Legislation on human rights due diligence has exploded in recent years. However, there is a concerning gap in many of these laws, including the EU’s new proposal: the absence of provisions on conflict and security issues.

In conflict-affected contexts, businesses face acute risks of involvement or complicity in human rights abuses and violations of international humanitarian law. Many such impacts are unintended, as businesses inadvertently contribute to grievances and drivers of conflict. As a result, conflict-sensitive due diligence is critically important.

Security management is a particularly high-risk area for human rights issues. In complex environments and conflict-affected areas, businesses often hire private security to protect their personnel and assets. Other times, their operations are directly protected by public security forces, which presents complex challenges when the state is party to a conflict. Risks around use of force, security staff involvement in hostilities, and company-community conflict are heightened in conflict-affected contexts where tensions are already high. And the consequences of abuses and incidents can be even more severe.

The UN Guiding Principles on Business and Human Rights call on businesses to take extra care when operating in conflict-affected contexts: ‘Because the risk of gross human rights abuses is heightened in conflict-affected areas, States should help ensure that business enterprises operating in those contexts are not involved with such abuses.’ As part of this principle, states should ensure that ‘their current policies, legislation, regulations and enforcement measures are effective in addressing the risk of business involvement in gross human rights abuses’.

The Ukraine crisis is on everyone’s mind; it also happens to be a good example of why such provisions are important. Prior to the Covid-19 pandemic, Ukraine exported €19.1 billion in raw materials, machinery, chemical products and other goods to the EU. Ukrainian goods and services are key components in EU companies’ supply chains. When the recent conflict broke out, EU-based companies were quick to provide humanitarian aid, as well as assistance to their workers and affected populations in Ukraine; however, they have also expressed the difficulties they face on responsibly navigating the conflict.

Through due diligence laws, states have the opportunity to outline clear expectations for business conduct in conflict-affected contexts. Due diligence laws – including the EU’s proposal – should also strengthen references to international humanitarian law. (Significantly, international humanitarian law already applies to all actors operating in conflict-affected contexts, including businesses.

As one example, the EU’s proposed directive on mandatory human rights due diligence has the potential to positively drive responsible business conduct not only within Europe, but across the world. Under the draft, large EU-based companies would be required to strengthen their respect for human rights when operating abroad – including in complex and conflict-affected contexts. Yet conflict is not mentioned within the proposal, outside of a reference to the existing EU Conflict Minerals Regulation. The proposal does not provide any further insight into conflict-related issues or what is expected of companies in conflict-affected areas. Specific references to security management are also missing, despite the associated risks.

These laws are still emerging, and states – and the EU – could still ensure conflict and security are at the fore.

In the meantime, businesses should strengthen their due diligence processes and security management in anticipation of these laws, as well as in response to emerging crises around the globe. It is important to integrate a conflict-sensitive approach – in other words, seeking to understand conflict dynamics and related risks, as well as how business operations and products fit into those dynamics.

The International Committee of the Red Cross (ICRC), the Geneva Centre for Security Sector Governance (DCAF), and the Geneva Centre for Business and Human Rights (GCBHR) are launching an updated version of their Security and Human Rights Toolkit in June. The Toolkit outlines common challenges businesses face when making security arrangements in complex and conflict-affected contexts, as well as good practices businesses can implement to navigate those challenges. Governments can also use the Toolkit to understand what laws and procedures they can implement to strengthen responsible security practices.

Ahead of the launch, the ICRC, DCAF, and GCBHR will be releasing a fact sheet on a security-related issue each week. You can find the factsheet on armed conflict here and the factsheet on due diligence here. More resources are available on the Security and Human Rights Knowledge Hub.

By Claude Voillat & Ashley Nancy Reynolds, International Committee of the Red Cross