess actual/potential adverse impacts using expertise and meaningful stakeholder consultation. Prioritize based on severity (scale, scope, irremediability) to find salient issues.3
  2. Integrating Findings and Taking Action: Embed insights into internal functions and take appropriate action (prevent, mitigate) based on the company’s connection (cause, contribute, linked). Use leverage with business partners.2
  3. Tracking Responses: Monitor the effectiveness of actions using indicators and stakeholder feedback.2
  4. Communicating: Report externally on how impacts are addressed, especially to affected stakeholders.2

OECD 6-Step Due Diligence Framework (OECD Due Diligence Guidance): Provides a practical, structured framework applicable across all RBC areas 3:

  1. Embed RBC into policies and management systems: Adopt policy commitments, integrate into governance, assign responsibility, train staff, communicate expectations.
  2. Identify and assess adverse impacts: Map operations/value chain, identify high-risk areas, gather detailed impact information, assess severity/likelihood, prioritize.
  3. Cease, prevent or mitigate adverse impacts: Take action based on assessment and connection (cause, contribute, linked). Use leverage, develop action plans, consider relationship suspension/termination as a last resort.
  4. Track implementation and results: Monitor effectiveness of due diligence activities and outcomes. Use lessons learned for improvement.
  5. Communicate how impacts are addressed: Publicly report on policies, processes, risks, actions, and effectiveness.
  6. Provide for or cooperate in remediation: Offer or support remedy processes when the company caused or contributed to harm.

By understanding and integrating these complementary frameworks, TMT companies can develop a comprehensive, regulation-agnostic HRRA methodology that forms the core of the "golden thread" approach. This unified assessment process, prioritizing risks to people across the value chain and integrating human rights with broader ESG considerations, allows companies to streamline compliance efforts and manage risks more effectively and efficiently.

V. Practical Implementation: Weaving the Golden Thread into TMT Operations

Translating the "golden thread" concept into practice requires addressing specific operational challenges prevalent in the TMT sector, as highlighted in Section III.B. It necessitates systemic changes across various business functions, supported by appropriate tools, processes, and a conducive organizational culture.

A. Tackling Supply Chain Opacity

  1. The Challenge: A significant hurdle for effective HRDD in TMT, particularly for hardware manufacturers, is the limited visibility beyond Tier 1 suppliers. Electronics supply chains are notoriously complex, multi-tiered, and geographically dispersed, making comprehensive assessment and traceability extremely difficult.
  2. Golden Thread Application: The human rights focus guides where and how to probe deeper into the supply chain. Instead of attempting to audit every supplier, companies should adopt a risk-based approach, prioritizing based on severity and likelihood of impact. This involves identifying high-risk areas (geography, commodities like conflict minerals, specific processes) and concentrating mapping and assessment efforts there. Leveraging technology (supply chain mapping platforms, AI risk detection), targeted supplier assessments, in-depth audits, requiring certifications, and industry collaboration are key tactics. Human rights requirements must be embedded into supplier codes and contracts.

B. Data Integration and Management for Holistic Assessment

  1. The Challenge: Effective HRDD requires a holistic view, yet TMT companies often struggle with internal data fragmentation due to disparate systems and siloed teams. Poor data quality, lack of standardization, and difficulties integrating diverse information sources impede comprehensive risk analysis and meeting detailed reporting requirements (e.g., under CSRD/CSDDD).
  2. Golden Thread Application: Implementing the golden thread requires investing in integrated data management systems. This involves establishing platforms to consolidate risk-relevant data from across the value chain (supplier audits, worker surveys, product testing, algorithm assessments, content moderation data, environmental metrics, grievance logs). The overarching human rights framework structures this data, defines KPIs, and ensures consistent tracking. This unified data pool supports internal assessment and facilitates efficient external reporting.

C. Cultivating a Rights-Respecting Culture: Training and Governance

  1. The Challenge: Embedding human rights respect requires fostering a genuine organizational culture beyond policies. Developing and delivering comprehensive, tailored training across all levels (Board to staff) is essential but challenging, as is measuring effectiveness and ensuring senior leadership engagement. Establishing effective governance with clear accountability is complex, especially globally.
  2. Golden Thread Application: A commitment to the golden thread must be championed by leadership and permeate the culture. This involves tailored training, articulating policy, explaining role-specific risks (e.g., AI bias for engineers, forced labor for procurement), and outlining internal processes. Board-level oversight is crucial. Reinforcement occurs through clear policies, accessible grievance mechanisms, potentially linking HR performance to incentives, and fostering open communication and whistleblower protection.

D. Meaningful Stakeholder Engagement

  1. The Challenge: The UNGPs and CSDDD emphasize engaging with potentially affected stakeholders (workers, users, communities) for accurate risk identification and effective mitigation/remedy.3 However, conducting genuine, inclusive, and safe engagement is often resource-intensive and practically difficult.38
  2. Golden Thread Application: A human-rights-centered approach necessitates integrating meaningful stakeholder engagement throughout the HRDD cycle. This means moving beyond perfunctory consultation to proactively seeking input from diverse user groups in design, engaging directly with supply chain workers (e.g., via independent worker voice mechanisms), consulting affected communities, and maintaining dialogue with civil society.39 Insights must inform risk assessments, mitigation design, and grievance mechanism evaluation.

Successfully weaving the human rights golden thread through TMT operations is not a superficial exercise. It demands systemic change, investment in technology and data infrastructure, adjustments to supply chain management, robust cross-functional governance, and a deep-seated cultural transformation. Without addressing these underlying elements, the framework risks remaining ineffective. Ultimately, while policies and systems are necessary, the success hinges on organizational culture – a genuine, leadership-driven commitment to prioritizing human rights, reinforced through training and embedded in performance expectations.

VI. Conclusion: Leading with Principle – The Strategic Advantage of Integrated Human Rights Compliance

The evolving global landscape leaves TMT companies with little choice but to engage seriously with human rights compliance. The proliferation of mandatory due diligence laws like the CSDDD, coupled with intensifying stakeholder expectations and the integration of human rights into core ESG considerations, creates a complex and demanding environment. Attempting to navigate this through fragmented, reactive, or jurisdiction-specific compliance efforts is inefficient, costly, and increasingly risky.

This report has argued for a more strategic, proactive, and integrated approach: embedding internationally recognized human rights principles as a "golden thread" throughout the organization's risk management, governance, and operational processes. Adopting this human-rights-centered, harms-based framework 3, utilizing a unified, multi-disciplinary risk assessment methodology based on the UNGPs 1 and OECD Guidelines 3, offers significant advantages that extend far beyond mere legal compliance:

  1. Enhanced Risk Management: Systematically identifying and assessing risks based on their potential impact on people provides a comprehensive understanding of salient risks (operational, legal, reputational, financial), enabling more effective and prioritized mitigation.
  2. Compliance Efficiency: A unified HRDD process, mapped against diverse regulatory requirements (CSDDD, MSAs, LkSG, DSA, OSA etc.), streamlines compliance, reduces duplication, and lowers the administrative burden.
  3. Strengthened Stakeholder Trust: Demonstrating a genuine, systematic commitment to respecting human rights builds credibility with investors, consumers, employees, and civil society.
  4. Improved Resilience: Addressing root causes of human rights risks often strengthens governance, improves working conditions, and enhances environmental management, contributing to more stable supply chains and operations.
  5. Innovation and Market Access: A human rights focus can spur ethical innovation 4, enhance brand reputation, attract talent, and improve access to markets prioritizing responsible conduct.
  6. Long-Term Value Creation: Proactively managing human rights risks positions companies for greater sustainability and long-term value, mitigating risks increasingly scrutinized by financial markets.

Instead of viewing the complex web of human rights regulations merely as a cost center, the "golden thread" approach reframes robust HRDD as a strategic imperative. It transforms compliance from a reactive necessity into a proactive driver of resilience, brand value, investor confidence, and responsible innovation. The investment required to implement such an integrated system, streamlining multiple risk assessments into one cohesive framework, yields strategic benefits that can significantly outweigh the costs.

The leadership within TMT companies must therefore move decisively beyond outdated, siloed approaches. Embracing a proactive, integrated strategy centered on the human rights "golden thread" is not simply an ethical obligation; it is also a critical strategic necessity for navigating the complexities of the 21st-century global landscape, managing profound risks, and securing sustainable success and societal legitimacy.

In the Technology, Media, and Telecommunications sector, where innovation shapes human experience at an unprecedented scale 5, embedding a fundamental respect for human rights is not a peripheral concern. It is, and must increasingly be recognized as, absolutely core to responsible business conduct, ethical innovation, and enduring leadership in the digital age.4

Works cited

  1. UN Guiding Principles – Business & Human Rights Resource Centre, accessed May 2, 2025, https://www.business-humanrights.org/en/big-issues/governing-business-human-rights/un-guiding-principles/
  2. Taking Action to Address Human Rights Risks Related to End-Use – ohchr, accessed May 2, 2025, https://www.ohchr.org/Documents/Issues/Business/B-Tech/taking-action-address-human-rights-risks.pdf
  3. Salient Human Rights Issues – UN Guiding Principles Reporting Framework, accessed May 2, 2025, https://www.ungpreporting.org/resources/salient-human-rights-issues/
  4. Human rights must be at the core of generative AI technologies, says Türk | OHCHR, accessed May 2, 2025, https://www.ohchr.org/en/statements-and-speeches/2024/02/human-rights-must-be-core-generative-ai-technologies-says-turk
  5. The Future of Human Rights and Digital Technologies – ohchr, accessed May 2, 2025, https://www.ohchr.org/sites/default/files/udhr/publishingimages/75udhr/HR75-high-level-event-Digital-Technologies-Background-document.pdf
  6. Universal Declaration of Human Rights – the United Nations, accessed May 2, 2025, https://www.un.org/en/about-us/universal-declaration-of-human-rights
  7. Universal Declaration of Human Rights – the United Nations, accessed May 2, 2025, https://www.un.org/en/udhrbook/pdf/udhr_booklet_en_web.pdf
  8. Universal Declaration of Human Rights – Amnesty International, accessed May 2, 2025, https://www.amnesty.org/en/what-we-do/universal-declaration-of-human-rights/
  9. Illustrated Universal Declaration of Human Rights | OHCHR, accessed May 2, 2025, https://www.ohchr.org/en/universal-declaration-of-human-rights/illustrated-universal-declaration-human-rights
  10. International Covenant on Civil and Political Rights | OHCHR, accessed May 2, 2025, https://www.ohchr.org/en/instruments-mechanisms/instruments/international-covenant-civil-and-political-rights
  11. No. 14668 MULTILATERAL International Covenant on Civil and Political Rights. Adopted by the General Assembly of the United Natio, accessed May 2, 2025, https://treaties.un.org/untc/Pages/doc/Publication/UNTS/Volume%20999/volume-999-I-14668-English.pdf
  12. United Nations – International Media Law and Related Human Rights, accessed May 2, 2025, https://library.law.northwestern.edu/c.php?g=976596&p=7060670
  13. INTERNATIONAL COVENANT ON CIVIL AND POLITICAL RIGHTS, accessed May 2, 2025, https://treaties.un.org/doc/treaties/1976/03/19760323%2006-17%20am/ch_iv_04.pdf
  14. International Covenant on Economic, Social and Cultural Rights | OHCHR, accessed May 2, 2025, https://www.ohchr.org/en/instruments-mechanisms/instruments/international-covenant-economic-social-and-cultural-rights
  15. INTERNATIONAL COVENANT ON ECONOMIC, SOCIAL AND CULTURAL RIGHTS, accessed May 2, 2025, https://treaties.un.org/doc/treaties/1976/01/19760103%2009-57%20pm/ch_iv_03.pdf
  16. International Covenant on Economic, Social and Cultural Rights – Main Page – United Nations – Office of Legal Affairs, accessed May 2, 2025, https://legal.un.org/avl/ha/icescr/icescr.html
  17. International Covenant on Economic, Social and Cultural Rights – UNTC, accessed May 2, 2025, https://treaties.un.org/pages/showDetails.aspx?objid=080000028002b6ed
  18. Declaration on Fundamental Principles and Rights at Work – International Labour Organization, accessed May 2, 2025, https://www.ilo.org/sites/default/files/wcmsp5/groups/public/@ed_norm/@declaration/documents/publication/wcms_095898.pdf
  19. ILO Declaration on Fundamental Principles and Rights at Work, accessed May 2, 2025, https://www.ilo.org/about-ilo/mission-and-impact-ilo/ilo-declaration-fundamental-principles-and-rights-work
  20. ILO Declaration on Fundamental Principles and Rights at Work and its Follow-up, accessed May 2, 2025, https://www.ilo.org/sites/default/files/2024-04/ILO_1998_Declaration_EN.pdf
  21. ILO Declaration on Fundamental Principles and Rights at Work and its Follow-up, accessed May 2, 2025, https://www.ilo.org/sites/default/files/wcmsp5/groups/public/@ed_norm/@declaration/documents/publication/wcms_467653.pdf
  22. Questions and answers on the Digital Services Act* – European Commission, accessed May 2, 2025, https://ec.europa.eu/commission/presscorner/detail/en/QANDA_20_2348
  23. Systemic Risk Reporting: A System in Crisis? | Electronic Frontier Foundation, accessed May 2, 2025, https://www.eff.org/deeplinks/2025/01/systemic-risk-reporting-system-crisis
  24. Systemic Risk Assessments Hold Clues for EU Platform Enforcement | Lawfare, accessed May 2, 2025, https://www.lawfaremedia.org/article/systemic-risk-assessments-hold-clues-for-eu-platform-enforcement
  25. Article 34, the Digital Services Act (DSA), accessed May 2, 2025, https://www.eu-digital-services-act.com/Digital_Services_Act_Article_34.html
  26. The enforcement framework under the Digital Services Act | Shaping Europe’s digital future, accessed May 2, 2025, https://digital-strategy.ec.europa.eu/en/policies/dsa-enforcement
  27. The European Union’s Digital Services Act: A New Era for the Internet? – Seattle University, accessed May 2, 2025, https://www.seattleu.edu/business/news-events/pov/ethics-matter/posts/the-european-unions-digital-services-act-a-new-era-for-the-internet.php
  28. Online Safety Act: explainer – GOV.UK, accessed May 2, 2025, https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer
  29. The Online Safety Act | Shepherd and Wedderburn, accessed May 2, 2025, https://shepwedd.com/knowledge/online-safety-act
  30. Online Safety Act: UK Tech Companies must now Tackle Illegal Harms, accessed May 2, 2025, https://www.iwf.org.uk/news-media/news/online-safety-act-uk-tech-companies-must-now-tackle-illegal-harms-including-child-sexual-abuse-imagery/
  31. The Online Safety Act (OSA) Explained – Internet Watch Foundation IWF, accessed May 2, 2025, https://www.iwf.org.uk/policy-work/the-online-safety-act-osa-explained/
  32. Online Safety Act: Illegal content duties are now in force, accessed May 2, 2025, https://cms-lawnow.com/en/ealerts/2025/03/online-safety-act-illegal-content-duties-are-now-in-force
  33. 1. Our approach to developing Codes measures – Ofcom, accessed May 2, 2025, https://www.ofcom.org.uk/siteassets/resources/documents/online-safety/information-for-industry/illegal-harms/our-approach-to-developing-codes-measures.pdf?v=388718
  34. Principle 1 | UN Global Compact, accessed May 2, 2025, https://unglobalcompact.org/what-is-gc/mission/principles/principle-1
  35. Online Safety Act 2023 – Legislation.gov.uk, accessed May 2, 2025, https://www.legislation.gov.uk/ukpga/2023/50
  36. Declaration on the Use of Scientific and Technological Progress in the Interests of Peace and for the Benefit of Mankind | OHCHR, accessed May 2, 2025, https://www.ohchr.org/en/instruments-mechanisms/instruments/declaration-use-scientific-and-technological-progress-interests
  37. EU Digital Services Act Advances Rule of Law Online But Enforcement Questions Remain, accessed May 2, 2025, https://www.jurist.org/commentary/2025/02/eu-digital-services-act-advances-rule-of-law-online-but-enforcement-questions-remain/
  38. Guidance on human rights impact assessment of digital activities, accessed May 2, 2025, https://www.humanrights.dk/files/media/document/A%20HRIA%20of%20Digital%20Activities%20-%20Introduction_ENG_accessible.pdf 
  39. Civil Society Responds to DSA Risk Assessment Reports: An Initial Feedback Brief, accessed May 2, 2025, https://cdt.org/insights/dsa-civil-society-coordination-group-publishes-an-initial-analysis-of-the-major-online-platforms-risks-analysis-reports/

Learn more from legal and compliance experts

More resources

Sep 01, 2025

The Human Rights Golden Thread: Streamlining Compliance in the TMT Sector .

Read more

Sep 01, 2025

Navigating Human Rights in AI : A Strategic Compliance Framework for VLOPs and AI Companies .

Read more

Sep 01, 2025

A Practical Guide to Human Rights Due Diligence .

Read more