Blogpost by and Brian Chen, Nawel Bailey Rojkjaer, and Sune Skadegaard Thorsen
Human Rights Due Diligence is well defined by the UN Guiding Principles on Business and Human Rights (UNGPs), which became the authoritative definition of business responsibilities for human rights in 2011. According to the UNGPs, human rights due diligence is by definition “risk-based”. The purpose is that businesses shall know their risks of impacts, and show how they prevent or mitigate those risks.
The Shift Project[1], established after the unanimous endorsement of the UNGPs at the UN, positions itself as “the leading center of expertise on the UN Guiding Principles on Business and Human Rights”. The Shift Project articulates the “risk-based” Human Rights Due Diligence (HRDD) as a high-level saliency assessment. This concept – the saliency approach – subsequently emerged as an interpretation of how companies are expected to implement the UNGPs and hence comply with emerging regulations, including the EU Corporate Sustainability Due Diligence Directive (CSDDD).
Through this process, companies identify the most likely and most severe adverse human rights issues (impacts) across their own global operations and throughout their value chains. The resulting list of “salient” human rights issues is intended to guide companies in prioritizing impact areas for in-depth assessments and allocating resources to manage those risks.
In practice, this approach often results in a list of issues that is heavily skewed towards international value chains – sometimes exclusively on supply chains. This, in turn, prompts companies to allocate significant resources to understanding their linkage to risks of adverse human rights impacts caused by businesses in their upstream value chains – all tiers. In this article, we refer to this interpretation of “risk-based” HRDD as the saliency approach.
The saliency approach has played an important role in helping businesses appreciate and recognize that adverse human rights impacts can occur everywhere: in their own operations, subsidiaries, and business relationships. It has also confirmed the establishment of internal functions dedicated to supplier engagement, responsible procurement, and supply-chain due diligence (which was already the predominate practice in the nineties – the “supply chain approach” to HRDD – although some companies continue to view HRDD is to be applied exclusively in supply chains). The saliency approach has been widely adopted by advisors in business and human rights.[2]
However, the saliency approach contains several critical blind spots: it can lead companies to overlook risks of adverse impacts within their own operations, while at the same time encouraging inefficient allocation of resources to identify and address impacts that they do not have the responsibility to remediate. Moreover, the saliency approach falls short of enabling full alignment with the requirements of the UNGPs and thus compliance under the CSDDD.
This article unpacks the saliency approach to HRDD, examines its limitations in meeting the expectations of the UNGPs and the CSDDD, and suggests a more pragmatic interpretation of “risk-based” HRDD – one that is better aligned with the international minimum standard for responsible business conduct. This approach is termed the operational approach to HRDD.
Saliency Assessments and their misalignment with the UNGPs and the CSDDD
Companies are responsible for adverse impacts that happen across their value chains, but their responsibilities – and the actions required – vary depending on how they are connected to those impacts. The UNGPs Foundational Principle 13 highlights this difference:
13. The responsibility to respect human rights requires that business enterprises:
- Avoid causing or contributing to adverse human rights impacts through their own activities, and address such impacts when they occur;
- Seek to prevent or mitigate adverse impacts that are directly linked to their operations, products, or services by their business relationships, even if they have not contributed to those impacts.
Furthermore, UNGPs Operational Principle 22 clarifies in its commentary that:
“Where adverse impacts … are directly linked to its operations, products or services by a business relationship, the responsibility to respect human rights does not require that the enterprise itself provide for remediation.”
In other words, a company’s responsibility to address adverse impacts differs fundamentally depending on whether it has caused or contributed to an adverse impact through its own activities, or whether it is merely directly linked to an adverse impact through a business relationship. Principle 13 also makes clear that the responsibility to respect human rights requires businesses to implement two distinct set of actions.
The legal requirements of the post-omnibus CSDDD remain closely aligned with these distinctions established by the UNGPs. Article 12 of the CSDDD reflects the logic of Principle 22 of the UNGPs by confirming that companies are not required to provide remediation for adverse impacts to which they are only directly linked through their business relationships:
- Member states shall ensure that, where a company has caused or jointly caused an actual adverse impact, the company provide remediation.
- Where the actual adverse impact is caused only by the company’s business partner, voluntary remediation may be provided by the company. The company may also use its ability to influence the business partner that is causing the adverse impact to provide remediation.
The saliency approach conflates the distinct concepts of causing, contributing to, and being directly linked to adverse impacts. It attempts to operationalize the two separate responsibilities set out in the UNGPs Principle 13 through a single, unified “saliency assessment”, while overlooking a key dilemma in responsible supply chain management:
- All businesses are at risk of causing or contributing to adverse impacts on human rights through their own activities.
- The vast majority of businesses are at risk of causing or contributing to severeimpacts on human rights.
When saliency assessments are applied broadly across a company’s global operations and entire value chains, companies will, and should, inevitably identity risks of severe adverse impacts throughout their value chains. This often leads to a misallocation of resources, with companies directing disproportionate, and sometimes sole, attention to the vast number of “salient” impacts which they are merely linked through business relationships, rather than those they cause or contribute to themselves. A real-world example illustrates this imbalance:
A global online retail giant invested tens of millions of euros in AI-driven tools to “screen” supplier sustainability risks, while failing to assess or address their own adverse impacts on the workers’ right to freedom of association. At the UN Annual Forum on Business and Human Rights in 2025, the company’s Director of Human Rights was unable to respond to questions regarding allegations of union-busting in Sweden.
Reliance on the saliency assessments therefore put companies at risk of neglecting adverse impacts arising from their own activities, impacts for which they are responsible to provide access to remedy, while diverting attention and resources toward a mission impossible: addressing impacts linked by potentially tens of thousands of business relationships. This approach can also foster a false sense of psychological comfort: our hands are clean; the problems exist elsewhere.
Prioritization of actions in alignment with the UNGPs and the CSDDD
The prioritization logic of the saliency approach – focusing on the most likely and most severe impacts – does not align with the prioritization conditions set out in the UNGPs Principle 24 or Article 9 of the CSDDD. While saliency assessments identify “salient issues” across the value chains for deeper analysis, they do not support companies in identifying and appropriately addressing risks of non-severe impacts in their own operations. These risks include impacts on human rights such as discrimination, equal pay for equal work, freedom of information, freedom of expression, privacy, rest & leisure, safe and healthy working conditions, right to a family life, and copyrights – all rights that are important to impacted stakholders’ dignity.
Principle 24 of the UNGPs allows companies, where necessary, to “prioritize actions to address actual and potential adverse human rights impacts” when it is not possible to address them simultaneously, while clearly reaffirming the responsibility for businesses to address all impacts. Article 9 of the CSDDD similarly reaffirms that “once the most severe and most likely adverse impacts are addressed … the company shall address less severe and less likely adverse impacts”.
The saliency approach inverts this logic. Instead of prioritizing actions to address all identified impacts, it prioritizes which human rights issues are identified in the first place, thereby implying the exclusion of non-salient impacts from assessment and management. The purpose of the UNGPs are clear. Businesses shall manage risks of impacts before they become severe or salient. Such misaligned prioritization exposes companies to preventable risks arising from “non-severe” impacts that they may cause or contribute tothrough their own activities, and which could have been prevented or mitigated had they been identified through operational-level impact assessments.
Based on GLOBAL CSR’s experience assisting UNGPs-aligned human rights impact assessments for more than 100 companies of all sizes, we have not encountered a single company that was unable to implement appropriate actions to address all identified risks ofadverse impacts caused or contributed to by its own operations. In this way, companies can meet the requirements of the UNGPs Principle 13(a) to avoid causing or contributing to adverse human rights impacts in their own activities, and address such impacts when they occur; and provide remediation for actual impacts in accordance with Principle 22.
At the same time, we recognize that companies must prioritize actions to address the most severe and most likely human rights impacts in their value chains, given that all companies are at risk of causing adverse impacts, and that assessing every single business relationship against all 48 internationally recognized human rights is neither feasible nor pragmatic. This reality underscores the importance of correctly applying UNGPs Principle 13(b): seek to prevent and mitigate human rights impacts directly linked to their operations, products or services by their business relationships.
The saliency approach to HRDD exposes companies to reputational, financial, or legal vulnerabilities because they fail to identify or manage preventable non-severe impacts in their own operations. The saliency approach’s misapplied prioritization stems from a conflation of the distinct responsibilities set out in UNGPs Principle 13(a) and 13(b), and ultimately fails to support companies in meeting the regulatory requirements established under Article 9 and 12 of the CSDDD.
What should principled and pragmatic risk-based HRDD mean for companies?
By design, the HRDD process described in the UNGPs forms an integral part of a company’s internal risk-management system. A risk-based approach to HRDD should therefore enable companies to identify and manage risks of adverse impacts on human rights for which they may be responsible to provide access to remedy, and take appropriate actions before these risks escalate into actual – or even severe – human rights impacts with financial, reputational, or legal consequences.
A principled and pragmatic risk-based HRDD should enable focus on risks arising from a company’s own activities, where the company may cause or contribute to adverse impacts, i.e., where it carries the responsibility for remediation under UNGPs Principle 22 and Article 12 of the CSDDD. This requires regular operational-level impact assessments across all operations and against all internationally recognized human rights. Companies’ primary responsibility is to ensure that impacts are identified and assessed systematically rather than selectively.
Risk-management systems do not, and should not, operate by cherry-picking which impact areas are deemed relevant while neglecting others on the basis that they are “non-salient”. Impacts that are assessed as less severe can nonetheless cause real harm to people and expose companies to liability if left unmanaged. A pharmaceutical product, for example, would never be approved for public use if its manufacturer had assessed only the most likely and most severe safety risks while disregarding others. The same logic applies to corporate human rights risk management: companies must assess and manage all risks of impacts arising from their own operations, not only those flagged as salient.
A principled and pragmatic risk-based approach to HRDD should therefore operate through two distinct management streams:
The first stream supports companies in avoiding causing or contributing to adverse human rights impacts through their own activities, addressing such impacts when they occur, including providing or cooperating in remediation where required.
The second stream supports companies in seeking to prevent or mitigate adverse human rights impacts that are directly linked to their operations, products, or services through their business relationships across the value chain, while recognizing that every single entity within the value chains is at risk of causing or contributing to severe or salient adverse human rights impacts.
[1] https://shiftproject.org/ – accessed 10 February, 2026
[2] E.g., BSR, https://www.bsr.org/ – twentyfifty, https://twentyfifty.co.uk/ – ERM, https://www.erm.com/, etc.