In Part I of this series, we explored why putting vulnerable groups at the center is essential to meaningful human rights due diligence — and how overlooking those most at risk can undermine the entire process. Now, in Part II, we turn to the next step: how to move from understanding to action.
International human rights and environmental due diligence standards and laws provide important frameworks, outlining the requirements for companies to identify, prevent and mitigate their impact on people and the planet— but their real impact depends on how companies put them into practice.
Past experience shows that superficial fixes or one-size-fits-all strategies fall short of addressing deep-rooted inequalities and therefore do not achieve the aim of effectively mitigating and preventing risks for people.
Effective action requires going beyond standard audits or generic codes of conduct. It means considering vulnerable groups at every stage of the due diligence process.
Many companies with more mature due diligence practices have recognized the value of building a clear, detailed picture of whose rights are most at risk — and how this understanding strengthens the development of appropriate and effective measures to address those risks.
From Obligation to Action: What Companies Can Do
1. Center those that are most vulnerable in risk analysis:
Ask not just “What risks exist?” but follow up with the question “Who is most at risk?”.
Most companies start their due diligence journey with a high-level mapping of salient human rights risks — often by sector and/or geography. This is a necessary first step. But to develop effective measures to address risks to people, companies must go further: they must understand who is most affected.
Risks do not impact all people equally. Vulnerabilities are shaped by factors such as gender, migration status, disability, employment conditions, and more. By focusing explicitly on who is most at risk, companies can sharpen their understanding of where their attention and resources are most urgently needed and where efforts should focus on. Because if you don’t know who is affected, how would you know which measures would help to prevent violations of their rights?
By focusing explicitly on who is most at risk, companies can sharpen their understanding of where their attention and resources are most urgently needed and where efforts should focus on. Because if you don’t know who is affected, how would you know which measures would help to prevent violations to their rights?
One example is a company’s own operations. We often support clients with identifying and addressing vulnerabilities as part of the risk analysis process. Here, companies typically already have valuable insights into who the workers are, what their working conditions look like, and where specific vulnerable groups may be present. This information should be actively integrated into risk analyses by asking targeted questions, such as:
- Who are the vulnerable groups present in our workforce?
- Where are they mostly concentrated (e.g., in specific functions, business activities, or locations)?
- Which risks are most severe for them?
By sharpening their focus on vulnerable groups – using the insights they already have within their own operations – companies can avoid blind spots that often persist in standardized assessments. This makes risk analysis far more meaningful and effective.
When looking beyond their own operations in the upstream supply chains, many companies default to standard measures like audits and certifications as part of their due diligence efforts. Due to their standardized approach, audits and certification schemes miss the nuanced realities of supply chains.
Risks are rarely generic — they are deeply shaped by local realities — from labor structures and land dynamics to community vulnerabilities, power dynamics and political conditions. That’s why more and more companies are moving beyond generic audits and embracing human rights impact assessments (HRIAs) or similar approaches that are grounded in local perspectives.
This shift is driven by the recognition that effective due diligence depends on understanding how people are affected in specific places — not just on paper, but in practice. We actively engage with our clients in innovative methods to better understand complex human rights situations in supply chains.
Oxfam recently published a briefing paper on Innovative Pathways: When and how to use alternative approaches to Human Rights Impact Assessments which highlights that companies are using a range of approaches tailored to different contexts.
What unites these approaches is not the format, but the intent: to go deeper and listen better.
Thoughtful assessments increasingly rely on local expertise to ensure that no risks — and no rightsholders — are overlooked. This means working closely with people who live and experience the realities on the ground, rather than relying solely on desktop research or information provided by top-tier suppliers. For a deeper perspective on this, we recommend Lavinia Muth’s blog article: Local vs. Hyperlocal: Why the Distinction Matters.
2. Engage directly with affected groups:
Create space for meaningful participation by those impacted.
Moving from identification to action requires creating space for the consultation of those affected. In the supply chain, this may mean adapting engagement methods, using intermediaries like local NGOs or unions, or conducting culturally appropriate consultation processes that ensure safety and inclusivity — especially for groups who may face cultural or structural barriers to speaking out. It’s not just about asking for input — it’s about changing whose knowledge counts in risk analysis and solution design to ensure appropriateness and effectiveness.
Looking at companies’ own operations, structures such as worker councils, representatives for workers with disabilities, or women’s networks offer important entry points to bring the perspectives of vulnerable groups into risk analysis and the design of preventive and mitigation measures— ensuring that their experiences and concerns are properly reflected, rather than overlooked in standardized assessments.
In upstream supply chains, a decolonial approach strengthens this shift. It recognizes that people in affected communities are not merely sources of information but are indeed the best positioned to shape solutions. Community-led responses are more likely to address the actual root causes of harm — because they’re based on lived realities, not external assumptions.
Valuing this knowledge means letting go of top-down fixes and creating genuine space for rightsholders to define what change looks like. In the supply chain, this could include engaging:
- worker-led organizations or informal worker groups, such as seasonal labor collectives,
- local trade unions or migrant worker support networks,
- women’s associations in communities where gender-based risks are high,
- Indigenous communities, especially in land-use or resource-extraction contexts,
- smallholder farmer cooperatives, and
- grassroots NGOs or community-based organizations that have long-standing relationships with rightsholders.
Importantly, engagement must not be a one-off exercise. Building ongoing relationships with rightsholders is essential to track whether measures are working — and to adjust when they’re not. This kind of sustained dialogue helps companies focus their resources where they are most needed and ensures that actions remain relevant over time.
For more insights on stakeholder engagement read the CORE Message “Corporate Sustainability Due Diligence: The Who and How of Stakeholder Engagement”.
3. Include, recognize and address intersectionality:
Vulnerability is not one-dimensional. Gender, caste, age, disability, and sexual orientation often intersect — creating unique risks that standard tools may miss. Due diligence tools need to be tailored accordingly.
For instance, a disabled migrant woman working in informal employment may simultaneously face:
- discrimination based on gender and disability,
- language barriers and precarious residency status,
- exclusion from workplace protections, and
- limited access to complaints mechanisms.
No single policy or risk checklist will capture this complexity. Acknowledging intersectionality helps companies understand the layered nature of exclusion. It’s not about identifying more risks — it’s about designing better solutions that actually protect people.
So, what can companies do? Here are some examples on how to approach the complexity of intersectionality.
- Tailor engagement efforts to ensure that diverse voices are included — for example, holding separate focus groups for women, people with disabilities, or ethnic minorities.
- Use disaggregated data when assessing risk — breaking down insights by gender, role, contract type, and more.
- Involve trusted intermediaries — like women’s shelters, disability rights groups, or LGBTQ+ advocates — who can support safer, more inclusive dialog.
4.Design grievance mechanisms for access and trust:
Grievance mechanisms help identify concerns early on and can be instrumental in preventing adverse impacts on people. But to leverage grievance mechanisms as proactive risk management tools, they must be culturally appropriate, linguistically accessible, and safe to use without fear of reprisal.
Digital-only solutions, for example, may exclude older workers, low-literacy populations, or informal workers without access to smartphones. To be effective, grievance mechanisms must be fit for purpose — meaning aligned with the realities and needs of the target groups.
In practice, this often means that a single grievance channel will not meet the needs of all potentially affected groups. Different tools, channels, and methods may be necessary to ensure that especially vulnerable groups have safe, accessible, and trusted ways to raise concerns. Whether through direct dialogue, mobile outreach, community-based reporting structures, or partnerships with trusted intermediaries, designing inclusive grievance systems requires understanding who needs to be heard — and creating multiple, tailored pathways for them to do so.
5. Remediation: One size doesn’t fit here either:
Companies that have caused or contribute to an actual adverse impact are obligated to provide remediation according to the EU Corporate Sustainability Due Diligence Directive (CSDDD) as well as international guidelines. These remediation efforts must be just as tailored as risk prevention. If companies ignore the complex realities of those affected, they risk offering superficial fixes that don’t actually help — or worse, cause unintended harm.
Take the example of child labor remediation.
Simply removing a child from work without addressing the root causes — like family poverty, lack of schooling options, or unsafe home environments — can leave a child worse off. Effective remediation must be done in the best interest of the child and in collaboration with specialized child rights experts.
Organizations like UNICEF, Save the Children or The Centre for Child Rights and Business have developed strong guidance and case examples, showing how remediation can support a child’s well-being — for instance, by combining school reintegration, family income support, and ongoing monitoring.
6. Focus on outcomes, not just inputs:
Human rights and environmental due diligence (HREDD) requirements call not only for the implementation of measures, but also for their effective monitoring and continuous improvement. Companies must ensure that their human rights due diligence measures don’t just exist on paper but actually have impact.
While tracking of effectiveness of HREDD measures is still an underdeveloped field in many ways, it is clear that companies should not rely on tracking only “hard data” like the number of training sessions conducted or whether a policy was signed, but ask: “Did this change anything for the affected stakeholders”? Outcomes—such as improved safety for temporary workers, or increased representation of women in supply chain leadership—is what signals real progress.
An increasing number of companies are turning to the Theory of Change (ToC) approach to help answer that exact question.
What distinguishes ToC is that it does not stop at activities or policies—it starts from the change you want to see in the lives of affected people, especially those most at risk.
By working backwards from the desired outcomes and impact, companies can map the logic of how and why their actions are expected to lead to those changes. This makes underlying assumptions explicit and enables more targeted measurement—not just of what is done, but of what it achieves for rightsholders.
7. Build internal commitment and capacity:
Human rights due diligence is not just a compliance task—it’s a mindset. Ensuring respect for human rights, especially for those most at risk, requires awareness and commitment across the company. Procurement, human resources, legal, sustainability, operations, and top leadership all have a role to play in how risks are understood and addressed. This starts with building awareness: teams need to understand how their day-to-day decisions — from sourcing timelines to pricing strategies or hiring practices — can impact vulnerable people.
This can be done for example by:
- investing in regular, role-specific training – not just once but over time,
- revising incentive structures, so that responsible behavior is rewarded, not penalized by deadlines or cost targets,
- setting clear accountability with named roles and responsibilities for human rights within and across departments,
- ensuring leadership champions the issue, sending a clear message that human rights are a core business concern — not a siloed or optional topic, and
- creating spaces for internal reflection and collaboration where teams can raise dilemmas, share learnings, and adapt.
Protecting vulnerable groups is not an act of goodwill. It’s a matter of responsibility—and increasingly, of law. Human rights due diligence that fails to identify and address structural inequalities is not just incomplete—it’s ineffective. If companies want to leverage their HREDD efforts to become a sustainable risk management system, they must start by listening to those most impacted—and designing systems around their realities. It’s not about going the extra mile. It’s about starting at the right place.
No company has all the answers on its own—and it doesn’t need to. Effective due diligence requires collaboration, trust and region-specific knowledge.
At CORE, we believe that interdisciplinary cooperation across value chains is key to designing responsible, grounded solutions.
Companies often know where the risks are—but don’t know what to do next. Alongside our global network of subject matter experts, we help you move from risk lists to real action. We support teams to design practical, tailored steps that respond to the actual situations on the ground. By working closely with affected people, using local insights, and staying involved over time, we help companies make meaningful improvements that they can stand behind: measurable, transparent, and built to last.
If you’re ready to take a closer look at the realities shaping your own business activities and supply chain or want to explore how to make your due diligence processes more inclusive and effective, get in touch: hello@peopleatcore.com.
