Responsible business conduct is no longer defined only by legal compliance or a high level ESG policy. As regulatory expectations rise and supply chains become more complex, companies are increasingly expected to understand how their operations and business relationships affect people and the environment, and to act where risks and harms are identified.
Yet implementation still lags behind expectations. The World Benchmarking Alliance reported in 2024 that 80% of the 2,000 companies it assessed scored zero on the initial steps of human rights due diligence, namely identifying, assessing and taking action on human rights risks and impacts. This gap between commitment and practice helps explain why frameworks such as the UN Guiding Principles on Business and Human Rights and the OECD Due Diligence Guidance have become increasingly important as reference points for companies trying to move from policy statements to operational systems.
Why responsible business conduct matters now
Global value chains have become longer, more outsourced and less transparent. This creates greater exposure to labour rights issues, unsafe working conditions, community impacts, land related conflicts and environmental harm, often beyond a company’s direct operations.
At the same time, what was once treated as voluntary good practice is increasingly shaping sustainability reporting requirements, procurement expectations, investor scrutiny and due diligence legislation across multiple jurisdictions. In this environment, companies need practical frameworks that help them identify risk, prioritise action and demonstrate that they are responding credibly. This is where the UNGPs and OECD due diligence framework remain central. Together, they provide both the normative foundation and the operational pathway for responsible business conduct.
The UNGPs: the global baseline on business and human rights
The UN Guiding Principles on Business and Human Rights were unanimously endorsed by the UN Human Rights Council in 2011 and are widely regarded as the authoritative global standard on business and human rights. They are built around three pillars: the state duty to protect human rights, the corporate responsibility to respect human rights and access to remedy for people harmed by business related abuses.
For companies, the most important implication is the responsibility to respect human rights. This means avoiding causing or contributing to adverse human rights impacts through their own activities, and seeking to prevent or mitigate impacts that are directly linked to their operations, products or services through business relationships. It also means being able to know and show how those risks are identified and managed in practice.
The OECD framework: how due diligence becomes operational
If the UNGPs describe what responsible business conduct looks like, the OECD Due Diligence Guidance helps explain how to implement it. Adopted in 2018, the OECD Guidance provides a practical, risk based framework for due diligence across a broad set of responsible business conduct topics, including human rights, labour, environment, bribery, consumers and governance.
The framework encourages companies to embed responsible business conduct into policies and management systems, identify and assess adverse impacts, cease, prevent or mitigate those impacts, track implementation and results, communicate how impacts are addressed and enable remediation where appropriate. It is designed to work across sectors and throughout business relationships, including supply chains, making it particularly relevant for companies with complex sourcing and operating models.
Why the two frameworks work best together
The UNGPs and OECD guidance are often discussed separately, but in practice they are most useful when applied together. The UNGPs set out the core expectation that companies should respect human rights and support access to remedy. The OECD guidance translates that expectation into a due diligence process that companies can build into governance, procurement, supplier management and reporting.
In practical terms, this means a company may use the UNGPs to define its human rights policy commitments and its overall responsibility framework, while using OECD style due diligence processes to identify risks, prioritise action, monitor progress and communicate outcomes. This combination helps organisations move from principle to implementation.
What this means for companies in practice
For businesses, these frameworks are no longer abstract reference documents. They increasingly translate into concrete expectations across policy, process and governance. Companies are expected to assess risks not only in their own operations but also across supply chains and other business relationships, particularly where impacts on workers, communities or vulnerable groups may be severe.
In practice, implementation often includes establishing clear human rights and responsible business conduct policies, conducting risk and impact assessments across operations, suppliers and business relationships, integrating findings into procurement, investment and operational decision-making, strengthening grievance mechanisms and remediation pathways, and improving external communication and reporting on due diligence processes and outcomes.
As these expectations become embedded in reporting frameworks and legislation, responsible business conduct is becoming more closely linked to resilience, regulatory readiness and long-term business credibility.
Connecting the frameworks to EU facing requirements
For companies with European operations, customers or investors, the relevance of the UNGPs and OECD due diligence framework has grown sharply. The EU Corporate Sustainability Reporting Directive and the European Sustainability Reporting Standards expect companies to explain how they identify, assess and manage material sustainability impacts, risks and opportunities, including human rights issues across the value chain. This is closely connected to the idea of double materiality, where organisations assess both how sustainability issues affect the business and how the business affects people and the environment.
The Corporate Sustainability Due Diligence Directive takes this a step further by reinforcing expectations that companies carry out due diligence on actual and potential adverse human rights and environmental impacts. In practice, the UNGPs and OECD framework offer a ready made foundation for this work. For EU-facing clients, they help create consistency between risk assessments, saliency analysis, due diligence processes and external disclosures, reducing the gap between what companies say in reports and what they do in practice.
A practical example: forced labour risk in a supply chain
Consider a company sourcing labour-intensive inputs from a high risk region where recruitment practices and wage deductions create elevated forced labour risk. Using the OECD due diligence approach, the company would begin by embedding responsible business conduct expectations into supplier policies, contracts and governance processes. It would then identify and assess the risk through supply chain mapping, country and sector screening, supplier engagement and worker voice channels.
If concerns were identified, the next steps would be to prevent or mitigate the impact, for example through tighter recruitment controls, supplier corrective action plans, targeted audits and stronger oversight of labour brokers. The company would then track whether these actions were effective, communicate its approach and findings through internal governance and external reporting, and enable remediation where harm had occurred. This is a good example of how a principles based commitment under the UNGPs becomes operational through OECD style due diligence.
Where implementation often breaks down
Despite broad awareness of the UNGPs and OECD due diligence concepts, implementation remains difficult for many companies. One reason is limited visibility across multi-tier supply chains, where some of the most severe risks may sit beyond direct contractual relationships. Another is the difficulty of integrating due diligence into core functions such as sourcing, legal review, risk management and business planning.
Data quality is also a recurring challenge. Companies often have fragmented information, inconsistent indicators or weak visibility into how risks are experienced on the ground. Even where policies are strong, translating them into consistent action across regions, suppliers and business units can be difficult.
This implementation gap is reflected in the broader benchmark data. If 80% of major companies still score zero on the initial steps of human rights due diligence, the issue is not awareness alone. It is the challenge of operationalising due diligence in ways that are systematic, evidence-based and embedded into business processes.
From policy commitments to operational systems
The next phase of responsible business conduct is less about drafting new commitments and more about building systems that work. This includes clearer governance, stronger risk identification processes, better integration with procurement and supplier management, more credible grievance and remediation mechanisms and improved reporting on how risks are addressed in practice.
For many organisations, the most important shift is to stop treating due diligence as a standalone compliance exercise. When aligned with strategy, risk, supply chain management and sustainability reporting, these frameworks help companies identify where the most serious impacts may occur and where management attention is needed most.
Why this is becoming strategic
Frameworks such as the UNGPs and OECD due diligence guidance are no longer optional reference points for sustainability teams. They are increasingly becoming part of how companies demonstrate accountability to regulators, customers, investors and other stakeholders. Organisations that can move beyond high level commitments and embed these principles into decision-making, operations and value chain management are likely to be better placed to manage risk, respond to new requirements and build trust over time.
In that sense, responsible business conduct is no longer only about compliance. It is becoming a strategic capability, one that shapes resilience, credibility and long-term licence to operate.