We, the undersigned organisations and institutions, seek to draw your attention to aspects of the draft Corporate Sustainability Due Diligence Directive (the Directive), and its application to the use of technology and the technology sector, which require strengthening if the Directive is to realise its full potential in respect of this critical global sector that is today responsible for some of the most egregious human rights harms...

There are four key areas which need amending if the Directive is to effectively aid in transforming the technology sector:

Scope of companies subject to the law

The threshold for companies covered under the Directive, in relation to their size and turnover, should be revised and significantly lowered for all companies.  Further, under the current framework of defining lower thresholds for ‘high impact sectors’, the technology sector needs to be included in the Directive’s list of such sectors, as proposed in the Committee on Legal Affairs’ draft report on the proposal... Inclusion of those financing technology and other companies must also be retained and strengthened in the Directive’s personal scope, and current limitations of their due diligence duty lifted.

Scope of rights 

The scope of due diligence obligations must cover all human rights. The list of rights and international instruments and conventions enumerated in the Directive should be considerably expanded to include those often impacted by and relevant to technology, such as freedom of expression, and all protective instruments for human rights defenders. It should be made clear the lists are non-exhaustive and there is no hierarchy between sections 1 and 2 of the Annex, Part I, if the current separation is to be retained.

Further, the Directive should explicitly mandate companies to examine the intersectionality of rights and contexts of marginalisation. This includes requirements for companies to assess, address and remedy their impacts on marginalised groups and specifically to undertake gender-responsive human rights, good governance and environmental due diligence.

Value chains and business relationships

"Coverage of risks and harms across the full value chain, especially in the downstream, needs to be retained and strengthened if the Directive is to address technology-related abuse, which often occurs in technology companies’ downstream value chains"

The technology sector is often characterised by the sporadic nature of relationships which, despite their transience, have profound human rights implications. Facial recognition technology, for example, typically begins with a coding process by one firm for a buyer, and while their relationship is not ‘established’, the initial code contributes to a potentially very harmful end product. The Directive should follow the UN Guiding Principles (UNGPs) and OECD Guidelines, which stipulate that a business’ responsibility to respect human rights, good governance and the environment covers its whole value chain, with a focus on severity and likelihood of risks. It must not limit the value chain scope of companies’ due diligence duty to certain types of business relationships, to impacts in the upstream supply chain, or otherwise, as this would allow impunity to persist. Coverage of risks and harms across the full value chain, especially in the downstream, needs to be retained and strengthened if the Directive is to address technology-related abuse, which often occurs in technology companies’ downstream value chains...

Stakeholder engagement & access to justice and remedy

"Crucially, there needs to be robust enforcement of the Directive through administrative penalties and civil liability for harms, without any blanket exemptions for companies but including explicit provisions to lift barriers to access to justice"

In the technology sector (as in all others), engagement with affected rights- and stakeholders is essential for effectively determining human rights risks, impacts and appropriate action. The Directive needs to transition from characterising stakeholder engagement as an option available to companies in the process of identifying, addressing and remedying human rights risks, to being a mandatory pillar of effective corporate due diligence. Protection for the rights of those critical stakeholders who come forward for engagement – including those who may deliver hard truths to the sector, such as human rights defenders and workers’ organisations – should be explicitly included in the Directive without reservation. Further, marginalised groups must be included in the process.

Crucially, there needs to be robust enforcement of the Directive through administrative penalties and civil liability for harms, without any blanket exemptions for companies but including explicit provisions to lift barriers to access to justice, which are pervasive in the technology sector as in so many other sectors...

[statement including list of signatories attached above]