June 09, 2026
This essay is part of Shift’s series marking the 15th anniversary of the UN Guiding Principles on Business and Human Rights.
By Dr. Christine Chow*
Introduction: the governance gap and the Ruggie answer
When John Ruggie began his tenure as UN Special Representative on Business and Human Rights in 2005, globalisation had outpaced the capacity of states to regulate cross-border corporate conduct, leaving permissive environments in which serious human rights harms could occur with impunity. The UN Guiding Principles on Business and Human Rights (UNGPs), unanimously endorsed by the Human Rights Council in June 2011, were his answer1. They provided the first authoritative global standard, organised around three pillars – the State duty to protect, the corporate responsibility to respect, and access to remedy – and gave the field a shared vocabulary that survives to this day.
From the perspective of a portfolio manager or investment analyst, the UNGPs mattered because they translated loosely defined “social” risk into a structured concept – human rights due diligence (HRDD) – that could be benchmarked, engaged on and increasingly priced into valuations. This article traces the framework’s evolution from soft-law convening text into the conceptual engine of mandatory disclosure and liability regimes worldwide. It argues that the UNGPs have hardened in law – but that hardening is being politically contested, in a de-globalising world, with material consequences for issuers and investors.
The Ruggie framework and what changed in 2011
Pre-2011, the corporate human rights debate was deadlocked. The 2003 ‘UN Draft Norms’ had attempted a route to mandatory human rights obligations on companies, and failed2; the OECD Guidelines for Multinational Enterprises were voluntary, with weak enforcement through National Contact Points (NCPs) that had “slumped into disuse”3. Ruggie’s “principled pragmatism” reframed the problem. Pillar I of his proposed ‘Protect, Respect and Remedy’ framework – the foundation of the UNGPs – confirmed the State’s pre-existing duty under international human rights law. Pillar II articulated, for the first time, a corporate responsibility independent of State action – a social-licence expectation operationalised through HRDD: identifying, preventing, mitigating and accounting for impacts. Pillar III combined judicial and non-judicial remedy, including operational-level grievance mechanisms.
Crucially, the UNGPs introduced the analytical triad of “cause, contribute and directly linked” – three distinct tiers describing a company’s relationship to a human rights harm, each carrying its own remedial expectation. A company that causes harm must cease and remediate it; one that contributes must cease its contribution, remediate it and use leverage to mitigate any remaining impact; and one whose operations, products or services are directly linked to harm through a business relationship is expected to use its leverage to seek to influence the entity causing the harm, even where it has not contributed to the harm itself.
Although “directly linked” appears to be the most remote tier of involvement under the UNGP framework, it is the one that defines the financial sector’s exposure. A capital provider will rarely cause a human rights harm and infrequently contribute to one, but each is routinely linked to harm through the financing or commercial relationship that makes the harm possible.
Diffusion (2011–2017): from principles to practice
The first wave of implementation of the UNGPs moved through three vectors.
First, the 2011 update of the OECD Guidelines incorporated a dedicated human rights chapter explicitly aligned with the UNGPs, the most consequential immediate adoption.4 The IFC Performance Standards5, ISO 260006 and Global Reporting Initiative (GRI) standards7 followed; National Action Plans (NAPs) proliferated, beginning with the United Kingdom in 20138.
Second, corporate uptake – albeit this was uneven. Early adopters such as Unilever9, Nestlé10 and Microsoft11 began publishing salient human rights issues reports; but adoption was slow in Southeast Asia and Sub-Saharan Africa where agribusiness and extractives industries dominate12. The UNGP Reporting Framework, supported by Federated Hermes and UK AID gave investors a comparable basis for engagement on UNGP disclosure13, and over 100 investee companies subsequently revised disclosures and practices in response.
Third – and most importantly for stewardship practice – OECD NCPs became the de-facto enforcement layer. NCP final statements adverse to a portfolio company acted as a strong stewardship signal. They are admissible evidence in subsequent civil litigation in some jurisdictions, are referenced by index providers and ESG ratings, and increasingly inform exclusion decisions by asset owners such as Norges Bank Investment Management (NBIM).
What is a National Contact Point (NCP)?
NCPs are state-based, non-judicial grievance offices established under the OECD Guidelines for Multinational Enterprises. Each of the 52 jurisdictions adhering to the Guidelines must host an NCP. Their role is twofold: to promote responsible business conduct, and to handle “specific instances” – complaints from any individual, NGO or trade union with a legitimate interest, alleging that a company operating in or from that jurisdiction has not observed the Guidelines.
NCPs cannot impose fines or compel parties to participate. They offer good offices, mediation and conciliation, and issue a public final statement that may include findings of non-observance and recommendations. Since the 2011 revision of the Guidelines incorporated the UNGPs in a new human rights chapter, the human rights due diligence (HRDD) standard is squarely within their remit, covering not only operating subsidiaries but also business relationships, lenders, investors and supply chains.
Two early cases set the tone. The UK NCP’s September 2009 final statement on Survival International v. Vedanta Resources found that the company had failed to engage the Dongria Kondh Indigenous community in adequate and timely consultations over the proposed Niyamgiri bauxite mine in Odisha and recommended that Vedanta integrate human and indigenous rights impact assessments into its project management14. The statement was widely credited with prompting divestment by the Church of England15 and reinforced existing exclusions by Norges Bank Investment Management (NBIM), which had already excluded Vedanta in 2007 on a separate Council on Ethics recommendation16 – an early demonstration that NCP findings could move capital even where they could not compel the company.
A decade later, in Lungowe v. Vedanta Resources [2019] UKSC 20, the UK Supreme Court held – at the jurisdictional stage – that Zambian villagers harmed by discharges from a different Vedanta subsidiary, Konkola Copper Mines, had an arguable claim that the UK-listed parent owed them a direct duty of care. Although the case settled in 2021 without admission of liability, Lungowe established that group-wide policies and public sustainability commitments could give rise to such a duty17 – converting a UNGP-style narrative about parent oversight into a concrete litigation risk.
POSCO International and Papuan palm oil: a defining test case
No single case better illustrates the post-Ruggie NCP system than the complaint against POSCO International. In December 2019, KTNC Watch (Korea), Yayasan Pusaka, WALHI Papua and SKP-KAMe (Indonesia) filed a specific instance with the Korean NCP, supported by Mighty Earth’s campaigning research18.
The complaint targeted three respondents: POSCO International as the controlling owner of PT Bio Inti Agrindo (PT BIA); the Korean National Pension Service (NPS) as institutional shareholder; and the Export-Import Bank of Korea (KEXIM) as lender. PT BIA had cleared roughly 27,000 hectares of rainforest in Merauke, Papua, allegedly without Free, Prior and Informed Consent (FPIC) of customary landowners and with downstream pollution of the Bian River19.
The case was novel for two reasons. First, the Korean NCP accepted KEXIM as a multinational enterprise within the scope of the OECD Guidelines, only the second time globally that an export credit agency had been so treated20. This extended the reach of HRDD expectations to public-sector financiers.
Second, the campaign produced a tangible policy outcome: in March 2020, POSCO International adopted a group-wide No Deforestation, No Peat, No Exploitation (NDPE) policy and pledged remediation, an engagement-driven shift faster than any that litigation could have delivered.
The Korean NCP’s January 2022 final statement, however, closed the case without securing on-the-ground remedy and was criticised by complainants for endorsing POSCO’s NDPE adoption and Roundtable on Sustainable Palm Oil (RSPO) certification as “best practice” without ground-truthing21.
Three lessons crystallise for portfolio managers. Equity and debt investors are now squarely “directly linked” to harm under UNGPs logic, with reputational and increasingly legal consequences. NCP outcomes can shift corporate policy faster than courts but rarely deliver remedy to rights-holders – they are signalling devices, not enforcement bodies. And certification labels such as RSPO or Forest Stewardship Council (FSC) are weak proxies for HRDD, a point reinforced by Mighty Earth’s parallel Korindo case at the FSC.22
The hardening phase (2017–2024): UNGP norms become law
The decisive shift after 2017 was the conversion of Pillar II into mandatory HRDD statutes.
France’s Loi de Vigilance (2017) pioneered statutory corporate due diligence backed by a civil liability mechanism. A wave of national regimes followed: the Netherlands’ Child Labour Due Diligence Act (adopted in 2019), Germany’s Lieferkettensorgfaltspflichtengesetz (in force 2023, with administrative penalties), the Norwegian Transparency Act (in force July 2022) and Switzerland’s parliamentary counter-proposal (in force 2022, after the Responsible Business Initiative passed the popular vote but failed the cantonal majority in November 2020)23.
The capstone was the EU Corporate Sustainability Due Diligence Directive (CSDDD), adopted in May 2024 and explicitly anchored in the UNGPs and OECD Guidelines. The UN Working Group on Business and Human Rights, in its UNGPs 10+ Roadmap (November 2021), endorsed mandatory HRDD as part of the “smart mix” of measures Ruggie originally envisaged in the UNGPs themselves (Principle 3)24.
For investors, three related developments were important in connecting the CSDDD to their role and interests. The Corporate Sustainability Reporting Directive (CSRD – the EU framework for sustainability disclosure) elevated human rights data from voluntary frameworks (GRI, SASB) to mandatory, audit-grade disclosure across issuers. The Sustainable Finance Disclosure Regulation (SFDR – the EU disclosure regime for asset managers) embedded UN Global Compact and OECD Guidelines violations directly in its mandatory Principal Adverse Impact (PAI) indicators – though the November 2025 SFDR 2.0 proposal would scale entity-level PAI reporting back to product-level only. And the Shareholder Rights Directive II (SRD II – the EU framework on stewardship and engagement) provided procedural rails for asset managers to vote and engage on these issues.
The pushback (2024–2026): resilience despite deregulation
In early 2025, the European Commission began a process of Omnibus revision packages tackling different EU laws with the stated objective of reducing the regulatory burden on EU business. The first Omnibus reopened the recently agreed CSDDD and the CSRD and led to a year of intense negotiations. The final Omnibus I package25, adopted in February 2026 and in force from 18 March 2026, has substantially scaled back the scope of companies covered by the CSDDD. The Directive now applies to firms with over 5,000 employees and €1.5 billion turnover, materially narrowing the scope from over 6,000 companies to 1,300; the EU-wide harmonised civil liability regime has been deleted (meaning that liability reverts to national law); mandatory Paris-aligned climate transition plans have been removed.
Fortunately, sustained civil society and investor campaigns alongside continued advocacy from supportive business voices preserved the risk-based model of human rights due diligence in line with the UNGPs and OECD Guidelines. This is the conceptual core Ruggie articulated in 201126.
On the one hand, with the in-scope universe of the CSDDD cut by 80%, and implementation deferred to financial year 2029, the CSDDD’s capacity to function as a hard-law floor for issuer behaviour is now much more limited than the 2024 text envisaged. On the other hand, the implications for investors are more nuanced than the headlines suggest.
For hundreds of companies, reputational, operational and litigation risk are now reinforced by legal harmonisation around the concept of risk-based due diligence itself. The implications of the legislation will flow through supply chains within and beyond the EU, so the limited number of companies directly in scope does not prevent the law from shaping practices in a much broader set of connected counterparties. Meanwhile, legislative initiatives in Switzerland, Malaysia, Indonesia and Thailand that had been waiting on the resolution of the Omnibus process are now reinforcing convergence around the same UNGP/OECD expectations.
UNGP-grade HRDD is therefore now the minimum expected practice based on a mix of law and other factors. Issuers that look to tick-box rather than meaningful compliance will find themselves exposed to scrutiny from national enforcement bodies in addition to civil society and asset owners.
Conclusion: from Ruggie’s vision to enduring investor expectations
Three observations follow from the journey initially embarked on by John Ruggie.
First, the conceptual durability of the UNGPs is striking. Even as the perimeter of EU legislation has narrowed, no competing framework has emerged. The vocabulary of salience, leverage, cause and contribution, FPIC, and access to remedy is now embedded in stewardship codes, ESG ratings, IFC standards and the training of investment analysts. And although the CSDDD’s in-scope perimeter has narrowed, the perimeter of investor expectations has not : stewardship policies, exclusion frameworks and SFDR PAI indicators apply UNGP-grounded standards across the full investee universe, regardless of whether the issuer falls within the Directive’s revised thresholds.
Second, mechanism limits are now widely understood. NCPs, as the POSCO Papua case demonstrated, are uneven and rarely deliver remedy. They function best as escalation signals feeding investor engagement and litigation strategies, not as standalone remedy channels.
Third, the test of the next decade is whether the move of HRDD into hard law brings substantive results, driving real prevention and remedy, or collapses into tick-box compliance.
Ruggie himself maintained that the Principles were not focused on creating new international law obligations, but were intended to elaborate the implications of existing standards into a coherent template. The hardening of that template is the story of the past 15 years. For investors, the signal worth watching is whether issuers routinely demonstrate evidence of using their leverage to mitigate and remediate identified harms. This is the expectation set by Ruggie, and the unfinished work of the next decade.
* Dr. Christine Chow has 25+ years’ experience in investment management focused on technology, governance and sustainability. She was Managing Director at UBS Asset Management, leading global stewardship, thematic research and impact engagement, and previously global Head of Stewardship at HSBC Asset Management and a board member of HSBC Asset Management UK Limited, and Head of Asia and global technology at Federated Hermes EOS. From 2019 to 2025 she served as Board member and Chairman of the International Corporate Governance Network (ICGN), an investor-led body representing around US$100 trillion in assets across over 40 countries. Her PhD thesis on responsible investment was short-listed for a United Nations award in Sweden for industry relevance and academic excellence.
1UN Human Rights Council, Guiding Principles on Business and Human Rights: Implementing the United Nations “Protect, Respect and Remedy” Framework, UN Doc. A/HRC/17/31 (21 March 2011), endorsed by HRC Resolution 17/4 (16 June 2011). Source: https://www.ohchr.org/sites/default/files/documents/publications/guidingprinciplesbusinesshr_en.pdf
2 Miretski & Bachman (2011) Global Business and Human Rights – The UN ‘Norms on the Responsibility of Transnational Corporations and Other Business Enterprises with Regard to Human Rights’ – A Requiem Deakin Law Review, Vol. 17, No. 1, 2012. Most states expressed strong reservations, emphasising their determination not to depart from the traditional framework of international law, which stresses the central and pivotal role of the state as a legal subject of public international law. The Norms were eventually abandoned in 2005
3 https://johnruggie.scholars.harvard.edu/sites/g/files/omnuum3761/files/john-ruggie/files/ruggie_tamarynnelson.pdf. P. 2.
4 OECD, OECD Guidelines for Multinational Enterprises (2011 edition introducing a dedicated human rights chapter; updated 2023).
5 The 2012 edition explicitly recognises that in high-risk circumstances, clients may need to complement their existing environmental and social due diligence (ESDD) processes with specific Human Rights Due Diligence (HRDD)
6 ISO 26000 positions due diligence as a continuous process rather than a one-time check, requiring organisations to assess their impacts on society and the environment.
7 https://www.globalreporting.org/media/rcqpsy01/gri-due-diligence-guide-final.pdf. The 2021 updates to the GRI Standards give full effect to the due diligence process as articulated in the OECD MNE Guidelines and the UNGPs.
8 https://globalnaps.org/country/united-kingdom/
9 https://www.unilever.com/sustainability/respect-human-rights/our-salient-human-rights-issues/. Began in 2015.
10 https://www.nestle.com/sustainability/human-rights/approach. Began in 2009.
11 https://blogs.microsoft.com/on-the-issues/2016/12/09/expanding-partnerships-transparency-human-rights/. Began in 2016.
12 https://melbourneasiareview.edu.au/obstacles-to-implementing-the-un-guiding-principles-on-business-and-human-rights-in-southeast-asia/?print=pdf#:~:text=Indonesia%2C%20Malaysia%20and%20Thailand—members,with%20significant%20human%20rights%20risks.
13 https://www.ungpreporting.org/about-us/
14 https://www.minesandcommunities.org/article.php?a=9543#:~:text=The%20UK%20NCP%20concludes%20that%20Vedanta%20has%20not%20complied%20with,67. UK National Contact Point, Final Statement by the UK NCP: Survival International and Vedanta Resources plc (25 September 2009); follow-up statement, 12 March 2010
15 https://www.responsible-investor.com/church-of-england-funds-sell-millions-in-vedanta-shares-in-boycott/
16 https://www.banktrack.org/download/briefing_on_vedanta_and_the_niyamgiri_hills/vedanta.pdf
17 Lungowe v. Vedanta Resources plc [2019] UKSC 20. https://www.supremecourt.uk/cases/uksc-2017-0185
18 https://www.oecdwatch.org/complaint/ktnc-watch-et-al-vs-national-pension-service/
19 KTNC Watch, Yayasan Pusaka, WALHI Papua and SKP-KAMe, Specific Instance against POSCO International, the National Pension Service and the Export-Import Bank of Korea, filed with the Korean NCP, 12 December 2019.
20 OECD Watch, “Korean NCP accepts complaint against Korean export credit agency and others” (17 March 2020). KEXIM was deemed within the OECD Guidelines’ definition of a multinational enterprise – only the second NCP determination of its kind globally.
21 https://hrn.or.jp/wpHN/wp-content/uploads/2024/11/East-Asia-Report-final.pdf. POSCO International, “No Deforestation, No Peat, No Exploitation Policy” (1 March 2020); Mongabay, “South Korea’s POSCO vows zero deforestation in Papua palm oil operation” (5 March 2020). Korean Ministry of Trade, Industry and Energy / Korean NCP, Final Statement on POSCO International (18 January 2022).
22 https://fsc.org/sites/default/files/2019-11/Korindo%20Group_Additional%20Social%20Analysis%20by%20FSC%20International.pdf. Mighty Earth, Burning Paradise: Palm Oil in the Land of the Tree Kangaroo (September 2016); and Mighty Earth, “Two-Year Investigation Finds Major Palm Oil Producer Korindo Guilty of Rainforest Destruction and Human Rights Abuses” (October 2021).
23 Each has since faced significant setbacks: the Dutch Act never entered into force and is set to be revoked; Germany’s LkSG reporting obligation and most fine proceedings were scrapped in September 2025 ahead of CSDDD transposition; Switzerland’s counter-proposal has been widely criticised as ineffective, triggering a second Responsible Business Initiative in May 2025; and only Norway has produced an enforcement action – a c. €38,500 fine on retailer Varner in September 2024, under appeal. None of the four creates civil liability. France therefore remains the only regime where a private claimant can take a listed company to court and seek a remedy. Loi n° 2017-399 du 27 mars 2017 (France); Lieferkettensorgfaltspflichtengesetz (Germany, in force 1 January 2023); Norwegian Åpenhetsloven (Transparency Act, in force 1 July 2022); Swiss Code of Obligations Articles 964a–c (in force 2022).
24 Directive (EU) 2024/1760 on Corporate Sustainability Due Diligence (5 July 2024). UN Working Group on Business and Human Rights, UNGPs 10+: A Roadmap for the Next Decade of Business and Human Rights (November 2021).
25 The EU Omnibus I package (Directive (EU) 2026/470, in force 18 March 2026) is a “simplification” directive for revisions to CSDDD and CSRD put forward by the European Commission. https://finance.ec.europa.eu/publications/omnibus-i-package-commission-simplifies-rules-sustainability-and-eu-investments-delivering-over-eu6_en
26 https://www.iigcc.org/media-centre/weakening-eus-sustainability-rules-risks-damaging-competitiveness-and-growth-warn-companies-investors
