Key Non-Binding Frameworks on Business, Human Rights and AI
Relevant non-binding instruments
Relevant global and regional governance frameworks include the UN Guiding Principles on Business and Human Rights (UNGPs). The UNGPs provide for a set of principles that states and businesses ought to apply or consider applying (depending on the circumstances), using the “Protect, Respect and Remedy” framework: (i) the State duty to protect against abuses, (ii) corporate responsibility to respect human rights, and (iii) access to remedies for victims.
Building on the UNGPs, the Committee of Ministers of the Council of Europe adopted Recommendation CM/Rec(2016)3 on human rights and business. It provides specific guidance to assist member States in preventing and remedying human rights abuses by business enterprises and insists on measures to induce business to respect human rights.
Another relevant instrument is the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct, which provides detailed recommendations on responsible business conduct addressed by governments to multinational enterprises.
Council of Europe member States’ duty to protect against business-related human rights abuses and to provide effective remedies is best explained by the jurisprudence of the Court and the decisions and conclusions of the ECSR, as detailed above. The responsibilities of businesses to respect human rights in the context of AI can be examined through the framework of the UNGPs, as will be explained below.
Corporate Responsibility to Respect Human Rights
The UNGPs advocate for businesses to put in place policies and processes, including:
- policy commitments to meet their responsibility to respect human rights;
- human rights due diligence to identify, prevent, and address adverse human rights impacts;
- processes to enable the remediation of their adverse human rights impacts.[1]
Businesses are expected to use both qualitative and quantitative indicators, integrating this tracking into internal processes and seeking stakeholder feedback (Principle 20). When businesses cause or contribute to adverse impacts, they should provide or cooperate in remediation through legitimate processes (Principle 22). If impacts are linked to the company’s operations but not directly caused by it, the enterprise is not required to provide remedies itself but may play a supporting role in broader efforts. In cases where prioritisation is necessary, businesses should focus first on the most severe or irremediable impacts to minimise harm (Principle 24). Communication about these measures should be transparent and accessible, balancing legitimate confidentiality concerns with the need for accountability (Principle 21).
To date, no AI-specific general guidance on corporate responsibility for human rights has been developed.[2] The UNGPs may provide a framework for addressing human rights impacts across the AI value chain. Businesses should assess and mitigate human rights risks throughout the AI lifecycle, from design to deployment, with transparency and accountability as central principles. Human rights due diligence should evaluate direct and indirect impacts, focusing on risks to individuals, and should be adapted dynamically to the evolving nature of AI technologies. Arguably, AI-specific human rights impact assessments to identify human rights risks, including those arising from third-party uses of AI systems, should be developed and applied.
In the AI specific context, the HUDERIA Methodology,[3] while not a specific instrument on corporate responsibility to respect human rights, is addressed to both public and private actors. It connects international human rights standards and existing technical frameworks on risk management in the AI context and provides a structured approach to risk and impact assessment of AI systems specifically tailored to the protection and promotion of human rights, democracy and the rule of law.
Recommendation CM/Rec(2016)3 on human rights and business calls upon member States to apply such measures as may be necessary to encourage or, where appropriate, require that businesses domiciled within their jurisdiction with activities within the AI lifecycle apply human rights due diligence throughout their operations and carry out human rights due diligence in respect of such activities; including project-specific human rights impact assessments, as appropriate to the size of the business and the nature and context of the operation.[4] States should encourage and, where appropriate, require such businesses to display greater transparency in order to enable them better to “know and show” their corporate responsibility to respect human rights and where appropriate, require such businesses to provide regularly, or as needed, information on their efforts on corporate responsibility to respect human rights in the context of AI.[5]
[2] The OECD is developing guidance on responsible business conduct due diligence in the development and use of trustworthy AI systems and has already provided guidance with respect to finance and platform companies. In addition, the UN Human Rights B-Tech Project has identified three broad headlines and associated practical recommendations for how lawmakers, standard setters, businesses and civil society can leverage the UNGPs to foster governance and business practices capable of tackling human rights impacts and risks of generative AI, see Advancing Responsible Development and Deployment of Generative AI: A UN B-Tech foundational paper | OHCHR.
[3] The Council of Europe applies the HUDERIA in its capacity-building activities, such as the HUDERIA Academy, which provides training sessions for government officials, sectoral regulators, public institutions, sectoral professionals, academy and civil society representatives. The HUDERIA is also used as a basis for engagement with private-sector AI developers on issues relevant to the implementation of the Framework Convention.
[4] CM/Rec(2016)3, para 20.
