HUMAN RIGHTS DUE DILIGENCE

Sanofi’s commitment to respect internationally recognized human rights and to exercise human rights due diligence in all its activities is disclosed in this “Human Rights due diligence” Factsheet. We have structured our reporting along the lines of the UN Guiding Principles on Business and Human Rights since 2014 as it is the framework we use to deploy our approach, by referring to the UN Guiding Principles Reporting Framework1. For the convenience of our readers, a matching table based on the UN Guiding Principles Reporting Framework appears at the end of this document. Using the UN Guiding Principles together with the UN Guiding Principles Reporting Framework enable Sanofi to provide a reporting that is complete, meaningful and aligned with the global standards on corporate respect for human rights.


CIVIL LIABILITY FOR DUE DILIGENCE FAILURES
This briefing by the Danish Institute for Human Rights (the Institute) considers civil liability for harms linked to business activities and due diligence failures -a key consideration in the design of mandatory corporate human rights due diligence laws. This briefing is intended to support those designing, advocating for or analysing supranational or national human rights due diligence laws, whether in government, business, civil society, the media or national human rights institutions.

INTRODUCTION
The UN Guiding Principles on Business and Human Rights (UNGPs) 1 provide that all businesses have a responsibility to respect internationally-recognised human rights. This responsibility applies regardless of a business' size, sector, ownership or country of operation. It also applies independently of whether governments in a business' home or host state fulfil their duties under international human rights law to protect human rights against business-related abuses. 2 The UNGPs call for all businesses to undertake human rights due diligence to operationalise their responsibility to respect human rights. States should adopt legislative and other regulatory measures "to prevent, investigate, punish and redress" business-related human rights abuses. 3 Such measures are important because, to date, business adherence to the corporate respect for human rights has been inadequate. 4 Aiming to increase corporate respect for human rights, some states have enacted new laws to require or encourage businesses to undertake human rights due diligence. Others are considering this. 5 Mandatory due diligence laws are not explicitly required by the UNGPs or other human instruments. 6 Nevertheless, such laws have a potential role to play as one component of a state's business and human rights regulatory framework. 7 Corporate human rights due diligence laws may take different forms. One feature of such laws may be rules allowing civil proceedings to be brought against companies for "harm" to human rights linked to their due diligence failures. For example, France's Duty of Vigilance Law (the French Law) establishes obligations for large companies in France to conduct human rights due diligence, and allows such companies to be sued for harms caused by failures to publish and implement a "Vigilance Plan" in accordance with the requirements of the law. In other countries, provisions to allow new civil claims have not been included in due diligence laws. 8 To inform public debate and support policy development, this briefing highlights key issues relating to the role of civil liability in mandatory human rights due diligence laws.
Section 2 situates the discussion of civil liability for corporate conduct in its wider international human rights law context.
Section 3 identifies existing types of liability (or "causes of action") for corporate human rights abuses, including under tort, administrative, criminal and contract laws, which new due diligence laws should take into account.
Section 3 focuses on how corporate "human rights due diligence" may be defined in due diligence laws and sketches implications of different definitions of due diligence for civil liability.
Section 4 examines the general elements of tort claims. It then outlines how these elements may apply in claims linked to human rights abuses caused by corporate due diligence failures, as provided for by due diligence laws.
Section 5 considers other issues pertaining to the design of a civil liability mechanism, such as the inclusion of strict liability offences, extension of liability across the supply chain and the availability of due diligence defences or "safe harbour" provisions.
Section 6 summarises conclusions of the briefing's analysis for legislators who are considering including civil liability provisions in mandatory corporate human rights due diligence laws and other stakeholders.
A table summarising the key features of recently enacted or proposed due diligence laws can be found at page 26 of this briefing.

CIVIL LIABILITY AND INTERNATIONAL HUMAN RIGHTS LAW
Discussions of whether and how to include civil liability in mandatory corporate human rights due diligence laws can quickly become complex and technical. Before embarking on detailed discussions, it is therefore worth reflecting on the role of civil liability in the context of wider human rights laws.
One important starting point is the right to an effective remedy for a violation of human rights. 9 This right is widely recognised by international human rights treaties. 10 It entails an obligation to bring to justice perpetrators, and to provide appropriate reparation to victims. While domestic legal remedies should always be available, these may vary in their details as between national legal systems, while the nature of the right in question is also a factor. Generally, the right to remedy is viewed as having both substantive and procedural dimensions, the latter entitling victims to an adequate, effective and timely investigation. Notably, however, the right to remedy is not free-standing, but presumes a violation of another protected human right has taken place, or that such a violation is at least arguable.
When it comes to non-state actors, including corporations, states may have a "positive obligation" to regulate their activities to prevent harms that would interfere with the enjoyment of human rights that the state in question is obliged to protect. Effective deterrence of third-party abuses by the state may require, depending on circumstances, the criminalisation of private actors' conduct, the adoption of other legislation or policies, or the deployment of operational measures in the case of known threats, for example.
In addition, individuals under most human rights instruments have a right to a fair and public hearing of their civil rights and obligations, within a reasonable time by an independent and impartial tribunal established by law (the civil aspect of the right to a fair trial). This can apply, even where the harm complained of in civil proceedings does not amount to violation of another human right.
Tort or other civil proceedings may, depending on the circumstances, provide an opportunity for domestic authorities both to deal with the substance of a human rights complaint and to grant appropriate relief. On the other hand, international human rights jurisprudence does not currently demand that states establish due diligence laws, or civil liability provisions within them. States have a margin of discretion in how to comply with their obligations and the extent and content of duties owed by states to victims beyond their territorial jurisdiction remains under discussion. 11

CORPORATE LIABILITY: CAUSES OF ACTION
In most jurisdictions, businesses are exposed to a range of forms of legal liability that contribute to remediating human rights abuses or which have potential to do so. Mandatory due diligence laws, and any provision for civil liability linked to due diligence under them, should take account of any such existing avenues of redress. The enactment of new due diligence laws may also influence how courts or other bodies interpret and enforce established causes of action against companies. In most jurisdictions, proceedings against companies should already find a basis in the following: Tort: Businesses may be liable for certain forms of harm to individuals under the law of tort (sometimes referred to as the law of non-contractual obligations). 12 A breach of human rights as such is not usually a form of harm recognised in national tort laws. However, an abuse of human rights may also give rise to a tort claim where the abuse causes physical injury or damage to property, for instance.
Framing human rights abuses as tort claims may present a valuable means of providing redress and accountability for rights-holders. The availability of tort claims may also contribute to fulfilling the state's duty to ensure access to effective remedy under human rights treaties. On the other hand, tort claims may not fully capture or offer the best or an appropriate remedy for the wrong done to an individual when their human rights are abused. Tort-based remedies do not usually seek to identify root causes or provide a mechanism to resolve patterns of abuses beyond the case in question.
Generally, for a claim in tort to succeed, the following conditions must be met: the type of harm caused to the claimant must be actionable; the defendant must have owed a duty of care to the injured party; an action or omission by the defendant caused must have caused harm; the harm must have been foreseeable by the defendant; the defendant's conduct must have fallen below the required standard of care it owed to the injured party, according to the law; and a court must determine that imposing liability on the defendant in relation to the harm sustained by the victim is reasonable in all the circumstances. How a company's performance of due diligence may influence their liability under general rules of tort is discussed further in Section 5 below.
Statutory liability: In most states, businesses can be liable for breaches of specific statutory duties imposed on them, for instance, by national laws on health and safety, environment, data protection or privacy, and discrimination. 13 When a due diligence law is passed, whether a company performs due diligence as required under it may become a relevant factor in evaluating its fulfilment of such statutory duties. Vice versa, whether companies have complied with specific statutory duties they are subject to under other laws may influence courts or regulators in evaluating a company's fulfilment of a due diligence duty, or civil liability linked to due diligence failures. Consumer protection: A specific type of statutory liability, consumer protection laws may prohibit false advertising, misleading and deceptive conduct by companies, and the production, sale or distribution of dangerous, fake or defective products. Such provisions can sometimes be relied on where companies claim to abide by human rights standards but fail to do so in practice 20 or, for example, where a failure to disclose the existence of a human rights harm in the supply chain could be taken to mislead consumers in breach of the relevant law. 21 KEY POINTS: • Businesses may be held liable for human rights abuses through a range of legal mechanisms • Causes of action vary across jurisdictions but usually include tort, statutory claims, corporate criminal liability, breach of contract and actions under consumer laws • Human rights due diligence laws should, in their design, take account of existing liability mechanisms • Whether or not they provide for civil liability themselves, human rights due diligence laws will be likely to influence, and be influenced by, other types of corporate liability • Tort claims can be a valuable means of providing redress and accountability to rights-holders but may not be available or be an appropriate or sufficient form of remedy for all types of corporate human rights abuse 4. UNDERSTANDING DUE DILIGENCE 4.1. DEFINING "DUE DILIGENCE" The phrase "due diligence" has a number of different established meanings. For clarity and certainty, these different senses of "due diligence" need to be distinguished during discussions and drafting of due diligence laws. The term "due diligence" must also be carefully defined in legislation and subsequent guidance for businesses, regulators or other actors.
• Corporate human rights due diligence under the UNGPs: In the UNGPs, human rights due diligence is a term used to describe a cyclical (or 'iterative') process 22 through which businesses identify, prevent, mitigate and communicate publicly about their actual and potential adverse human rights impacts. 23 Due diligence, in this sense, is a process by which businesses "operationalise" the corporate responsibility to respect human rights outlined by Pillar II of the UNGPs. The UNGPs highlight that the scale and complexity of human rights due diligence is expected to vary according to the size, sector, operational context, ownership and structure of a business, and with the severity of an enterprise's potential adverse human rights impacts. The responsibility to respect human rights is a standard of conduct expected of companies, due diligence being the means to meet this responsibility. 24 Unlike general corporate "due diligence" as practiced outside the human rights context, human rights due diligence focuses on identifying risks to rights-holders, rather than risks to the business. It is therefore critical that the business engage with a range of stakeholders, including rights-holders, as part of the due diligence process, in order to properly understand and address its human rights impacts. Since 2011, due diligence as understood under the UNGPs has been incorporated into the OECD Guidelines for Multinational Enterprises and associated guidance. 25 • Due diligence as a general corporate risk management process: "Due diligence" also refers to processes undertaken by companies, or by legal or other professionals on their behalf, to identify and manage risks to their business. Due diligence processes in this sense are executed, for instance, by parties to corporate mergers and acquisitions; for compliance monitoring purposes, in areas such as anti-corruption or sanctions; or to assess the risks of specific acts, such as employing particular individuals, making a loan, or investing in a particular sector. Due diligence assessments in this sense may not refer to risks to human rights at all. For some audiences, particularly in a business context, "human rights due diligence", as applied in the UNGPs context, may be mistakenly understood to be the same as or similar to the likely more familiar notion of corporate due diligence. However, the two are clearly distinguishable in their legal basis, objectives, scope, character and consequences.
• Due diligence in international human rights law: Under human rights treaties, states can have obligations to prevent certain harms to human rights by private (or 'non-state') actors. Failing to fulfil such 'positive' duties can result in a default by the state on its international legal obligations, where additional conditions are met. 26 Certain human rights bodies have expressed the state's positive obligations using the language of "due diligence". 27 In this setting, "due diligence" is an obligation of conduct expected of states, rather than an obligation of result; the standard of conduct to which a state will be held has been expressed, in the broader setting of public international law, as that of "responsible government". 28 • Corporate human rights due diligence as a standard of care: Some commentators have suggested that, mirroring the concept of due diligence in international human rights law just described, corporate human rights due diligence described by the UNGPs embodies a substantive legal "standard of care" owed by businesses to potential victims of harm resulting from their acts or omissions, or those of their business partners, throughout the value chain of the business in question. 29 On this account, a business should be liable for any harms it has caused to human rights itself or via business partners, unless it can prove it performed an adequate due diligence process. 30 There are conceptual and legal differences between due diligence obligations on states under human rights treaties and the responsibility of companies to undertake due diligence, despite a common terminology. On the other hand, this does not exclude that states, individually or collectively, may adopt legislation providing for corporate liability (civil or otherwise) for harms linked to due diligence failures.
• Due diligence as a defence to liability or 'safe harbour': In areas beyond human rights, some laws provide a defence to liability where a company meets certain criteria, which may be set out in a "safe harbour" exception or due diligence defence. 31 These are considered in more detail in section 6.3 below.
Policy and scholarly commentaries often do not recognise the spectrum of interrelated but distinct meanings associated with the term due diligence. Individual documents may switch between different meanings or formulations in ways that are not readily transparent to legislators or others. 32 Each sense of due diligence noted above will entail different consequences if given effect in civil liability provisions of mandatory due diligence laws. Full legal analysis, explanatory notes and guidance, debate and consultation with stakeholders are therefore essential prerequisites to enacting national or other due diligence laws and in connection with proposals for including civil liability as an element thereof.

SCOPE OF HUMAN RIGHTS DUE DILIGENCE: KEY PARAMETERS
Equally, in legislating corporate human rights due diligence requirements, it is important to clarify the different parameters of the due diligence process envisaged by the UNGPs, which may be thought of in terms of: • Breadth: the types of human rights impact considered by the due diligence process; • Depth: how far through the supply or value chain a business's due diligence responsibilities extend; and • Content: the due diligence steps required to be taken by a business in accordance with the legal duty.
Besides these dimensions of human rights due diligence, a statutory due diligence duty can also vary, amongst others, in terms of: • the class of companies addressed; 33 and • transparency measures: for instance, requirements on companies to report on their due diligence process or outcomes, or to respond to information requests from third parties.
Each of these elements will influence the potential extent of companies' civil liability for human rights harms, both within a given legislative scheme, where this is provided for, and beyond it, in general tort law and potentially other areas.

Breadth
According to the UNGPs, human rights due diligence should address all "internationally-recognised" human rights. 34 When undertaking human rights due diligence, companies should consider risks to all rights-holders affected or potentially affected by the activities of a company or its business partners, rather than selected sub-groups, or only rights-holders affected by specific types of human rights abuses (e.g. human trafficking, forced or child labour). Some due diligence laws do however focus on specific abuses or groups as seen, for instance, in laws on modern slavery 35 or child labour. 36 French 37 and German 38 due diligence laws, as well as the European Parliament's proposal 39 for EU-level due diligence legislation (the EP Proposal), extend the scope of due diligence to certain environmental harms as well as human rights. Although combined environmental and human rights due diligence legislation is not as such contemplated by the UNGPs or currently required by human rights treaties, states' duties under human rights treaties may require the adequate regulation and availability of effective remedies for corporate environmental harms. Defining and assessing "harm" for the purposes of establishing liability under a due diligence law will entail distinct exercises of legal and factual inquiry in relation to environmental damage and human rights abuses.

Depth
Due diligence under the UNGPs considers impacts on human rights caused by a company's own activities but also by its business partners. Companies therefore need to consider risks throughout the value chain to which they are connected via supply, contract, ownership or investment relationships or the use of company products, premises or services.
To align with the UNGPs, due diligence laws may require that companies' due diligence processes evaluate their full value chain. Some laws rely on a full value chain risk assessment as a trigger for further specific requirements on companies to address or manage risks they pose to human rights. 40 Other laws restrict due diligence duties to a specific tier of the supply chain. 41 While the pros and cons of different approaches in this respect are debated, there is a possibility that an approach delimited by tier may discourage companies from considering risks in tiers outside the legislation's formal requirements but where the risks of abuses may be higher. 42 Legislators' choices regarding the depth of companies' statutory due diligence duties will significantly condition the design and operation of any civil liability provisions included in due diligence laws, and vice versa.

Content
The UNGPs outline the main steps of a human rights due diligence process. Yet they recognise that due diligence is flexible, context-dependent, dynamic and iterative in character and, to achieve its goals, must remain a constant "work in progress". Consistently with the UNGPs, businesses can perform human rights due diligence in different ways, relying on variable internal structures, methods, information and mechanisms for securing stakeholder input. What in practical terms respecting human rights requires of businesses will depend on the business context; a full due diligence exercise which spans the entirety of the value chain may not be feasible in a given context. 43 Due diligence laws also vary in how they describe what they require of businesses. They may outline specific steps a company must satisfy to comply with its duties under the law or refer to more general criteria. While the French Law requires the production of a Vigilance Plan, 44 Germany's law specifies a number of specific due diligence elements. 45 The Dutch Child Labour Law requires companies to investigate whether their goods or services have been produced using child labour and devise a plan to prevent it where instances of child labour are identified. The Norwegian Transparency Act requires a certain class of companies to carry out and publish due diligence assessments related to fundamental rights and decent working conditions. 46 Whereas some advocates have proposed that due diligence laws should express a standard of care or conduct to be achieved by companies rather than the means of due diligence, this approach has not yet been adopted in practice. 47

Class of businesses
All companies should undertake human rights due diligence, since the corporate responsibility to respect human rights applies to all businesses, regardless of size or other characteristics. Yet legislators may decide to focus statutory due diligence duties on a subset of businesses for various reasons. Where they do so, the class of companies subject to a statutory due diligence duty may be defined with reference to a range of company characteristics. The scope of the French Law, for example, is defined with reference to a combination of factors, specifically, the number of employees and annual revenue. 48 As regards SMEs, some proposed laws are restricted to those operating in high-risk sectors or that are publicly listed. 49 Alternatively, statutory duties may apply to all companies in the first instance, with the identification of risks by companies triggering additional due diligence requirements, as in the Dutch Child Labour Due Diligence Law. 50 However the class of companies subject to due diligence is defined, the choices made by legislators on this point will be in interplay with decisions on whether to include civil liability provisions and if so, in what terms.

Transparency
Transparency by companies about human rights risks and measures they have taken to address them supports respect for human rights and can help facilitate remediation. The UNGPs provide that businesses should communicate about their due diligence processes publicly. 51 Mandatory human rights due diligence laws include a range of transparency requirements. The Vigilance Plan required by the French Law, for instance, requires companies to outline what they have done to identify risks and prevent serious violations of human rights and fundamental freedoms, and serious harms to health and safety and the environment. Transparency requirements in other measures are more extensive. Norway's law, for example, requires companies to provide information on how they address human rights and decent working conditions in response to requests from any member of the public. 52 Under the French Law, complying companies are required to publish Vigilance Plans in line with criteria set down in the law. In the absence of formal guidance on how companies may satisfy the disclosure requirement, the scope of this disclosure obligation has been contested in litigation. 53 The inclusion of civil liability provisions in due diligence laws may entail greater anxiety, and opposition, to such laws' transparency provisions. Hence, legislators will need to strike a balance, taking into account the potential value of both such elements within a mandatory due diligence regime.
KEY POINTS: • "Due diligence" has a range of established meanings which need to be distinguished in discussing and enacting due diligence laws. • "Due diligence" may be used to refer to: human rights due diligence as described by the UNGPs; a general corporate risk management process; an aspect of states' duties under international laws; a defence to liability or 'safe harbour'; or a standard of care owed by businesses to affected stakeholders. • How human rights due diligence is defined in mandatory due diligence laws has implications for any associated civil liability regime and potentially liabilities beyond the due diligence law in question. • Legislators and stakeholders should reflect carefully on how the different dimensions of corporate human rights due diligence (breadth, depth, content), as well as provisions defining the class of businesses subject to due diligence, and transparency requirements, interplay with civil liability provisions when preparing to enact due diligence laws.

GENERAL ELEMENTS OF TORT LIABILITY AND THEIR APPLICATION TO CLAIMS LINKED TO HUMAN RIGHTS ABUSES BY COMPANIES
To succeed in tort proceedings, typically a claimant must show: that a defendant owed her a duty of care; that she suffered a recognised form of harm; that the harm was foreseeable; that the harm was caused by the acts or omissions of the defendant; that such acts or omissions owed to fault on the part of the defendant; and that the imposition of liability is in all the circumstances reasonable. 54 This section considers how these elements may apply in the context of tort claims established by mandatory corporate human rights due diligence laws.

ACTIONABLE HARM
As a general principle, a person seeking a civil remedy for a human rights harm will only be able to do so via a domestic court if the law of the particular jurisdiction recognises such a harm as a cause of action, for example, by characterising the harm as a tort or providing a mechanism for a statutory claim. This requires defining an actionable harm. In some countries, actionable harm extends broadly to include emotional, economic, or reputational injuries, as well as violations of privacy, property, or constitutional rights. Torts may include workplace injury; certain forms of environmental damage, occupiers' liability; defamation; intentional torts such as assault, battery, false imprisonment, intentional infliction of emotional distress, and fraud. Still, not all harms suffered by victims, even if they result from a defendant's wrongful acts or omissions, are actionable in civil law. Multiple specific rules, furthermore, govern each such type of actionable harm, again varying by jurisdiction.
In the context of personal injury, 55 for instance, injuries that are "harmless" or "de minimis", are unlikely to be recoverable: "material" harm is generally required.
As noted earlier, violations or abuses of human rights under international law as such are not in general currently recognised as a cause of actionable harm in tort law between private parties. There are exceptions to this general proposition, such as the US Alien Tort Statue which provides a civil cause of action for certain defined breaches of international law, 56 or recent case law from the Canadian context 57 which recognises the possibility for a civil cause of action based on breaches of customary international law. Such causes of action can be challenging. For example, It is not exactly clear, for corporate abuses, which country's law is applicable in assessing whether a harm suffered by a claimant also comprised a violation of human rights, or what legal analysis should be applied such a determination. Existing due diligence laws, and jurisprudence on transnational torts, do not provide specific or generally applicable orientation on such matters.
In terms of civil liability provisions included in due diligence legislation, a legislature could seek to define a breach of international human rights standards as an actionable harm, which was the approach taken in the recently rejected Swiss Responsible Business Initiative proposal (the Swiss RBI Proposal). 58 A less challenging pathway, given the complexities alluded to above, may be to define actionable harm by reference to a breach of an obligation contained in a due diligence law, such as a harm caused by a failure to undertake due diligence in accordance with the terms of the law. This is indeed the approach adopted by the French law. Such a device could work in concert with other pre-existing mechanisms, such as pathways to liability through ordinary tort claims, breaches of consumer law or constitutional or other claims, depending on the particular legal context.

DUTY OF CARE
In common law systems, before a tort claim can succeed, it must be established that the defendant owed a "duty of care" to the injured party, in the specific circumstances in which the harm occurred. 59 In common law, a court will determine whether such a duty of care linked the claimant and defendant, taking into account various factors. 60 Where there is a duty of care, it requires the defendant to exercise a "reasonable" or "responsible" standard of care. 61 One way of understanding civil liability provisions in due diligence laws, then, is that they seek to establish a duty of care between a company and potential victims of human rights abuses linked to the activities of the company or its business partners, as such a wide-ranging duty of care might not otherwise exist. 62 Recent due diligence laws rely on different formulations and approaches in establishing a duty of care. The Swiss RBI proposal, 63 for instance, would have imposed a duty of care on businesses to "respect internationally recognised human rights and environmental standards" 64 and to "ensure that human rights and environmental standards are also respected by businesses under their control". 65 The French Law, by contrast, declines to express a broad corporate duty to respect human rights. Rather, it imposes a specific duty on businesses to publish and implement a "vigilance plan" and permits a claim by any victim of "serious violations of human rights and fundamental freedoms, risks and serious harms to health and safety and the environment", if the victim can show that the company's failure to publish and implement such a plan caused the harm suffered. 66 The German law requires companies to identify, prevent and mitigate risks in their own operations and arising in their first tier suppliers, and to undertake a risk analysis and develop appropriate preventative measures where the company has "substantiated knowledge" of a violation of human rights or environmental standards in suppliers beyond the first tier.
Obviously, the wider the scope of the duty of care expressed by a due diligence law, the greater the number of potential victims and claimants who may in principle benefit. Yet it will remain for courts to interpret and apply such provisions in individual cases coherently with general norms and elements of civil liability in other areas.
For companies with transnational activities and value chains, those who may be potentially affected by their activities or via those of their business partners are dispersed worldwide. Their number, location or identity may be constantly changing. Notwithstanding a broadly framed duty of care in a due diligence law, such considerations, it should be recognised, may dissuade courts from finding the imposition of such a duty of care "reasonable in all the circumstances", or that harm sustained was "foreseeable". In this respect, restricting the duty of care in due diligence laws, for the purposes of civil liability, to certain categories of business activity or tiers of the value chain could carry some potential advantages. Finally, the scope of the due diligence exercise required under the UNGPs will not in general map reliably to the scope of the duty of care in civil liability. Administrative supervision and sanctions can play an important role to bridge the gap in circumstances where the scope of the due diligence requirement is broader than the scope of potential liability.

STANDARD OF CARE
Besides showing that a defendant owed her a duty of care, in tort a claimant must also establish that her treatment by the defendant fell below the expected "reasonable" or "responsible" standard of care. In litigation, this element comprises two parts: determining the standard of care owed (a question of law); and demonstrating that the defendant's conduct in fact fell below the standard of care owed (a question of fact). In tort proceedings beyond the due diligence scenario, diverse factors may be deemed relevant in determining the latter question, according to the context at hand. The process of human rights due diligence is not disconnected from its outcomes, which can be relevant in assessing the adequacy or reasonableness of human rights due diligence in a particular instance. 67 Due diligence laws may indicate some elements of the required standard of care. The French law for instance specifies certain elements of the due diligence "vigilance plan" required of companies. If these elements are not delivered by a company, it suggests the required standard of care has not been met. In addition, however, it can be expected that, besides such elements as are specified in due diligence laws, and the UNGPs themselves, formal and informal guidance 68 on how companies should conduct due diligence, as well as companies' own policy documents and public communications, will be used by courts and others to assess whether a company conducted itself "reasonably" or "responsibly" in a given case.
This will be particularly so where due diligence laws rely on open formulations such as "reasonable due diligence" or "appropriate due diligence" 69 in defining the required standard of care. This issue will assume special importance where conducting adequate due diligence is deemed by a due diligence law as a defence to corporate liability. 70 Supply chain or other industry sustainability schemes are also potentially relevant in connection with the standard of care. It might be considered that a company's participation in such schemes, particularly those certified or otherwise approved by regulators, 71 should be deemed probative of meeting the required standard of care in relation to civil liability under a due diligence law. On the other hand, the adequacy of such schemes in addressing the human rights impacts of participating companies is uncertain. 72 On this basis, the evidentiary value of participation in industry-or supplychain schemes with regard to assessing whether a company has met the required standard of care (and also in relation to "safe harbour", see Section 6.3 below) seems unclear.

CAUSATION
In tort law, a defendant's actions or omissions must have caused the harm sustained by the claimant for her claim to succeed. Outside of law, factual causation can be loosely assessed by a "but-for" test: would the harm have occurred butfor the defendant's wrongful act or omission? "Legal causation" embodies a similar requirement, but in combination with other elements, including that the harm complained of must have owed to the defendant's wrongful conduct and "foreseeability". Civil law also generally recognises contributory causation, so that damages, if awarded, may be apportioned between multiple defendants each of whom have contributed to injury in a given situation, for instance, with damages being weighted according to their respective roles in causing harm.
Causation in the context of human rights abuses linked to businesses may be amenable to such analysis. In other scenarios, it is harder to see how courts might proceed in determining causation and allocating liability, for instance, where a company has conducted itself in accordance with national legislation; where government bodies have permitted a specific business activity; in situations where a company is in a government joint venture; or where deliberate efforts have been taken by third parties to conceal unlawful conduct from a defendant company.
Due diligence laws vary in their approach to causation. Under the French law, causation is to be determined in line with general principles of French tort law. 73 The EP legislative proposal provides that a company may be liable for harms it causes or "contributes to". While a definition of causation is not provided, the EP legislative proposal defines "contribute to" as meaning that "an undertaking's activities, in combination with the activities of other entities, cause an impact, or that the activities of the undertaking cause, facilitate or incentivise another entity to cause an adverse impact." The contribution, it is further stated, must be "substantial", meaning that minor or trivial contributions are excluded. The EP legislative proposal further suggests that "contribution" can be assessed with reference to three factors: (a) the extent to which an undertaking's activities may encourage or motivate an adverse impact by another entity; (b) the extent to which an undertaking could or should have known about the adverse impact or potential for adverse impact, i.e. the degree of foreseeability; and (c) the degree to which any of the undertaking's activities actually mitigated the adverse impact or decreased the risk of the impact occurring. 74 Hence, on the EP's approach, determining contribution would entail the undertaking of a complex legal and factual analysis.
As noted earlier, a company's human rights due diligence process, in line with the UNGPs, should encompass adverse impacts in all three categories of involvement: "causing", "contributing" or being "directly linked" to human rights impacts. 75 It has been acknowledged that these three "categories" however function more as a spectrum. 76 To complicate matters further, evidently there is no clear or automatic relationship between the three categories of involvement declined by the UNGPs and the element of causation required to be made out for the purposes of establishing civil liability.
Pending the application of civil liability provisions of due diligence laws in the courts, it will remain ambiguous whether certain actions or omissions by companies constitute causation as a required element of legal liability. It is unknown at present whether such ambiguity, linked to the prospect of civil liability, will encourage businesses to redouble their due diligence efforts, with the aim of managing human rights risks effectively; or, on the other hand, whether it will discourage due diligence because companies or their legal advisors fear the due diligence exercise will yield a paper trail that may be helpful to claimants in the context of civil litigation. Legislators must be mindful of these possibilities when designing a civil liability mechanism.
Specifying the elements of the required due diligence process to be undertaken by companies, either in legislation, or formal guidance, is therefore important.

FORESEEABILITY
Foreseeability, in the ordinary law of tort, has the function of setting an outer limit to the scope of parties' legal liability. Even if a defendant caused harm to a claimant to whom it owed a duty of care, through actions or omissions falling below the required standard of care, the claim will not succeed unless the court holds that the harm was also reasonably foreseeable, in other words, that it could reasonably have been expected. 77 It seems likely that mandatory due diligence laws will have some influence on determinations of foreseeability in relevant cases. For instance, where harms complained of by a claimant ought to have been identifiable by a due diligence exercise conducted to a reasonable standard, and a defendant is under a specific legal duty to conduct such due diligence, it would appear harder to argue that the harm caused was unforeseeable. Vice versa, the foreseeability requirement may constrain the scope of liability prima facie provided for under due diligence laws, if courts deem harms complained of as unforeseeable. 78 The UNGPs require that human rights due diligence addresses actual and potential human rights impacts across a company's value chain. They also envisage that a business enterprise may cause or contribute to adverse human rights impacts that were not foreseeable, even with the "best policies and practices". 79 Again, this highlights discrepancies between the concept of due diligence under the UNGPs and the elements of civil liability. In seeking to enact civil liability provisions in due diligence laws, legislators and others should be aware of this and the boundaries on liability that may potentially be introduced via foreseeability or similar requirements. 80

KEY POINTS:
• Not all corporate human rights abuses can be readily analysed as torts.
• The standard elements of torts (including actionable harm, duty of care, standard of care, causation, foreseeability) will generally be required to be met for companies to be held liable under civil liability provisions of due diligence laws. • Performing due diligence under the UNGPs is not fully equivalent to fulfilment of a duty of care: depending on the exact circumstances to hand, a company that undertakes an adequate due diligence exercise may still be liable for harm; on the other hand, a company that does not undertake adequate due diligence and which causes harm, may not be liable, for other reasons . • Legislators should be aware of the constraints that will likely be imposed by general tort law principles on the scope of liability under due diligence laws. • Legislators will need to balance the advantages civil liability provisions against their potential influence on the performance of due diligence by companies covered by mandatory due diligence laws and beyond.

STRICT LIABILITY
Generally, as seen above, tort liability follows a finding that a defendant was at fault. Exceptionally, however, the law may establish "strict liability" offences where no fault on the part of a defendant is needed. Such offences, which are narrowly defined or limited in advance to specific factual circumstances, are found in the areas of product liability, defamation and infringement of intellectual property rights, for example.
Some strict liability regimes incorporate a due diligence defence, whereby a defendant can avoid liability by showing it took adequate measures to avoid the harm complained of. 81 The Swiss RBI proposal would have introduced a due diligence defence to strict liability of a controlling company for harm caused by entities under its control. 82 Other due diligence laws have not however relied on such a mechanism.
In principle, mandatory due diligence laws could combine both fault-based and strict liability. For example, strict liability might be attached to grave harms, such as child labour, forced labour or discrimination, while fault-based liability could attach to other harms. Yet such an approach could also divert due diligence efforts to such harms, even where this was not warranted, in terms of risk. Such factors will need to be weighed carefully in the design of due diligence legislation.

LIABILITY ACROSS THE SUPPLY OR VALUE CHAIN
The corporate responsibility to respect human rights expressed by the UN Framework and UNGPs extends to all a businesses' activities and relationships, regardless of where they occur in its value or supply chains. This is important because a business' impacts may not be confined to its own activities of those of its immediate suppliers. In some cases, its greatest and most severe impacts may occur at some remove, for instance, in the context of primary production of commodities or "raw materials".
For a variety of reasons, holding parent companies liable for subsidiaries and "lead companies" liable for abuses at the "bottom" of a supply chain may be legally challenging. The immediate perpetrators of human rights abuses may be separated from parent or "lead companies" by many layers of contracting, ownership and geographical distance, for instance. In such a scenario, defendants are likely to argue that the requirements of causation and foreseeability, amongst others, are not met. Indeed, this approach has been taken by defendants even where harms occurred in the first tier of their supply chain. 83 Due diligence duties, for reasons explained above, should in themselves make it harder for companies to sustain such arguments, as do supply chain transparency rules. Yet it may be thought that civil liability provisions in due diligence laws should make explicit their extension beyond the first tier, further to avoid this outcome.
To this end the French Law provides specifically that a company may be liable for harms where it "exercised control" over or had an "established commercial relationship" with the party immediately responsible for causing harm. 84 Control, under the French Commercial Code, is defined as "exclusive control" which gives a company "decision-making power, in particular over the financial and operational policies of another entity". 85 This can be of a legal, de facto or contractual nature and includes first-and lower tier subsidiaries. 86 Under the French law, companies may hence be liable for harms perpetrated by controlled entities or suppliers in an established commercial relationship where such harms could have been avoided by establishing or implementing a vigilance plan.
Under the EP Proposal, companies would be required to provide remediation for harms they, or undertakings under their control, have caused or contributed to. 87 Here the concept of control is defined as "the possibility for an undertaking to exercise decisive influence on another undertaking, in particular by ownership or the right to use all or part of the assets of the latter, or by rights or contracts or any other means, having regard to all factual considerations, which confer decisive influence on the composition, voting or decisions of the decision making bodies of an undertaking". 88 The concept of control in the Swiss RBI proposal included both the control that a parent company may exercise over its subsidiaries but also included "economic control", a sufficiently expansive concept to include the market position of a company in relation to its supplier and the terms of the contract between the two entities. 89 Accordingly, this approach would have embraced situations where a lead company exercised control over a supplier. 90 Yet this approach might also entail of discouraging parent companies or lead firms from involving themselves in the management subsidiaries or suppliers. 91 In the UK, rather than control per se, recent case law has focused on the extent to which the parent "voluntarily assumed" or did take over or share with the subsidiary the management of the relevant activity, which "may or may not be demonstrated by the parent controlling the subsidiary". 92 A parent may incur responsibility to third parties if, in its published materials, it holds itself out as exercising that degree of supervision and control of its subsidiaries, whether or not it does in fact do so. 93 Enactment of statutory duties explicitly linking suppliers and subsidiaries with parent and lead companies may not in all jurisdictions be required, if tort law has evolved to sustain such linkages by other devices, such as expanding the potential scope of a general tortious duty of care.

DUE DILIGENCE DEFENCE AND "SAFE HARBOUR"
The analysis above has shown that, while the performance of due diligence by a company may be relevant to a determination of civil liability in various ways, it is unlikely to be conclusive of it. This accords with the UNGPs observation that while "conducting appropriate human rights due diligence should help business enterprises address the risk of legal claims against them", on the other hand, "business enterprises conducting such due diligence should not assume that, by itself, this will automatically and fully absolve them from liability for causing or contributing to human rights abuses." 94 In the context of statutory due diligence schemes, it may be considered that fulfilment of a statutory due diligence requirement should be allowed to operate as a defence, i.e. a company would avoid liability if it could demonstrate it had undertaken a due diligence exercise that was adequate and appropriate in the circumstances. For example, the UK Bribery Act 2010 establishes a criminal offence of failure to prevent bribery. 95 However, it also establishes a defence for a company that has put in place "adequate procedures" to protect against bribery and corruption. 96 The EP's legislative proposal, would also provide a form of due diligence defence, allowing "undertakings that prove[d] that they took all due care in line with this Directive to avoid the harm in question, or that the harm would have occurred even if all due care had been taken" should not be held liable for that harm. 97 Under the Swiss RBI proposal, to avoid liability a company would have needed prove that it exercised appropriate due diligence to prevent the damage in question. 98 The availability of a human rights due diligence defence to civil liabilities under a due diligence law, or generally, could incentivise businesses to implement human rights due diligence measures, furthering prevention. 99 Such a preventive role presumes that companies' due diligence exercises are assessed against an appropriate benchmark: cosmetic or "box-ticking" due diligence exercises should not serve to shield companies that have caused actionable harm. This highlights the potential role of formal due diligence guidance, associated with due diligence laws, without which courts may be uncertain of what standard of due diligence to apply. Yet on the other hand, the context-dependent character of due diligence entails that courts would still need to interpret how formal guidance, if produced, should be implemented in a cases' specific circumstances.
Notably, a "safe harbour" doctrine, though similar, is distinguishable from a defence in legal terms. A "safe harbour" may exist where a legislature has intended that a statutory duty be accompanied by a shield from liability in some form. For example, litigation based on disclosures made under the California Transparency in Supply Chains Act 2010 has held that the Act created a "safe harbour" whereby a company would be shielded from civil liability where they truthfully and accurately complied with the requirements of the Act. 100

KEY POINTS:
Fault-based and strict liability • Strict liability offences are narrowly defined • Strict liability offences and fault-based liability may be combined in due diligence regimes • Differentiated approaches may help focus company attention on the gravest abuses but at the same time may divert risk management efforts from more salient risks.
Liability across the supply chain • There are potential advantages and disadvantages of defining liability provisions with reference to tiers of the supply or value chain that need to be carefully evaluated • Due diligence laws have applied a range of approaches in defining the extent of companies' potential liability across the supply chain, with reference to control or assumption of responsibility, amongst others Due diligence as a defence • A due diligence defence might incentivise businesses to implement human rights due diligence measures, furthering prevention • However this presumes that companies' due diligence exercises can be assessed in court against appropriate benchmarks and the need for authoritative due diligence guidance 7. CONCLUSION Due diligence legislation has an important role to play in advancing implementation of the state duty to protect, the corporate responsibility to respect and the right of victims to remediation, as well as more specific elements of the UNGPs and responsible business conduct.
Provisions holding companies accountable for due diligence failures, including by attaching liability and penalties, are key to prevention of abuses and promoting effective risk management by companies.
At the same time, law-makers and others should reflect carefully on the range of mechanisms that can be relied on to achieve such accountability. As illustrated by this briefing linking corporate human rights due diligence as envisaged by the UNGPs to tort liability in mandatory corporate due diligence laws presents complex challenges.
Although it is one route to remedy, tort-based liability does not offer a universally appropriate or complete remedy for corporate human rights abuses, while judicial proceedings, given associated cost and delays, will in many cases remain a remedy of last resort for victims. 101 Accordingly, any mandatory human rights due diligence measure must be supported by a range of other mechanisms, including enforcement by an empowered and adequately resourced regulator 102 and effective operational level grievance mechanisms.
Finally, while the building blocks of liability mechanisms as highlighted here are common to many jurisdictions, they vary in the exact character according to local context and there is no 'one size fits all' template for the design of human rights due diligence legislation. Accordingly, besides general analyses such as the present one, jurisdictionally-specific studies are needed to inform national and regional legislative processes and debate amongst stakeholders.

European parliament proposal
Proposal.
Large companies, listed SMEs and SMEs in high risk sectors, domiciled or delivering products or services in the EU.
In force.
Companies incorporated or registered in France for two consecutive fiscal years, and which: • employ at least 5,000 people themselves and through their French subsidiaries, or • employ at least 10,000 people themselves and through their subsidiaries located in France and abroad.
Defeated in a referendum held on 29 November 2020.
All companies that have their registered office, central administration, or principal place of business in Switzerland.
Adopted but not in force until 1 January 2023.
Companies that have their central administration, headquarters or registered office in Germany, provided they have more than 3,000 employees in Germany.
Adopted but not in force until 2022.
Companies registered in the Netherlands and companies from abroad selling goods and delivering services to Dutch customers. Companies are also required to identify risks linked to suppliers beyond Tier 1 on an ad hoc basis where they obtain "substantiated knowledge" of a potential violation.
The company's own operations and supply chain.
The company's own operations and across the whole value chain.

European parliament proposal
Publish a due diligence strategy on the company's website and upload it on EU platform, and inform stakeholders including workers' representatives, unions, business partners.
Publish a Vigilance Plan in the annual report Publish annual reports on the fulfilment of the due diligence obligations company's website and submit them to the competent authority.
Statements prepared under the Act have to be lodged within six months from the date the Act enters into force, will be then made publicly available by the national competent authority. Companies are required to produce the statement only once, rather than annually.
Companies must also report on due diligence policies and routines for handling risks to human rights and decent work, including cases of severe risk or harmful incidents to authorities. The information must also be made readily available digitally on the company's websites.
The law also provides anyone who so pleases the right to request information from a company on how they manage their due diligence. to the law of non-contractual obligations. This paper will refer to general principles of tort or its equivalents, such as delict or civil law actions, but the precise application of these principles will depend on the national laws of the particular jurisdiction. 19 Recent jurisprudence has acknowledged the limited utility of clauses requiring parties to adhere to certain human rights related standards, such as those concerning health an in breachd safety. In a recent example from the UK, a suit was brought against a UK company that had acted as the agent in the sale of a ship that was decommissioned in a shipyard in Bangladesh. The claim alleged that the UK company owed a duty of care to a worker who died in the course of his work owing to poor health and safety conditions in the shipyard. The Court of Appeal of England and Wales noted that the relevant contract included a standard clause requiring the buyer of the ship to sell only to a breakers yard which had good health and safety practices, but that the unhappy reality was that the seller would have no interest in enforcing such a provision, and therefore the buyer had no incentive to comply with the clause: . 32 These include "reasonable" due diligence, "appropriate" due diligence and "adequate" measures. A study for Amnesty International highlighted confusion between the terms "HRDD", "duty of care" and related terms from non-common law jurisdictions, with refence to the French "devoir de vigilance" and German "menschenrechtliche Sorgfaltspflicht". In particular, the term "vigilance" used in the French Law "has much more specific, codified conditions than the very general duty of care": A Rühmkorf and L Walker, "Assessment of the concept of 'duty of care' in European legal systems for Amnesty International" (European Institutions Office, September 2018) 5. 33 Whether public entities, commercial or otherwise, should have statutory human rights due diligence duties is an important question however not one considered in this briefing. 52 Norwegian Transparency Act. The UK and Australian Modern Slavery Acts require the production of reports on the management of modern slavery risks in the supply chain, without mandating any particular steps that the company should take to do so: UK Modern Slavery Act 2015 and Australian Modern Slavery Act 2018 53 See for example two recent pieces of litigation against Total concerning the adequacy of its vigilance plans, one brought by 14 French local authorities and five French NGOs alleging that Total had not sufficiently identified the human rights and environmental risks linked to its contribution to climate change, summary available at the Business and Human Rights resource Centre <https://www.business-humanrights.org/ en/latest-news/total-lawsuit-re-climate-change-france/>, and another brought by French and Ugandan civil society organizations alleging that Total had not adequately addressed risks concerning its operations in Uganda, summary available at the Business and Human Rights Resource Centre: <https://www.business-humanrights.org/en/latest-news/totallawsuit-re-failure-to-respect-french-duty-of-vigilance-law-in-operations-in-uganda/> 54 In cases of "strict liability" a defendant may be liable in the absence of fault; in addition, common law and civil jurisdictions may differ in these elements. 55 Personal injury, as a class of tort law, may refer to disease or an impairment of a person's physical or mental condition 56 See the US Alien Tort Statute, which grants US federal courts jurisdiction over "any civil action by an alien for a tort only, committed in violation of the law of nations or a treaty of the United States." 28 U.S.C. § 1350.

Transparency
Notably, however, the extraterritorial application of this law and the amenability of corporations to be sued under its provisions have been brought into question by recent cases such as Kiobel v. Notably, the term "duty of care" does not always find a precise equivalent in civil law systems. In addition, the term "duty of care" can also carry different meanings within common law systems. Besides indicating an element of tort claims, for instance, "duty of care" is also used in corporate governance to refer to directors' fiduciary duties. A recent study for Amnesty International found that there was considerable confusion between the terms "HRDD", "duty of care" and quasi-equivalent terms from non-common law jurisdictions such as the French "devoir de