Key highlights:

• • • AI governance is hard to prove in practice — While our research shows that 44% of companies publish an AI strategy, 76% of those same companies show no evidence of having policies to evaluate the quality of data used to train AI systems.

    • Workers are being left under-prepared and under-protected — Only 14% of companies have policies to mitigate the negative impacts of AI on workers, and only 31% offer any reskilling or training programs around adapting to an AI-integrated workplace.

    • Human rights and ethics appear an afterthought in AI governance — Almost three-quarters (72%) of companies conduct no AI impact assessments, and less than 1 in 10 companies conduct ethical or human rights assessments.

There is a widening chasm at the heart of corporate AI governance, according to a new report, , published by the ¶¶ŇőłÉÄę Foundation and the United Nations Educational, Scientific and Cultural Organization (UNESCO).

The Foundation’s analyzed publicly available information from nearly 3,000 companies across 11 industry sectors, creating the most comprehensive picture yet of how organizations are managing AI.

Beneath the surface of corporate AI governance mechanisms, divergence between the speed of AI adoption and meaningful human oversight is growing. The report’s findings make clear that this is no longer a gap that organizations can afford to ignore, especially when backlash against is growing and are solidifying among consumers in the United States.

Data highlights the illusion of AI governance

Businesses of different sizes and across multiple sectors are adopting AI technology at a rapid pace. When governance exists only in the wording of a strategy or company vision, however, the people most affected by AI systems — workers, consumers, and communities — are left vulnerable. According to the report:

• • • 44% of companies publicly communicate having an AI strategy. However, a gap in AI governance is evident as more than three-quarters of those companies (76%) do not seem to have policies to evaluate the quality of data used to train AI systems.
    • 40% of companies report board- or committee-level oversight of AI. At the same time, strategic signals do not necessarily indicate operational capacity or day-to-day governance. In fact, less than one-third of all sampled companies claim to have an additional team or resource dedicated to AI governance. Moreover, limited information is publicly disclosed on the teams, processes, and accountability mechanisms that translate intent into action.

Workers are being left behind

Research by the International Monetary Fund finds almost , highlighting the acute nature of concerns about job displacement and declining opportunities for some groups. Without sufficient oversight, AI can threaten workers’ rights, amplify bias, and increase surveillance and work intensity, which can enable inhumane decision-making at scale.

The TR Foundation/UNESCO report notes that many companies are adopting AI without the safeguards needed to support workers and help them to adapt to the changes this technology brings. Less than one-third of companies were shown to offer training and reskilling programs for employees who may be adapting to an AI-integrated workplace. Even within the 31% of organizations in which these training programs exist, there is a vast variation in the scope and depth of the training offered.

In fact, many company training programs are not enterprise-wide or structured. Instead, they are ad-hoc or limited to leadership roles. This lack of investment in talent risks undermining the significant investment that companies are making in AI.

Despite growing pressure from regulators, policymakers and social justice campaigners, the ethical impact of AI appears poorly governed, with companies sharing limited information publicly.

The picture on worker protections is equally concerning. Only 14% of companies have public policies in place to mitigate the negative impacts of AI systems on workers, the report shows. This means the majority of companies either have no policies in place or do not publicly communicate them.

What is more troubling is that when workers experience harm, there is almost nowhere for them to turn. Only 2% of companies indicated they had a complaints mechanism — a critical early warning system for potential concerns. The findings suggest many organizations lack a mechanism for AI-related internal complaints beyond the broad generic complaint channel, and this is compounded by low awareness of the areas in which AI systems may infringe employees’ rights and protections.

Ethics and human dignity as an afterthought

Despite growing pressure from regulators, policymakers and social justice campaigners, the ethical impact of AI appears poorly governed, with companies sharing limited information publicly.

Human rights and ethical use of AI are treated as secondary considerations to compliance, according to our research. The majority of companies (72%) do not conduct any impact assessment with regard to AI. Only 7% publicly communicate conducting a fundamental or human rights impact assessment, and just 5% report conducting an ethical impact assessment.

Among those companies conducting some form of impact assessment, the focus skews sharply toward compliance rather than people. The most prevalent assessments are privacy or compliance-focused, with 18% of those companies that conduct some form of impact assessment reporting that they conducted a data protection impact assessment, and 14% reporting they conducted a privacy impact assessment.

How to center people in AI governance

Closing this governance gap is essential for companies in order to adopt AI responsibly and avoid costly legal, ethical operational, talent-related risks.

To support companies in navigating this challenge, offers a free survey to help companies map the areas in which AI is used across products, operations and services, and then benchmark those against peers their sector.

The report also contains case studies from companies that voluntarily shared their responsible practices with us. For example, German software company SAP intentionally designs and deploys its internal AI systems with a human-in-the-loop in which AI automates repetitive tasks and supports decision-making while final judgment and complex problem-solving remain firmly in the hands of employees.

As AI becomes part of core business infrastructure, companies must move beyond statements of intent and toward measurable AI governance.

In another example, BASF, a German chemical conglomerate, has jointly agreed with its workers’ councils on a general reskilling program that covers technical, hard, and soft skills. Finally, Canadian telecom company TELUS’ Indigenous Advisory Council provides guidance on AI ethics issues that directly affect indigenous communities.

Next steps for companies

The TR Foundation/UNESCO report highlights the most impactful concrete commitments that companies can take now to future proof against AI-related risk, including:

• • • investing in structured, enterprise-wide worker-reskilling programs that measure outcomes, not just participation;
    • establishing enforceable human rights impact assessments as a standard part of AI deployment, not as an optional addition; and
    • creating accessible, AI-specific internal grievance mechanisms so that workers and users have a genuine pathway to raise concerns and seek remedy.

As AI becomes part of core business infrastructure, companies must move beyond statements of intent and toward measurable AI governance. While this data demonstrates clear governance gaps, it also presents an opportunity for companies to take the lead on implementing responsible AI that operates openly in the public interest.

You can learn more about

Key insights:

• • • AI as a force multiplier — Advanced analytics now reveal financial and behavioral anomalies that traditional monitoring systems routinely miss, giving executives a clearer view of emerging risks.

    • Geospatial and digital intelligence converge — Intelligent networks like OSINT, ADINT, and location-based data expose hidden networks and movement patterns, improving the detection of money laundering, trafficking, and smuggling operations.

    • Enterprise risk strategies must evolve — Organizations that integrate AI-driven intelligence across compliance, security, and operations can respond faster, reduce blind spots, and operate with greater resilience during high-risk events.

Illicit financial activity has always evolved faster than the systems designed to stop it. And today, the speed and sophistication of criminal networks are accelerating in ways that traditional compliance processes can no longer match. Major international events, such as the 2026 FIFA World Cup, bring millions of visitors, heightened commercial activity, and a surge in cross‑border movement, all creating fertile ground for exploitation.

AI as an intelligence multiplier

In this environment, financial institutions are on the front lines of detection and mitigation, and corporations must strengthen their ability to detect hidden risks. AI — particularly when combined with digital intelligence sources, behavioral analytics, and geo-referenced data — has emerged as the most powerful accelerator of that transformation.

Among all of this high-volume activity, AI is redefining how institutions detect early-stage indicators of illicit activity. Instead of relying solely on manual reviews or rule-based monitoring, organizations are increasingly deploying systems capable of analyzing vast volumes of structured and unstructured data at once. Three capabilities are shaping this new frontier:

Open-source intelligence (OSINT) — Criminal activity, even when intentionally concealed, tends to leave trace signals online. OSINT tools can examine social platforms, online marketplaces, media sources, forums, and digital discussion channels to uncover suspicious behavioral patterns, potential recruitment or exploitation signals, inconsistencies between official identification and online presence, or clusters of accounts linked by shared attributes. For many executives, OSINT has become an indispensable layer of enhanced due diligence, risk scoring, and early threat detection long before suspicious activity appears in financial records.

Advertising intelligence (ADINT) — ADINT focuses on metadata produced by mobile applications and digital advertising ecosystems. While it does not expose personal identifiers, it reveals mobility patterns, device behavior, and clustering anomalies. This type of intelligence becomes particularly powerful during large-scale events because of the ability to monitor the movement of devices across high-risk corridors, identify unusual concentrations of activity near event venues or border regions, or detect digital behavior consistent with organized criminal logistics. ADINT introduces a geographic and behavioral dimension to risk that enables institutions to understand not only who a customer appears to be, but where they go, how they behave, and whether those patterns align with legitimate economic activity.

AI-enhanced investigations — Modern platforms now merge financial data with OSINT and ADINT inputs and then apply descriptive and generative AI (GenAI) to draw connections that would be impossible to detect manually. These systems can classify digital communications by sentiment or intent, identify unusual financial behavior within seconds, convert large datasets into actionable intelligence summaries, translate and interpret foreign-language content, and map networks through recurring metadata or visual similarity. For decision-makers and organizational stakeholders, this shift represents a dramatic reduction in blind spots and a faster escalation pathway when emerging threats surface.

Why financial institutions and corporations must lead

Human trafficking, migrant smuggling, and money laundering cannot function at scale without the financial system. Even when exploitation occurs offline, profits eventually make their way into the formal economy through remittances, structured cash movements, shell companies, digital wallets, recruitment payments, or short-term rental arrangements.

AI enhanced investigations can help institutions identify subtle but meaningful indicators, such as coached or inconsistent customer responses, accounts linked through shared devices or addresses, rapid deposits followed by immediate withdrawals, purchases that do not correspond to a customer’s risk profile, payments directed to unverifiable recruiters, unusual patterns of short-term housing across multiple individuals, or transaction flows that follow established exploitation routes.

Illicit financial activity has always evolved faster than the systems designed to stop it. And today, the speed and sophistication of criminal networks are accelerating in ways that traditional compliance processes can no longer match.

All this information already exists inside institutional data today; AI simply makes it visible and usable much more easily and quickly.

While financial institutions are central in detecting illicit finance, companies across multiple sectors face heightened exposure during large events. Hospitality, logistics, transportation, construction, real estate, and digital services all see risk intensifying as demand surges and oversight becomes more complex.

Those senior leaders who responsible for operational continuity should integrate AI-powered monitoring into their internal controls. This can help detect unusual workforce recruitment patterns, unexpected badge or access activity, subcontractor behavior that conflicts with declared operations, repeated presence in high-risk zones, or digital communications that hint at coercive or exploitative conduct.

In the fight against illicit finance, technology is no longer optional. Indeed, it is our most powerful ally.

You can find out more about the fight against illicit finance and money laundering here

Key insights:

• • • Human rights and environmental sustainability in sports are inseparable — Environmental harms from major sporting events — such as pollution, extreme heat, and flooding — directly undermine fundamental human rights including health, housing, and safe working conditions.

    • Mega sporting events require an integrated, lifecycle-wide approach — From supply chains and stadium construction to urban planning and event delivery, the sports industry’s environmental footprint and human rights impacts span the full lifecycle of these events, demanding a single, integrated playbook.

    • Accountability extends to sponsors and partners, not just hosts and organizers — As scrutiny from regulators, media, and civil society grows, sponsors and corporate partners are increasingly seen as responsible for the combined human rights and environmental impacts of the events they support.

This blog post was co-written with Sreeratna Kancherla and Anna J. Christians of the Henekom Group.

Sports are entering a defining decade. The convergence of climate and nature risk, growing environmental accountability, and increasing scrutiny of how mega sporting events affect the communities that build and host them has brought a long-overdue challenge to the center of sports governance.

Due to their scale, frequency, and global reach, the upcoming FIFA World Cup 2026 and the 2028 Olympics to be held in Los Angeles, alongside competitions such as the 2027 Rugby World Cup and the ICC Men’s T20 World Cup, form part of an ambitious pipeline of major events in a generation. How the sports sector responds to that challenge will shape how the next era of global sport is planned, delivered, and remembered.

Human rights due diligence during mega sporting events and environmental sustainability are often thought of as neighboring agendas, related but managed separately. In practice, however, they are inseparable. When air quality deteriorates, the right to health is at stake. When flooding displaces communities, the right to housing and livelihood is at stake. When extreme heat makes outdoor labor dangerous, the right to safe working conditions is at stake.

The environment is the condition in which human rights are either protected or violated, and sustainability, properly understood, is the commitment to preserving those conditions for current and future generations.

The need for an integrated playbook

The case for an across the lifecycle of sport reflects the scale and complexity of the sporting industry’s impact, with emissions comparable to those of a midsize country, according to . The industry’s heavy reliance on plastics across stadiums, equipment, and apparel contributes to pollution that worsens the global environmental crisis. And those environmental choices carry human consequences at every stage, for the workers who build the facilities, the residents who live alongside them, and the fans who attend the events.

The environmental footprint of the sports industry touches people across the entire lifecycle of a major event. The supply chains necessary to deliver a mega-sports event span facility development, apparel, technology, and food & beverage. These industries are among the highest risk for labor exploitation, migrant worker abuse, and unsafe working conditions. When a host city builds a stadium and hosts events there, the environmental impact is measurable and so is the human rights impact on the workers building the stadium. Indeed, this impact extends to the neighborhoods that may be displaced to make room for it, and to the residents left to live alongside its infrastructure once the event has ended.

You can find more about the resources, tools, and information that cities and organizations need to addressĚýhuman trafficking around large-scale sporting events at the Thomson Reuters Institute’s Large-Scale Public Events Toolkit here

In addition, major events that rely on street circuits or temporary urban infrastructure can significantly reshape public space and surrounding neighborhoods. Air pollution, construction zones, and rising short-term rental demand also may displace residents and the unhoused population, restrict access to services, or place pressure on already fragile housing markets. In these cases, mega-sports event planning intersects directly with citizens’ rights to housing, mobility, and access to public space.

Expanding accountability

, rooted in the , is the structured process that makes those consequences visible and gives sustainability strategy its human accountability. Because environmental and human rights impacts are inseparable in practice, that accountability extends beyond organizers and host governments to the sponsors and corporate partners of the event. Many operate in sectors which already face scrutiny over their global supply chains; and therefore, alignment with a contentious event can amplify these vulnerabilities while inviting additional public and regulatory attention.

As the regulatory landscape, advocacy groups, and the media intensify their focus on the impact of these mega-sport events, sponsors are increasingly seen not only as influential stakeholders, but as actors with a degree of responsibility for the combined environmental and human rights impacts of the events they fund and support.

Moving from principle to practice

For example, Mercedes-Benz Stadium in Atlanta — home of the NFL’s Atlanta Falcons along with a venue for soccer and concerts — demonstrates that environmental performance and community impact are the same priority and can be pursued through a single design brief. Indeed, it was the first stadium worldwide to receive for zero waste, and its 2.1-million-gallon system helps prevent flooding in neighboring communities. Additionally, the stadium created targeted employment through the and delivered staff training to more than 700 people.

The same integrated logic is now being applied at the event level. Ahead of the FIFA World Cup 2026, host city organizing committees in Houston and Dallas introducedĚýthat address labor exploitation, including human trafficking risks, alongside targeted environmental measures. These measures are treated as a single procurement workstream to be addressed through an integrated response.

Leadership, legacy & the decade ahead

The organizations that will define the next decade of global sports are those that treat human rights and environmental sustainability not as parallel strategies but as two expressions of the same obligation to the people and communities on which sports depend.

This means designing facilities with both environment and humanity in mind from the outset, managing worker rights and environmental standards together across supply chains, and placing extreme heat measures, labor protections, community access, and sustainability targets within a single accountable governance framework.

Governing bodies, organizing committees, sponsors, and host cities that act on this integrated approach have the opportunity to build systems that are more responsible, more durable, and more trusted to define what credible and future-ready sports event management looks like.

You can find more about the impact of mega-sporting events on communities here

Key insights:

• • • Big sporting events create perfect cover for sex trafficking — The World Cup’s massive crowds, temporary workers, and stretched local infrastructure make it easier for traffickers to blend in and exploit vulnerable people while staying largely out of sight.

    • Money trails and online ads are where traffickers slip up — Trafficking often leaves patterns, such as payments tied to commercial sex ads, round‑dollar peer‑to‑peer transactions, and repeat phone numbers or language across online ads. Banks and investigators can spot these red flags, if they know what to look for.

    • Early, cross‑sector collaboration is what actually makes a difference — The strongest prevention efforts happen before kickoff, when law enforcement, financial institutions, and nonprofits share intelligence, use formal information‑sharing tools, and build trusted local networks to respond quickly and protect victims.

As millions of soccer fans descend upon stadiums across North America for the 2026 FIFA World Cup in June and July, perpetrators of human rights crimes also are getting ready to operate in the shadows of host cities. Criminal networks are preparing to exploit the crowds, traffic, and chaos during the event by trafficking vulnerable individuals for commercial sex.

Human traffickers and organized crime groups often exploit major sporting events as opportunities to make quick money because the massive influx of visitors, temporary workers, and strained infrastructure creates perfect conditions for traffickers to operate while being largely undetected. At the same time, the stakeholders involved in countering this illegal activity — including law enforcement, civil society organizations, and financial institutions — stand ready to detect it, disrupt it, and protect vulnerable individuals who are exploited by criminal actors.

Indeed, close coordination and collaboration among these entities in advance of the games is key. To that end, the Association of Certified Anti-Money Laundering Specialists (ACAMS) and ¶¶ŇőłÉÄę are collaborating on a virtual and live event series to support these planning counter-trafficking efforts among stakeholders in several local cities this Spring.

Why major sporting events attract human trafficking activity

Not surprisingly, large crowds draw business opportunities whether they are legitimate or illicit. Collaboration between public and private entities underscore spikes in human trafficking activity. For example, during a recent large sporting event in 2025, ¶¶ŇőłÉÄę Special Services partnered with federal law enforcement and other partners to identify nine adult encounters & services offered, which led to the recovery of two juveniles from sex trafficking and three state arrests

Common industries that involve the exploitation of vulnerable individuals include hospitality, construction, illicit massage businesses, escort services, and adult content production. The chaos of events and large influx of people mask the reality that exploitation is happening and makes detection significantly more challenging during these high-traffic periods.

Human traffickers and organized crime groups often exploit major sporting events as opportunities to make quick money because the massive influx of visitors, temporary workers, and strained infrastructure creates perfect conditions for traffickers to operate while being largely undetected.

Critically, understanding human trafficking as a business model depends on the recruitment of vulnerable people and access to money flows. These aspects of the business are also where detection can occur. Financial institutions and money service businesses can identify suspicious transactions related to human trafficking by understanding and recognizing specific transactional patterns, including payments to commercial sex advertisement websites, round-dollar peer-to-peer transactions, and merchant services linked to illicit massage businesses.

This online footprint left by traffickers proves invaluable for detection. Investigators track advertisements across adult services websites, identifying criminal networks through repeated phone numbers, distinctive emojis, and similar wording that may appear across multiple cities. However, smaller-scale operations present significant challenges as well. When the trafficker is an intimate partner or family member with limited transaction volumes, detection becomes exponentially more difficult without external intelligence.

Collaboration is key for prevention and detection

The most critical element for combating human trafficking at major sporting events is collaboration among anti-trafficking experts and employers of these professionals. Effective prevention requires building strong partnerships before these major events occur. Specific actions that can be taken include:

Establishing multi-sector task forces — The most successful anti-trafficking efforts involve joint task forces that combine federal, state, and local law enforcement with trusted private sector partners and supportive nonprofits or non-government organizations (NGOs) that offer victim services. This toolkit for large scale public events and other anti-trafficking toolkits are excellent resources for local host cities to use to execute these partnerships. These collaborative mechanisms allow different entities to share information in a timely manner.

Leveraging information sharing mechanisms — Financial institutions can use Section 314(b) authority for peer-to-peer information sharing between banks. This allows financial institutions to piece together fragments of suspicious activity that individually might seem insignificant but collectively reveal trafficking networks. Large federal agencies are consumed by multiple priorities and benefit from information sharing through Section 314(a) and assistance from financial sector partners during special operations to act as a force multiplier. Law enforcement also can benefit from detailed Suspicious Activity Reports (SARs) that contain specific dollar amounts, clear timelines, behavioral observations, and explicit keywords like human trafficking.

Preparing host cities by building networks and outreach in advance — Some World Cup host cities have already established human rights plans with robust collaborative systems within local task forces, government awareness campaigns, QR codes that link to support services, and multidisciplinary safety plans.

In addition, anti-trafficking professionals across all sectors are accessible and willing to help. Resources include national hotlines, such as the , referral directories on website, and the for cases involving minors. The most important step is simply reaching out to establish connections before crises occur.

Preparing for a safer event

The 2026 World Cup presents a pivotal moment to strengthen collaborative efforts against human trafficking across North America’s host cities. By establishing robust information-sharing networks between financial institutions, law enforcement, NGOs, and host communities before the tournament begins, stakeholders can transform heightened awareness into meaningful action that protects vulnerable individuals.

While traffickers will undoubtedly attempt to exploit the inevitable chaos surrounding a major event like the World Cup, a coordinated, multi-sector response grounded in shared intelligence, victim-centered approaches, and proactive preparation can disrupt their operations and ensure that the world’s celebration of soccer doesn’t come at the cost of human dignity and freedom.

You can find out more aboutĚýhow organizations are trying to fight against human rights crimes here

Key highlights:

• • • Map risks before building— Distinguish between foreseeable harms that may be embedded in your product’s design and potential misuse by bad actors.

    • Safety processes need real authority— An AI safety framework is only credible if it has the power to delay launches, halt deployments, or mandate redesigns when human rights risks outweigh business incentives.

    • Triggers enable proactive intervention— Define clear, automatic review triggers such as product updates, geographic expansion, or emerging patterns in user reports to ensure your safety processes adapt as risks evolve rather than reacting after harm occurs.

In recent months, the human cost of AI has become impossible to ignore. after interacting with AI chatbots, while generative AI (GenAI) tools have been weaponized to create that digitally undress women and children. These tragedies underscore that the gap between stated values around AI and actual safeguards remains wide, despite major tech companies publishing responsible AI principles.

, a senior associate at , who works at the intersection of technology and human rights, argues that closing this gap requires companies to: i) systematically assess both foreseeable harms from intended AI use and plausible misuse by bad actors; and ii) build safety processes powerful enough to actually stop launches when risks to people outweigh commercial incentives.

Detailing the two-step framework for anticipating and addressing AI risks

To build effective AI safety processes, companies must first understand what they’re protecting against, then establish credible mechanisms to act on that knowledge.

Step 1: Mapping foreseeable arms and intentional misuse

When mapping AI risks during “responsible foresight workshops” with clients, Richard-Carvajal says she takes them through a process that identifies:

• • foreseeable harms that emerge from a product’s design itself. For example, algorithm-driven recommender systems — which often are used by social media platforms to keep users on the site — are designed to drive engagement through personalized content, and are well-documented in amplifying sensationalist, polarizing, and emotionally harmful content, according to Richard-Carvajal.

• • intentional misuse that involves bad actors who may weaponize technology beyond its purpose. Richard-Carvajal points to the example of Bluetooth tracking devices, which initially were designed to help people find lost items, but were quickly exploited by stalkers, who placed them in victims’ handbags in order to track their movements and in some cases, to follow them home.

Tactically, the role-playing use of “bad actor personas” by Richard-Carvajal and her colleagues can help clients imagine misuse scenarios and help ensure companies anticipate harm before it occurs rather than responding after people have been hurt.

Step 2: Building a credible AI safety process

Once risks are identified, Richard-Carvajal says she advises that companies identify mechanisms to address them.ĚýThe components of a legitimate AI safety framework mirror the structure of robust human rights due diligence by centering on the risks to people.

Indeed, Richard-Carvajal identifies core components of this framework, which include: i) hazard analysis and to anticipate both foreseeable harms and potential misuse; ii) incident response mechanisms that allow users to report problems; and iii) ongoing review protocols that adapt as risks evolve.

Continual evaluation of new emerging risks is needed

As AI capabilities advance and deployment contexts expand, companies must continuously reassess whether their existing safeguards remain adequate against evolving threats to privacy, vulnerable populations, human autonomy, and explainability. Richard-Carvajal discusses each one of these factors in depth.

Privacy — Traditional privacy mitigations, such as removing information that leads to identifying specific individuals, are no longer sufficient as AI systems can now re-identify individuals by linking supposedly anonymized data back to specific people or using synthetic training data that still enables re-identification. The rise of personalized AI — in which sensitive information from emails, calendars, and health data aggregates into comprehensive profiles shared across third-party providers — can create new privacy vulnerabilities.

Children — Companies must apply a heightened risk lens for vulnerable populations, such as children, because young users lack the same capacity as adults to critically assess AI outputs. Indeed, the growing concerns around AI usage and children are warranted because of AI-generated deepfakes involving real children are being created without their consent. In fact, Richard-Carvajal says that current guidance calls for specific child rights impact assessments and emphasizes the need to engage children, caregivers, educators, and communities.

Cognitive decay — A growing concern is that too much AI usage can harm human autonomy and contribute to a decline in critical thinking. This occurs when , and it has the potential to undermine their human rights in regard to work, education, and informed civic participation.

Meaningful explainability — Companies’ commitment to explainability as a core tenet of their responsible AI programs was always a challenge. As synthetic AI-generated data increasingly trains new models, explainability becomes even more critical because engineers may struggle to trace decision-making through these layered systems. To make explainability meaningful in these contexts, companies must disclose AI limitations and appropriate use contexts, while maintaining human-in-the-loop oversight for consequential decisions. Likewise, testing explanations should require engagement with actual rights holders instead of just relying on internal reviews.

Moving forward safely

While no universal checklist exists for AI safety, the systematic approach itself is non-negotiable. Success means empowering engineers to identify and address human-centered risks early, maintaining ongoing stakeholder engagement, and building safety processes that have genuine authority to delay launches, halt deployments, or mandate redesigns when human rights outweigh commercial pressures to ship products.

If your company builds or deploys AI, take action now: Give your engineers and risk teams the authority and resources to identify harms early, keep continuous engagement with affected people and independent stakeholders, and create governance that have the power to keep harm from happening.

Indeed, companies need to make sure these steps go beyond simple best practices on paper and make these protective processes operational, measurable, and enforceable before their next product release.

You can find more about human rights considerations around AI in our ongoingĚýHuman Layer of AI seriesĚýhere

Key highlights:

• • • Principles need a repeatable process —ĚýResponsible AI commitments become real only when companies systematize human rights due diligence to guide decisions from concept through deployment.

    • Policy and engineering teams should co-own safeguards — Ongoing collaboration between policy and technical teams can help translate ideals like fairness into concrete requirements, risk-based approaches, and other critical decisions.

    • Engage, anticipate, document, and improve continuously —ĚýInvolving impacted communities, running regular foresight exercises (such as scenario workshops), and building strong documentation and feedback loops make human rights accountability durable, instead of a one-time check-the-box exercise.

More and more companies are adopting responsible AI principles that promise fairness, transparency, and respect for human rights, but these commitments are difficult to put into practice when it comes to writing code and making product decisions.

, a human rights and responsible AI advisor at Article One Advisors, works with companies to help turn human rights commitments into concrete steps that are followed across the AI product lifecycle. He says that the key to bridging the gap between principles and practice is embedding human rights due diligence into the framework that guides product development from concept to deployment.

Operationalizing human rights

Human rights due diligence involves a structured process that begins with immersion in the process of building the product and identifying its potential use cases, whether it is an early concept, prototype, or an existing product. This is followed by an exercise to map the stakeholders who could be impacted by the product, along with the salient human rights risks associated with its use.

From there, the internal teams collectively create a human rights impact assessment, which examines any unintended consequences and potential misuse. They then test existing safeguards in design, development, and how and to whom the product is sold. “Typically, a new product will have many positive use cases,” explains Natour. “The purpose of a is to find the ways in which the product can be used or misused to cause harm.” In Natour’s experience, the outcome is rarely a simple go or no-go decision. Instead, the range of decisions often includes options such as go with safeguards or go but be prepared to pull back.

The use of human rights due diligence in the AI product lifecycle is relatively new (less than a decade old) and as Natour explains, there are five essential actions that can work together as a system:

1. Encourage collaboration between policy and engineering teams

Inside most companies, responsible AI is split between policy teams, which may own the principles, and the engineering teams, which own the systems that bring those principles to life. Working with companies, Natour brings these two functions together through a series of workshops to create structured, ongoing collaboration between human rights and responsible AI experts and the technical teams to better co-develop responsible AI requirements.

In the early stages of the collective teams’ work, the challenges of turning principles into practice emerge quickly. For example, the scale of applications and use cases for an AI product can make it difficult to zero in on those uses that . Not all products or use cases need to be treated equally, says Natour, and companies should identify those that could potentially cause the most harm. Indeed, these most-harmful uses may involve a “consequential decision” such as in the legal, employment, or criminal justice fields, he says, adding that those products should be selected for deeper due diligence.

2. Consider the principles at each stage of the development process

Broad principles and values, such as fairness and human rights, should be considered at each stage of the lifecycle. For the principle of fairness, for example, teams may assess which communities will use this product and who will be impacted by those use cases. Then, teams should consider whether these communities are represented on the design and development teams working on the product, and if not, they need to develop a plan for ensuring their input.

3. Engage with impacted communities and rightsholders

Natour advocates for companies to actively engage with impacted communities and stakeholders, including those who are potential users or who may be affected by the product’s use. This could be the company’s own employees, for example, especially if the company is developing productivity tools to use internally in their workplace. Special consideration should be given to vulnerable and marginalized groups whose human rights might be at greatest risk.

External experts, such as Natour and his colleagues, hold focus groups with such stakeholders as . The feedback from focus groups can then be used to influence model design, product development, as well as risk mitigation and remediation measures. “In the end, knowing how users and others are impacted by your products usually helps you make a better product,” he states.

4. Establish responsible foresight mechanisms

To prevent responsible AI from becoming a one-time check-the-box exercise, Natour says he uses responsible foresight workshops and other mechanisms as a “way to create space for developers to pause, identify, and consider potential risks, and collaborate on risk mitigations.”

The workshops use personas and hypothetical scenarios to help teams identify and prioritize risks, then design concrete mitigations with follow-on sessions to review progress. Another approach includes developing simple, structured question sets that push product teams to pause and think about harm. For example, Natour explains how one of his clients includes the question: What would a super villain do with this product? in order to help product teams identify and safeguard against potential misuse.

5. Create documentation and feedback loops for accountability

As expectations around assurance rise from regulators, customers, and civil society, strong documentation and meaningful, accessible transparency are essential, says Natour.ĚýClear, succinct, and accessible user-facing information about what a model does and does not do, about data privacy, and other key aspects can help users understand “what happens with their data, as well as the capabilities and the limitations of the tool they are using,” he adds.

Further, transparency should enable two-way communication, and companies should set up feedback loops to enable continuous improvement in the ways they seek to mitigate potential human rights risks.

The hardwired future

Effectively embedding human rights into the AI product lifecycle starts with a shared governance model between a company’s policy and engineering teams. Together they can collectively hardwire human rights into the way AI systems are imagined, built, and brought to market.

You can find more about human rights considerations around AI in our here

Key insights:

• • • Effective human rights due diligence — Human rights can be hardwired into procurement by setting standards that include clear documentation thresholds, a code of conduct that bans forced labor and trafficking, a supplier assessment questionnaire, a locally informed worker safeguards addendum, and a risk-based vendor-grading rubric.

    • Procurement should feature human rights enforceable obligations — Further, human rights can be hardwired into commitments, such as request for proposals, vendor evaluation, and contract clauses.

    • Engaging unions and community groups early can lead to strong execution — Effective implementation relies on early stakeholder structures (unions, community groups, etc.), robust worker grievance mechanisms, and independent interviewers, complemented by AI-driven monitoring and continuous, rapid risk response.

Mega sporting events can have a significant impact on local economies, but they also pose substantial human rights risks, including labor exploitation, forced displacement, and sex trafficking. With the Super Bowl and Winter Olympics coming up next month, and the World Cup in summer, it’s crucial that organizations, communities, and governments prepare now to mitigate any human rights problems with these events.

As an advisor to host cities on human rights with more than a decade of experience now as the chief executive of , I have seen firsthand how the right commitments and responsible contracting practices can help mitigate these risks. By prioritizing human rights and adopting robust contracting practices, the cities that host these mega sporting events can ensure a positive legacy that extends beyond the event itself.

This was a recent topic at an event hosted by ¶¶ŇőłÉÄę and the International Labor Organization as part of its in which representatives from host cities, civil society organizations, and governments came together to discuss best practices to turn commitments around human rights into action during the FIFA World Cup games later this year. As a participant in this event, Henekom shared our approach in translating high‑level human rights commitments into context‑specific safeguards in order to create the social architecture that aligns organizational practice with community needs.

January is National Human Trafficking Prevention Month in the United States.ĚýCheck out our Human Rights Crimes resource center to learn how toĚýstop and prevent human trafficking

Centering human rights by using rigorous contracting standards starts with local jurisdictions working with multidisciplinary stakeholders to embed strong and comprehensive policies and protocols at all stages of event planning. In my experience, an all-inclusive approach typically shares five elements:

1. 1. 1. Clear thresholds in human rights documentation that are designed for speed of business.
      2. Code of conduct with essential ingredients, which include explicit bans on forced labor, trafficking, and other exploitation.
      3. Supplier assessment questionnaire (SAQ) that flags geographic and sector risk, such as temporary labor of food service employees.
      4. Worker safeguards addendum (WSA) that is built from local labor stakeholders who have lived concerns that help to translate the United Nations Guiding Principles on Business and Human Rights (UNGPs) into local realities.
      5. Risk-based grading rubric for vendors that weights SAQ and WSA responses and turns them into a contracting risk rating.

In my experience, implementing these policies and tools deeply within the organization means embedding requirements at three critical junctures: i) request for proposals (RFPs); ii) vendor evaluation as part of the selection process; and iii) contract clauses. First, when subject-matter experts draft RFPs, the workflow should force-check human rights and sustainability language (or auto-insert standard clauses). Second, during vendor evaluation, the human rights team grades each SAQ/WSA and assigns a risk-based score. Third, contracts must lock in enforceability with particular emphasis on audit rights, corrective action plans, termination for cause, access to remedy, and accountability mechanisms, such as payment withholding.

Vendor contract agreements between the host cities and primary contractors are the best vehicle to incorporate enforcement of these rights. Likewise, provisions for these rights should also be incorporated into contracts between primary contractors and any subcontractors.

Centering human rights by using rigorous contracting standards starts with local jurisdictions working with multidisciplinary stakeholders to embed strong and comprehensive policies and protocols at all stages of event planning.

Temporary labor at mega sporting events — which include individuals working in private security, souvenir sales, construction, janitorial, and food service — adds complexity but does not have to stifle efforts to honor decent work and other human rights. With a solid sourcing policy, vendors get practical tools and technical assistance to implement requirements quickly.

Common examples include building a checks-and-balances loop with worker centers to receive complaints, and data reporting to track hours, wages, recruitment fees, and grievance outcomes. The risk-based grading rubric for vendors ideally determines the monitoring intensity, frequency of site visits, and reporting cadence.

Effective approaches for implementation

Beyond contract language, the following three actions and tools to help instill accountability in human rights commitments are recommended:

Working with stakeholders from day one — To effectively safeguard human rights, it’s crucial to establish standing stakeholder structures, such as advisory councils and labor roundtables, in order to co-create standards and monitor progress with unions and community groups. By doing so, organizations can ensure workers’ voices are heard, issues are escalated, and commitments are translated into tangible results through collective action and remediation advice.

Centering workers and ensuring access to grievance mechanisms — Establishing on-site, back-of-house centers for workers with confidential and multilingual intake processes, along with clear resolution pathways, is an effective way to drive accountability and reinforce human rights commitments. Using trained, independent worker interviewers with unannounced access to ensure compliance across venues, shifts, and subcontractor tiers further adds to this accountability.

Together, these approaches provide a means for workers to report concerns, verify compliance with policy requirements, and ensure that human rights are respected throughout the supply chain.

Using AI to fortify accountability — AI offers powerful tools for detecting and preventing labor exploitation in supply chains through automated monitoring and pattern recognition. Likewise, natural language processing may be able to analyze hotline transcripts and grievance logs to identify trends.

Even with the best policies and accountability tools, however, risks still persist because operating and business conditions are dynamic. New suppliers are added late, or a hot day turns into potentially harmful working conditions. This makes human rights due diligence a continuous requirement with ongoing risk monitoring, fast incident response, and a humble posture to make it right quickly, transparently, and fairly.

If host cities want a legacy that lasts beyond the mega sporting events’ closing ceremony, it is critical to ensure that the people who made the spectacle possible were seen, protected, paid, and heard. Doing the right thing is strategy — contracts and worker-centered approaches are how it shows up on the ground.

You can find out more about how organizations are trying to fight against human rights crimes here

Key takeaways:

• • • Clean energy takes center stage in corporate AI initiatives — Access to cheap, low‑carbon power will become a core driver of AI competitiveness, especially in the US, where electricity costs are on the rise.

• • • Corporate buyers of AI will exert new leverage over suppliers — Corporate buyers will increasingly use their purchasing power to push data center operators to align AI build‑outs with local climate, water, and community expectations — not just to supply more metrics.

    • AI’s human labor layer enters mainstream due diligence — AI labor supply chains will be brought into the mainstream supply chain and require human rights due diligence.

As we enter 2026, there are three main themes that many corporations will need to manage around issues of renewable energy, AI supplier behavior, and labor.

Theme 1: Renewables move to the center of corporate AI strategies

In 2026, AI competitiveness and energy policy will be tightly fused. With AI workloads driving up electricity demand amid datacenter buildouts, particularly in the United States, access to renewable energy sources in the form of abundant, cheap, low‑carbon power becomes a decisive factor in AI pricing and availability.ĚýCountries and companies that lock in this advantage early will shape AI deployment patterns for the rest of the decade.

“The economics of renewable energy are what is causing it to accelerate, even in the US,” says , an expert in sustainability and business. “Despite the political winds, the fact is that wind and solar are growing faster… because it is cheaper, better energy.”

In addition, countries and firms with large, subsidized renewable energy capabilities and flexible grids, such as China’s massive solar, wind, and hydro infrastructure, will have a low-cost advantage. (However, countries’ push for AI may counteract this by prompting governments to prioritize domestic AI stacks over purely cost‑optimized ones.) Yet, combining this asset , such as Kimi K2 and DeepSeek, it is not outside the realm of possibility that the country could emerge in the top spot in AI development and innovation.

Corporate pressure to increase AI adoption for efficiency combined with stakeholder expectations of investing in a low-carbon future will make renewables the center of corporate AI strategies. Increasingly, companies will be asked where their computers run, what energy mix powers them, how cost effective that energy mix is, and whether companies are effectively endorsing environmentally and socially harmful projects in host communities.

Theme 2: Local backlash forces suppliers and companies to confront AI’s impact

Over the last few years, big names among AI infrastructure providers have tried to take advantage of the AI revolution, in AI-related data centers, cloud systems, and other infrastructure with no end in sight over the next few years.

Despite the demand, local communities in which large data center construction projects are planned are pushing back. According to , $64 billion of data center projects in the US have been blocked or delayed amid local opposition since 2025. This opposition comes in part because of concerns regarding , strains on local water and natural resources, and the reduction of working farmland from data center rezoning attempts in rural communities.

In fact, AI data centers are pushing up electricity demand and fueling higher electricity prices for many US households. And, as retail electricity price increases over the next couple of years are likely to continue, it will be in part because of consuming more electricity.

As a result, the demand from stakeholders — in particular, those from local communities including local and state politicians — for increased transparency on the environment and social impacts of corporate AI services is likely to surge. In turn, corporate buyers of AI services will put pressure on the big AI service suppliers to provide more precision in the locations of such data systems as well as disclose more associated sustainability data, such as energy sources, grid impacts, and their level of community engagement where large AI infrastructure is based.

To deal with these competing priorities, boards of companies using AI services will need to reconcile AI cost‑cutting with their transition commitments by ensuring that cost advantages are not built on externalizing environmental and social harms.

Not surprisingly, in 2026, more boards will be drawn into explicit debates about whether AI‑driven cost savings justify exposure to higher community, political, and regulatory risk. This turns questions about data center locations and power contracts into mainstream agenda items.

Theme 3: The human layer of AI emerges as a centerpiece of the supply chain

The idea that AI is automating everything will sit uncomfortably alongside a growing recognition that large‑scale AI depends on a largely invisible workforce. Across the full AI life cycle of products — some of which rely on models that utilize labor in data collection, curation, annotation, labeling, evaluation, and content moderation — there are thousands of workers performing the tasks that make models safe, accurate, and usable.

As AI systems scale across sectors, demand for this human labor increases in volume and complexity, according to , a human rights expert at Article One Advisory. Indeed, much of it remains outsourced, precarious, or gig‑based (often in the Global South), with low pay, weak protections, and exposure to psychologically harmful content rampant. Civil society, unions, and regulators are beginning to connect AI innovation with labor rights and occupational health; and this reality makes the human layer of AI a frontline human rights issue rather than a technical detail.

The for AI‑related labor is likely to move from a niche concern to a mainstream pillar of corporate human rights due diligence. Companies will be under pressure to know what subcontractors and suppliers are doing to ensure human rights for individuals doing AI data enrichment and moderation work, under what conditions, and through which intermediaries.

Following the evolution of how conflict minerals or modern slavery have been integrated into supplier management, a shared view of AI labor supply chains by corporate procurement, legal, product management, and sustainability teams will materialize.

Forward into 2026

As AI becomes embedded in the infrastructure of daily life, companies will face mounting pressure to demonstrate that their AI strategies align with human rights and environmental commitments, not just efficiency gains. The convergence of these three themes signals that transparency in AI governance in 2026 will be inseparable from broader corporate governance and responsibility. And those organizations that treat these themes as compliance checkboxes rather than fundamental design principles will risk both reputational damage and operational disruption in an increasingly scrutinized landscape.

“Companies that fear the exaggerated risk of attracting the ire of activists are underestimating the greater risk of losing the goodwill of customers, investors, and employees that they need,” Friedman adds.

You can find out more about how companies are managing issues of sustainability here

Key highlights:

• • • Human rights risks are elevated for data enrichment workers — Data enrichment workers can face low and unstable pay, overtime pressure driven by buyer timelines, harmful content exposure with weak safeguards, limited grievance access, and uneven legal protections that hinder workers’ collective voice.

    • Human rights due diligence is essential for companies — Companies as buyers of these services must map subcontracting tiers, assess risk by employment model, document worker protections down to Tier-2 and Tier-3 suppliers, and audit and monitor their own rates, timelines, and payment terms to avoid reinforcing harm to workers.

    • Responsible contracting and remedy are a necessity — Contracts should embed shared responsibility, and include fair rates, predictable volumes, realistic deadlines, funded health & safety and mental‑health supports, effective grievance channels, and remediation.

Demand for data enrichment work has surged dramatically with the rapid development and expansion of AI technology. This work encompasses collecting, curating, annotating, and labeling data, as well as providing model training and evaluation — all of which are critical activities that improve how data functions in technological systems.

However, the workers performing these tasks currently operate under different employment models, according to from Article One Advisors, a corporate human rights advisory firm. Some workers are in-house employees at major AI developers, others work for business process outsourcing (BPO) companies, and many are independent contractors on gig platforms on which they bid for tasks and get paid per piece.

Human rights issues in data enrichment work

Data enrichment workers sit at the sharp end of the AI economy, yet many struggle to earn a stable, decent income. In particular, pay for gig workers often falls short of a living wage because tasks are sporadic, payments can be delayed, and compensation is frequently piece‑rate. Because work flows through , fees and margins get skimmed at each layer and shrink take‑home pay — another area of exploitation for today’s digital labor workforce.

In addition, another human rights issue at work is their right to rest, leisure, and family life and, in some places, even breaching guidance from the International Labour Organization (ILO) or local labor laws. Buyer purchasing practices with aggressive deadlines are a significant upstream driver of this overtime pressure.

National labor protections vary widely, and platform workers in particular often fall through regulatory gaps.

For many, the work itself carries health risks. Labeling and moderation can require repeated exposure to violent or graphic content, with well‑documented mental‑health impacts. Yet safeguards are uneven. Indeed, workers may lack protected breaks, task rotation, mental‑health support, adequate insurance, or the option to switch assignments. Even when content is not graphic, strain shows up as ergonomic problems, stress, and disrupted sleep.

When harm occurs, remedy can be hard to access. Platform-based work setups often provide no clear, trusted point of contact, and reports of retaliation deter complaints. Effective operational grievance mechanisms can be missing, and this leaves workers without credible paths to redress.

Finally, national labor protections vary widely, and platform workers in particular often fall through regulatory gaps. Because work is individualized and online, forming unions or works councils is harder. This weakens workers’ collective voice just where and when it is most needed to identify risks, negotiate improvements, and secure remedies.

Due diligence for companies buying data enrichment services is essential

When companies procure data enrichment services, they must recognize that respecting human rights extends throughout the entire value chain and not just with themselves and their direct suppliers. Companies creating trusted partnerships with their suppliers helps to identify issues before they become harmful and create mutual accountability for the humans behind the algorithms.

Article One Advisors’ Lloyd explains that the mandatory baseline starts with human rights due diligence, and can be found in areas such as:

• • • Risk identification and assessment — The first step for companies is to identify and assess risksĚýby understanding their suppliers’ model. This means knowing which groups of workers are full-time employees, contracted workers, or platform-based gig workers. Each model carries different risk profiles.
    • Subcontractor ecosystem mapping — Tracing the subcontracting chainĚýto see how many layers exist between the supplier and the workers is essential. Fees and pressures compound at each tier of the value chain, says Lloyd.
    • Documentation of worker protections in Tier 2 and Tier 3 suppliers — Assessing and promoting worker protections for every layer of the value chain — which includes making sure the wage structures are clearly defined and equitable, health and safety measures are adequate, and protections for exposure to harmful content and effective grievance mechanisms exist — are baseline elements of human rights due diligence.
    • Examination of company’s own practices — Finally, it is necessary for companies to ensure that their own procurement standards and contracts are not reinforcing human rights harms. This includes companies confirming that their contract terms, timelines, and payment schedules are not inadvertently forcing suppliers to cut corners.

Responsible contracting and remedy mechanisms

Companies as buyers of data enrichment services also must instill shared responsibility in owning worker outcomes among themselves, BPOs, platforms, and model developers. Comprehensive, clear human-rights standards, living-income benchmarks, and shared responsibility are essential elements of good purchasing practices. More specifically, these require fair rates for work, predictable volume expectations, and realistic timelines to make sure suppliers do not push excessive hours. In addition, budgets should include cost-sharing for audits, key risk management measures (such as mental health support), and occupational health and safety controls.

Smart remediation turns harmful situations into improved conditions by providing back-pay for underpayment, medical and psychosocial care after exposure to harmful content, contract adjustments to remove perverse incentives, and time-bound corrective action plans co-designed with worker input. As a last resort when buyer and supplier need to part ways, a responsible exit is planned with notice, transition support, and no sudden contract termination that strands workers.

Similarly, grievance mechanisms for platform workers — who are often dispersed across geographics, classified as independent contractors, and lack line managers or union channels — need to be contractually documented. Effective grievance redressal needs to include confidential mechanisms and remediation processes, in-platform dispute tools, independent individuals to investigate complaints, multilingual facilitation, and joint buyer-supplier escalation paths to bridge gaps in labor-law protection and deliver credible remedies at scale, Lloyd notes.

Promoting quality through worker well-being

Protecting data enrichment workers is not only an ethical imperative but also essential for AI quality itself. When workers face excessive hours, inadequate pay, or harmful content exposure without proper support, the resulting stress and burnout directly impact data quality outcomes. Companies must recognize that responsibility for worker well-being and quality data outcomes extend throughout the entire value chain and does not solely rest with BPOs providers alone.

You can find more about the challenges companies and their workers face from forced labor in their supply chain here

Key insights:

• • • An uneven regulatory environment — While some nations (like Chile, Thailand, and South Korea) are implementing ambitious new laws for corporate human rights and environmental due diligence, the EU’s CSDDD, which is facing significant delays and potential weakening, creates a fragmented regulatory environment.

    • Litigation risk is increasing — Companies are facing growing litigation risk from both greenwashing claims and climate-related human rights cases, and this highlights the legal and reputational dangers of failing to meet stakeholder demands.

    • Disclosure risk is an issue — Companies are facing a dilemma in that while proactive compliance and transparent reporting can build trust and avoid disputes, voluntary disclosures can also become legally binding and expose them to liability.

The year 2025 has brought changes to the global landscape of supply chain risk management and corporate responsibility for human rights. Countries such as Chile, South Korea, and Thailand are actively considering or are drafting and introducing ambitious new rules that raise the bar for corporate accountability. At the same time, the Europe Union’s Corporate Sustainability Due Diligence Directive (CSDDD), which was once seen as a benchmark for responsible supply chain management, has faced delays and significant pushback.

In the meantime, companies face challenges in how they should move forward without harmonization and specificity in the regulatory and legal landscape.

Positive and negative legislative steps

So far this year, several countries have advanced strong new laws to hold corporations accountable for human rights and environmental impacts, says , Senior Policy Associate at , which is a global non-governmental organization that helps communities defend their environmental and human rights.

For example, the National Congress of Chile is considering bills that propose requiring corporations of a certain size to implement and report on due diligence efforts with respect to human rights, the environment, and climate change; and the Thailand’s Ministry of Justice is drafting a mandatory due diligence law to ensure products are free from exploitative labor and environmental harm, Berry explains.

Advocates in human rights climate cases contend that the adverse effects of climate change undermine fundamental human rights, including the rights to life, health, food, water, and liberty.

South Korea’s new legislation enacts corporate requirements through mandates in comprehensive due diligence, a Victim Support Fund, and robust grievance procedures. “The legislation is progressive because of its broad applicability, even to financial sector actors,” Berry says. “It requires accountability for human right due diligence at every stage of a supply chain, and it mandates that business enterprises of a certain size are equipped to proactively respond to grievances and facilitate remedy where harm is found.”

This legislation is significant because it would require actors across global supply chains to engage with human rights and environmental abuses regardless of whether impacts are deemed financially material.

Other regions may be moving the other way on corporate accountability, however. Recent developments in the CSDDD may have weakened its impact, with the first occurring in early 2025 and referred to as the stop the clock directive that has delayed implementation by a year. In addition, a proposal was made to raise company size thresholds, meaning that fewer companies would be mandated to report under CSDDD if this change takes effect.

The final requirements are unlikely to be defined until early 2026 “because of the lengthy legislative process in the European Union,” says , Partner at Gibson Dunn. “The directive must be negotiated and agreed upon by three EU bodies, which are the European Commission, the European Parliament, and the Council (representing Member States). Each body needs to develop and present its own proposal, and only after all proposals are on the table, which is expected by the end of October 2025, will the trilateral negotiations begin.”

Companies in a tough spot

Litigation risk, referred to in sustainability circles as greenwashing, is growing for corporations as civil society organizations become more active in bringing claims related to environmental claims and human rights abuses. Consumers, especially younger generations like Gen Z, are increasingly expecting higher standards and greater transparency from businesses.

Community participants are also active in bringing climate-related litigation. Advocates in human rights climate cases contend that the adverse effects of climate change undermine fundamental human rights, including the rights to life, health, food, water, and liberty. Indeed, high-profile lawsuits, such as , illustrate the expanding global threat of legal action for companies that fail to meet stakeholder expectations.

“There was recently a case in Germany where a Peruvian farmer was trying to get damages from a German utility provider,” Fromholzer explains. The farmer argued that the utility provider’s greenhouse gas emissions contributed to the melting of glaciers in Peru and that this threatened the farmer’s hometown with flooding. While the claim was not successful, climate change groups hailed it as a win because the judges stated that energy companies could be held responsible for the costs caused by their carbon emissions.

Today, many corporations find themselves in a difficult position as they navigate mounting risks from both proactive and reactive approaches to sustainability and human rights reporting and compliance. On one hand, adopting proactive compliance strategies and robust grievance mechanisms can help companies avoid costly disputes and build stakeholder trust, but it is not without danger. Public disclosures of this information — even voluntarily — can later become legally binding and expose companies to liability.

Companies face challenges in how they should move forward without harmonization and specificity in the regulatory and legal landscape.

Yet, adopting proactive compliance strategies could offer advantages to those companies facing evolving regulatory requirements and social expectations. By implementing robust grievance mechanisms and addressing risks early, businesses can avoid costly litigation, reputational damage, and regulatory penalties.

“Accountability mechanisms and grievance mechanisms aren’t scary,” Berry says. “They help to harmonize relationship with these communities… rather than approach these issues defensively [and] litigiously, why not approach them proactively?” Indeed, early action can often future-proof operations and build trust with stakeholders.

At the same time, publishing corporate statements on a voluntary basis without the specifics of final legal requirements in legislation holds risk as well. Fromholzer cautions that in the case of CSDDD, voluntary disclosures made today may become legally binding statements required by the EU’s Corporate Sustainability Reporting Directive (CSRD) that could be used in future litigation.

A published statement based on the requirements of CSRD “is now a legally binding statement which you really must be able to defend at the risk of liability,” Fromholzer says. “It is no longer marketing but now is part of the annual accounts with all the liability attached to it… [companies] are cornered from both sides. Again, one is the greenwashing approach, and the other one is the legally binding nature of the statements they are now forced to make.”

Recommended steps for companies

Either way, companies implementing robust grievance mechanisms and publishing accurate statements backed by auditable data with assurance is a pathway forward through the complex terrain of risk. To effectively address human rights and environmental risks, Berry suggests considering the expectations outlined by for lawmakers advancing human rights and environmental due diligence laws.

To begin, companies should conduct a comprehensive mapping of their entire supply chain, including subsidiaries and business partners, to identify and evaluate potential risks. Then, companies must create and publicly release comprehensive due diligence policies that align with international standards, such as the and . Finally, companies must implement effective grievance systems that provide accessible, safe, and responsive channels for stakeholders to raise concerns and seek redress. Maintaining ongoing dialogue with affected communities and rights-holders cultivates trust and guarantees their substantive involvement in business decision-making.

Once this implementation phase is complete, companies should regularly monitor their operations and publicly report on both adverse impacts and the effectiveness of remediation efforts. They should also consider assurance by a third party for risk mitigation.

Despite ongoing changes and uncertainties in global legislation, the movement toward greater corporate accountability continues to gain momentum. By aligning their practices and obtaining assurance for corporate reporting, companies can stay ahead of regulatory developments, build trust with stakeholders, and reduce their risk exposure.

You can find out more about how companies are navigating disclosure and reporting rules here