This is the second post in a series on Human Rights Due Diligence (HRDD) in 2026. The first explained why the business case for HRDD has strengthened of late. This one asks the next question: is HRDD working?
Recent benchmarking of the world’s most influential companies (by the World Benchmarking Alliance) makes for uncomfortable reading: only around one in ten identify and assess human rights risks in their supply chains, and fewer still take action on what they find. Progress is being made, but inconsistently – and for every company moving forward, others are standing still or sliding backwards.
These are not companies without resources or intent. Many have human rights policies, supplier codes of conduct, and dedicated sustainability functions. The problem is (mostly) not commitment to HRDD in principle. It is that a significant number of HRDD systems, however well-intentioned, are not designed to deliver the outcomes they exist to achieve, for the business, or for the workers and communities they are supposed to protect.
Understanding what separates the programmes that work from those that don’t is, in my experience, a more useful conversation than restating why HRDD matters. So these are my reflections on what good actually looks like in practice – and what consistently gets in the way.
The Sneaky Assumption Most HRDD Is Built On
The standard and oft-cited HRDD framework “cycle” follows a logical sequence: commit; then identify risks, assess severity, take action, track progress, and report on your progress. It is a sound and practical model, grounded in the UN Guiding Principles and reflected in every major piece of legislation from the French Duty of Vigilance to CS3D.
The problem is not the model. It is an assumption too often embedded in it – that identification leads naturally – seamlessly – to action; and that the chosen action(s) will automatically be effective. In practice, this is often not the case. Organisations consistently perform better on the front end of HRDD than the back end. Risk assessments get commissioned. Supplier questionnaires go out. Audit findings get documented. And then the process stutters along for an age (or stalls entirely) before anything material changes.
This is not a sector-specific or size-specific problem. It shows up across industries, geographies, and levels of organisational sophistication. And it is rarely the result of bad faith. It is the result of building a process without building the conditions that allow it to succeed.
What Gets in the Way
Struggling to connect the dots across the business. HRDD is not a single-function activity. The data points relevant to human rights risk management are generated across (at least) procurement, supplier management, legal, commercial, logistics and HR; and much of what is relevant doesn’t get labelled as “human rights work” at the time it’s produced. Supplier payment terms, lead time decisions, audit findings, grievance data, worker survey results – these exist in different parts of the business, owned by different teams, serving different primary purposes. The failure mode we see most often is not that no one is doing relevant work. It is that no one has the mandate to draw it together, see across it, and act on what the combined picture shows. Ideally, HRDD as a system is an aggregator — a bird’s eye view of activity happening in diffuse locations across the business that needs to be made legible and connected to decisions. Without someone with the authority and cross-functional reach to do that, the dots remain unconnected and the system produces reports rather than action.
The problem of competing priorities. The costs of acting on HRDD findings are immediate and obvious – time, resource, supplier friction, and findings that create further obligations. The benefits are longer-term and less obvious. This is a structural challenge rather than a values one, and it applies across organisations regardless of how seriously they take the agenda. The organisations that navigate it successfully do so by changing their structures of incentives and accountability – not simply by making the case more loudly.
Treating process reporting as an end in itself. When the primary goal shifts – often imperceptibly – from managing risk to demonstrating compliance, the process becomes self-contained. Audits happen. Reports get filed. The documentation exists, but findings don’t really influence sourcing decisions – but it’s okay(!!) – because the system isn’t designed to check whether they do. The proliferation of new regulation makes this ever more tempting and more likely. This is precisely the pattern courts are now examining. The Yves Rocher judgment turned on exactly this: a risk-mapping that existed but wasn’t designed to surface the risks that mattered.
Interventions that treat symptoms rather than causes. When an HRDD process surfaces a problem, traditionally, the standard response has been to address it directly — a corrective action plan, a supplier improvement programme, a re-audit in six months. Sometimes that is exactly right. However, where the conditions generating the problem remain unchanged, the problem tends to return. Effective intervention requires understanding what is producing the symptom, not just what the symptom is. That is a different kind of analysis from a standard audit finding – and it requires following the root cause wherever it leads, including, sometimes, back into the buying organisation itself.
Excluding your own practices as part of the diagnosis. This is the part of a root cause analysis that practitioners sometimes skip, and in my view it’s one of the most significant gaps in HRDD implementation today. The lead times that make excessive working hours inevitable, the price point that makes recruitment fee deductions rational, the last-minute order change that creates the unsafe rush – these are not supplier failures. They are commercial decisions made upstream, in the buying organisation, that directly shape what is possible at factory level. A root cause diagnostic that examines supplier behaviour but not buyer behaviour is incomplete by design. The more productive – and harder – question is: what is our own conduct contributing to this outcome, and what would we need to change to address it at source? A corrective action plan that leaves that question unasked doesn’t just fail as a management tool; it leaves the workers it was meant to protect in the same conditions, with a supplier now under additional pressure to demonstrate compliance while managing the same commercial constraints. Theses are the cases where the intervention happens; but the problem doesn’t change.
What the Conditions for Success Actually Look Like
In organisations where HRDD consistently translates into positive change, a few things tend to be present. They are less about the sophistication of the framework and more about what surrounds it.
Named accountability with real authority. Not a nebulous shared responsibility across functions, but a specific person or team with a mandate that includes acting on findings – not just reporting them – and with enough seniority and cross-functional reach to aggregate what is happening across the business and drive decisions based on the full picture. Board visibility matters here not as a governance formality but as a signal that findings will be taken seriously at the level where resourcing and sourcing decisions are made.
Supplier relationships built for honesty. The quality of information that flows through the HRDD process is directly related to the quality of the relationships through which it flows. Suppliers who feel commercially secure, who are not facing constant price pressure or last-minute demands, and who trust that raising a problem will lead to collaborative resolution rather than contract termination, are suppliers who will tell you what is actually happening. Supplier relationships built purely on commercial transaction tend to produce audit-ready responses rather than accurate ones.
Data used as a management tool, not a reporting output. Most organisations collect considerably more data relevant to human rights performance than they realise – or use. Supplier audit scores, payment terms compliance, order change frequencies, lead time adherence, grievance mechanism uptake – individually these tell partial stories. Together, tracked over time, they can identify which supplier relationships are under stress before that stress shows up as a violation, which buying behaviours are consistently correlated with poor outcomes, and where remediation is and isn’t working. Treating HRDD data as a live management tool rather than an annual reporting exercise changes what the system is capable of – and changes the conversations it enables internally, particularly with procurement and commercial teams who may respond to data in ways they may not respond to policy commitments.
Buying practices that don’t work against the due diligence. Responsible purchasing practices and HRDD must be understood as mutually reinforcing (Fair Wear Foundation). If the way a company buys – the price pressure it applies, the lead times it demands, the contract structures it uses – is generating the conditions that create human rights risk, then due diligence conducted downstream of those decisions is treating symptoms rather than causes. Research by the ILO has established a direct link between brand purchasing practices and working conditions – when brands demand last-minute order changes, impose unrealistic deadlines, or squeeze prices to the point where suppliers cannot afford to pay legal minimum wage, they are actively creating the conditions for human rights abuses. Note: The Purchasing Practices HRDD Framework for the Garment and Footwear Industry developed by the RPP Working Group (with our support) provides practical sector-specific guidance on what this looks like in practice. The principle applies much more broadly.
The Practical Reframe
The question many ask when reviewing their HRDD is: do we have a process? Have we done all the steps? The more useful question is: does our process actually change what we do?
A process that identifies risk but doesn’t generate decisions is documentation, not true due diligence. The distinction matters not only because it affects outcomes for workers and communities – though it does – but because it is increasingly the distinction that regulators and courts are drawing. Judges are less interested in whether a policy exists. They want to know if it works.
A proportionate, risk-based approach that genuinely identifies and acts on the highest-priority issues is worth considerably more than a comprehensive system that documents everything and changes nothing.
The next post in this series looks at what good actually looks like in practice – what organisations at different levels of maturity can do to build or strengthen a system that delivers change.
In the meantime, if you are building something from scratch or looking at an existing system that isn’t quite delivering, get in touch. We work with organisations at all stages of this journey to move from insight to impact.
CLC is a business and human rights advisory practice specialising in human rights due diligence and responsible sourcing. We help organisations move from insight to impact.
