Are human rights right for technology companies?

Technology firms operate at the intersection of data, infrastructure, and human behaviour, affording them unprecedented influence over privacy, freedom of expression, and working conditions. In a digital age, the products and business models of tech companies can directly influence the way people exercise fundamental rights. For this reason, embedding human rights into ESG is morally and commercially critical. 

As Environmental, Social and Governance (ESG) reporting matures, embedding human rights into ESG frameworks is no longer optional; it is central to credible corporate accountability: tech firms must integrate human rights into governance structures, risk management systems, verification and validation processes, and metrics and KPIs. 

The foundation for embedding human rights into ESG reporting requires alignment with authoritative frameworks such as the UN Guiding Principles on Business and Human Rights (UNGPs), and the International Bill of Human Rights, rather than treating them as ad hoc aspirations. 

The journey begins with a public human rights policy approved at board level, clearly identifying the salient human rights risks such as data misuse, algorithmic bias, surveillance harms, content moderation impacts, ‘gig working’ conditions, and supply chain worker abuses. ESG reports should explain how the risks were identified through Human Rights Due Diligence (HRDD), and how they are prioritised. 

The remaining essential steps for creating a robust culture with human rights embedded at its core include: 

1. Integration of human rights into governance and enterprise risk management. 
   Boards should have explicit oversight of human rights risks, with clear reporting lines from management. Aligning executive remuneration to human rights performance can reinforce credibility. Operationally, firms should integrate human rights into enterprise risk management systems. This requires conducting human rights impact assessments for products, markets, and major strategic decisions. Findings should feed directly into ESG reporting and mitigation actions. 
    
2. Development of meaningful, risk-based KPIs. 
   Human rights KPIs must go beyond inputs such as the number of policies adopted. Areas to consider include: 
   1. Privacy and data protection – the number and severity of data breaches, average detection and remediation time, government data requests and compliance rates, for example. 
       
   2. Freedom of expression and content governance – including volume and categories of content removals, error rates in automated moderation, appeal success rates. 
       
   3. Non-discrimination and algorithmic fairness – bias testing results in AI systems for example, corrective actions taken following bias audits. 
       
   4. Workforce and supply chain rights – often the ‘big one’; percentage of suppliers audited for workforce standards, remediation rates for violations, working conditions and hardware supply chains. 
       
   5. Remedy and grievance mechanisms – number of complaints received, average resolution time, user satisfaction with the process.  
       
3. Embedding due diligence into product lifecycles. 
   Human rights considerations should be integrated across the technology lifecycle including design, development, deployment, and decommissioning. ESG reporting should describe the processes and quantify compliance rates, such as the percentage of new products undergoing human rights impact assessments. High risk areas such as conflict-affected sectors require heightened due diligence. 
    
4. Strengthening stakeholder engagement and transparency. 
   Embedding human rights requires continuing engagement with affected stakeholders, including civil society organisations, user communities, workforce, and human rights defenders. Structured consultations can inform identification of risks and design of KPIs. 
    
5. Verifying human rights KPIs. 
   This is a potentially contentious area because impacts are often qualitative, context-specific, and long-term. Nevertheless, several mechanisms can enhance reliability, including: 
   1. Independent third-party assurance. External auditors can verify data accuracy, processes, and internal controls. 
       
   2. Human rights audits and impact assessments. Independent HRIAs can test whether reported KPIs reflect real-world impacts. 
       
   3. Data governance controls. Clear data definitions, standardised collection methodologies, and documented assumptions are essential to achieving consistency and avoiding ‘impact washing’. 
       
   4. Grievance and remedy data. Trends in complaints, appeal outcomes, and remediation can serve as a check against internal performance metrics. 
       
   5. Multi-stakeholder initiatives. Participation in industry initiatives can allow peer benchmarking and external scrutiny. Independent assessment conducted within these frameworks can strengthen corporate credibility. 
       
   6. Regulatory alignment. Aligning disclosures with emerging regulatory requirements ensures consistency and exposes data to legal accountability. 
       
6. Moving from ‘compliance’ to ‘culture’.  
7. Embedding human rights into ESG reporting requires cultural change. Human rights considerations must shape corporate purpose, product strategy, and innovation decisions. ESG reports should clearly demonstrate how lessons learned from past harms have led to systemic improvements. 

Digital platforms, AI systems, cloud infrastructure, and hardware supply chains can affect millions or even billions of people simultaneously. Algorithmic bias can entrench discrimination; weak data governance can expose individuals to surveillance or identity theft; content moderation policies can affect free speech; and hardware sourcing can involve forced or child labour abuses. By embedding human rights into ESG reporting, regardless of company size, firms are acknowledging that these are not abstract ethical concerns, but material business risks with potentially far-reaching societal impacts. It is not just the right thing to do, it is right for business sustainability too.