By Vanguard Enterprise Intelligence Unit with the work of John Ruggie, Shift Project, Anita Ramasastry, Surya Deva, and Dorothée Baumann-Pauly.

The business and human rights agenda has entered a more difficult phase. For more than a decade, corporate responsibility seemed to move in one direction: more transparency, more sustainability commitments, more investor attention, more supply-chain scrutiny, and more pressure on companies to account for their social impact. The direction was uneven, but the momentum was clear.

In 2026, that momentum is less secure. The world has become more fragmented, and the corporate environment more politically charged. Geopolitical competition is reshaping supply chains. Armed conflicts are raising questions about corporate complicity. Migration systems, digital surveillance, defence procurement, and critical minerals are exposing companies to risks far beyond traditional ESG reporting. At the same time, sustainability backlash has made some executives more cautious about public commitments. In place of confident public messaging, many companies are choosing silence.

This silence is often described as prudence. In some cases, it is. Public overstatement can create legal, reputational, and political risk. But corporate hushing carries its own danger. When companies stop talking about human rights, sustainability, and supply-chain risk, they may also stop building the internal discipline required to manage those risks. The issue is not whether every commitment should become a public campaign. The issue is whether companies continue to do the work when the politics become uncomfortable.

Human rights due diligence is becoming the test of that seriousness. It asks whether companies can identify, prevent, mitigate, and account for adverse human rights impacts across their operations and business relationships. It is not a communications strategy. It is not a philanthropy program. It is not merely a compliance file. Properly understood, human rights due diligence is a strategic management system for operating in a world where risk is increasingly political, interconnected, and difficult to outsource.

The End of the Easy ESG Era

The easy ESG era was built on the assumption that corporate sustainability commitments would generally be rewarded. Investors asked for more disclosure. Consumers expected brands to show responsibility. Employees wanted purpose. Regulators gradually increased expectations. Companies could make broad commitments to human rights, climate, diversity, supply-chain responsibility, and stakeholder capitalism without always facing immediate political costs.

That environment has changed. In several markets, sustainability language has become politically contested. Companies face criticism for saying too much, saying too little, or saying one thing while doing another. The result is a rise in corporate hushing: the decision to reduce public communication about sustainability or human rights commitments even when internal work continues.

The temptation is understandable. Executives are tired of being pulled into ideological conflict. Legal teams worry about greenwashing claims, securities disclosures, and activist scrutiny. Public affairs teams worry about political backlash. Boards worry about reputation. But silence is not a substitute for strategy.

The companies that navigate this environment well will separate public messaging from operational discipline. They may speak more carefully, but they will not govern less seriously. They will recognize that the risks have not disappeared because the language has become contested. Forced labor, child labor, unsafe working conditions, land rights violations, discrimination, surveillance abuse, conflict financing, and complicity in state violence remain material business issues. A company can avoid ESG terminology and still face human rights exposure.

The leaders who treat backlash as a reason to pause the work will fall behind. The leaders who treat backlash as a reason to professionalize the work will build resilience.

Due Diligence as Strategic Intelligence

Human rights due diligence is often framed as an obligation. It should also be understood as a source of strategic intelligence. A company that understands its human rights risks understands more than its compliance exposure. It understands its supply chain, labor dependencies, sourcing vulnerabilities, political exposure, community relationships, contractor behavior, and operating constraints.

This intelligence matters because modern business risk rarely stays inside neat categories. A labor issue can become a supply disruption. A supplier abuse can become a brand crisis. A conflict-zone sourcing decision can become a sanctions issue. A land-rights dispute can become a project delay. A worker-safety failure can become litigation, regulatory scrutiny, and employee backlash. A weak grievance mechanism can allow small problems to grow into public scandals.

Due diligence helps companies see these risks earlier. It forces them to ask where harm may occur, who may be affected, how severe the impact could be, whether the company caused, contributed to, or is directly linked to the harm, and what leverage the company has to prevent or mitigate it. These questions are not abstract. They shape procurement, contracting, market entry, supplier management, mergers and acquisitions, product design, security arrangements, and crisis response.

The most sophisticated companies therefore do not treat due diligence as an annual reporting exercise. They embed it into business decisions. Before entering a new market, they assess political and human rights risk. Before selecting a supplier, they examine labor practices and traceability. Before deploying technology, they assess privacy and discrimination risks. Before operating in a conflict-affected region, they examine whether their activities could contribute to abuse, displacement, surveillance, or financing of armed actors.

In a fragmented world, due diligence is how companies avoid strategic blindness.

The Supply Chain Reality

Supply chains remain the central arena for human rights risk. The corporate ideal is clean traceability: a company knows its suppliers, monitors conditions, identifies problems, and corrects them. The reality is often more complicated. Global supply chains are layered, opaque, and dynamic. First-tier suppliers may be visible, but risk often sits deeper: subcontractors, labor brokers, raw-material sites, informal workshops, transport corridors, and conflict-affected regions.

This is why supplier codes of conduct are no longer enough. A code can establish expectations, but it does not prove conditions. Audits can help, but they can miss hidden labor, falsified records, coached workers, seasonal abuses, and conditions beyond the audit site. Certification systems can improve discipline, but they can also create false confidence when companies outsource judgment to third parties.

The most difficult risks often emerge where supply chains intersect with poverty, weak rule of law, migration pressure, debt, informal labor, and resource extraction. Critical minerals, agriculture, apparel, construction, shipping, electronics, and renewable-energy supply chains all carry exposure. The energy transition itself can create human rights risks when demand for minerals, land, infrastructure, and manufacturing capacity accelerates faster than safeguards.

Leaders should therefore move from supplier compliance to supply-chain intelligence. That means mapping risk by product, region, commodity, supplier, and labor model. It means understanding where forced labor, child labor, unsafe conditions, recruitment fees, wage theft, land conflict, and security-force abuse are most likely to occur. It means using audits, worker voice, grievance channels, civil-society input, trade-union engagement, satellite data, customs information, and local expertise together rather than relying on one mechanism.

The goal is not perfect certainty. Perfect certainty is unavailable. The goal is disciplined visibility, credible escalation, and the willingness to act when risk becomes clear.

Conflict Zones and Corporate Complicity

Conflict-affected areas are becoming one of the hardest tests of corporate responsibility. Companies operating in or sourcing from these regions face risks that ordinary compliance systems are not designed to manage. Business activity can become entangled with armed groups, sanctioned actors, forced displacement, abusive security forces, surveillance, detention systems, and the financing of violence.

The legal and moral stakes are high. A company may not intend to support harm, but intention is not the only issue. Payments, logistics, sourcing decisions, infrastructure, data systems, transport networks, and security arrangements can all become connected to abuse. In conflict environments, ordinary business relationships can create extraordinary exposure.

This requires heightened due diligence. Companies must examine not only whether a supplier meets a standard, but whether the broader context makes responsible business possible. They must ask whether taxes, fees, or informal payments may benefit armed actors. They must examine whether minerals or commodities may be linked to forced labor, child labor, or militia control. They must consider whether security providers respect human rights. They must assess whether company operations could contribute to displacement, censorship, surveillance, or repression.

The answer is not always immediate exit. Leaving a region can harm workers, communities, and local partners. But staying without a credible human rights strategy can be worse. Companies need decision frameworks for conflict exposure: when to stay, when to suspend, when to disengage responsibly, how to preserve leverage, how to protect workers, and how to avoid contributing to harm.

This is no longer a niche concern for extractive companies. Technology firms, logistics providers, financial institutions, defence contractors, infrastructure companies, insurers, commodity traders, and consumer brands can all be linked to conflict-zone risks through supply chains, customers, platforms, financing, or business relationships.

The Legislative Backlash

Mandatory human rights due diligence has advanced, but not in a straight line. The European Union’s Corporate Sustainability Due Diligence Directive represented a major step toward requiring large companies to address human rights and environmental harms across operations and value chains. But subsequent simplification efforts, delays, scope changes, and political pressure have shown how fragile the regulatory trajectory can be.

For companies, the lesson is clear: waiting for legal clarity is not a strategy. Regulation may narrow, widen, delay, fragment, or return in new forms. Different jurisdictions will take different approaches. Some will emphasize disclosure. Some will require due diligence. Some will focus on forced labor bans, import controls, deforestation, sanctions, conflict minerals, public procurement, or sector-specific rules. The result is not a single compliance path, but a fragmented legal landscape.

This fragmentation increases the value of internal standards. A company that builds its human rights program only around the minimum legal requirement in each jurisdiction will constantly chase change. A company that aligns its approach with international standards, especially the UN Guiding Principles on Business and Human Rights and the OECD Guidelines for Multinational Enterprises, creates a more stable foundation.

Strong companies will treat law as the floor, not the operating model. They will build due diligence systems that can adapt across markets. They will design processes that can satisfy regulators, investors, customers, and affected stakeholders even when the legal requirements differ. They will avoid the mistake of assuming that weakened legislation means weakened risk.

Human rights exposure does not disappear when legislation is delayed. It merely becomes less visible until something goes wrong.

The Corporate Hushing Dilemma

Corporate hushing is one of the defining management dilemmas of 2026. Companies face increasing pressure to avoid exaggerated claims, but also increasing expectations to demonstrate responsibility. Speaking too loudly can create backlash. Speaking too vaguely can create suspicion. Saying nothing can create distrust.

The solution is not performative silence or performative activism. It is disciplined candor. Companies should communicate less like marketers and more like institutions. They should explain what they are doing, what they know, what they do not yet know, where risks remain, and how they are improving. This is harder than issuing polished commitments, but it is more credible.

A serious human rights communication strategy should be tied to actual due diligence. Companies should avoid broad claims that cannot be substantiated. They should report on systems, not slogans. They should describe governance, risk assessment, supplier engagement, grievance mechanisms, remediation efforts, and measurable progress. They should be honest about limitations.

This is especially important because silence can weaken internal accountability. When a company stops discussing human rights externally, business units may conclude the issue has lost priority. Procurement may return to cost-only decisions. Suppliers may feel less pressure. Managers may stop escalating concerns. Over time, the discipline erodes.

Corporate hushing may protect a company from short-term political controversy. But if it leads to weaker systems, it creates long-term risk.

Turning Commitments into Resilience

Human rights commitments become valuable only when they change decisions. A policy statement does not protect workers. A supplier code does not prevent forced labor by itself. A board committee does not create remedy. A sustainability report does not reduce risk unless it reflects real operational discipline.

The companies that turn commitments into resilience embed human rights into core management systems. Procurement teams are trained to identify risk and avoid pricing pressure that incentivizes abuse. Legal teams include human rights clauses in contracts and know how to enforce them. Risk teams integrate human rights into enterprise risk management. Strategy teams assess geopolitical and conflict exposure before market entry. Audit teams use worker voice and local intelligence, not only document review. Boards receive meaningful information about severe risks, not sanitized dashboards.

Resilience also requires grievance and remedy. A company cannot claim to respect human rights if affected people have no credible channel to raise concerns. Workers, communities, suppliers, and civil-society groups often see problems before headquarters does. Effective grievance mechanisms are therefore not merely moral obligations. They are early-warning systems.

The strongest companies also understand leverage. They do not simply drop suppliers at the first sign of risk, especially when disengagement could worsen conditions for workers. They use purchasing power, contracts, capacity-building, industry collaboration, investor pressure, and public policy engagement to improve conditions where possible. When leverage is insufficient and harm is severe, they disengage responsibly.

This is the difference between compliance and responsibility. Compliance asks whether the company has a process. Responsibility asks whether the process changes outcomes.

The Leadership Agenda

Executives should begin by elevating human rights due diligence from the sustainability function into enterprise strategy. It should not sit at the edge of the organization, dependent on a small team with limited authority. Human rights risk touches procurement, legal, compliance, operations, finance, communications, security, technology, human resources, and corporate strategy. It requires cross-functional ownership.

The first leadership task is risk mapping. Companies should identify where their most severe human rights risks are likely to occur, not where they are easiest to measure. This requires attention to geography, sector, commodity, workforce structure, supplier depth, conflict exposure, vulnerable populations, and business-model incentives.

The second task is governance. Senior leaders must define who owns human rights due diligence, how risk is escalated, how decisions are made, and when the board becomes involved. Severe human rights risks should not remain buried in procurement systems or local operating reports.

The third task is supplier and business-partner discipline. Companies should move beyond generic codes and toward risk-based engagement. High-risk suppliers require deeper assessment, stronger contractual expectations, worker-centered monitoring, and remediation plans. Business partners in conflict-affected or high-risk areas require enhanced due diligence before and during engagement.

The fourth task is integration with technology and AI. Companies increasingly use AI tools for supply-chain monitoring, audit analysis, worker feedback, and risk detection. These tools can help, but they can also create blind spots if they rely on incomplete data or reproduce existing biases. Human rights due diligence should use technology as support, not as a substitute for judgment.

The fifth task is communication. Companies should resist both overclaiming and hiding. The right posture is credible transparency: specific, evidence-based, careful, and tied to action. The goal is not to win applause. It is to build trust.

The Strategic Imperative

Human rights due diligence is often presented as a burden. In a fragmented world, it is better understood as a form of institutional resilience. It helps companies see risks before they become crises. It strengthens supply-chain knowledge. It improves decision-making in difficult markets. It builds trust with employees, investors, customers, regulators, and affected communities. It gives companies a stronger foundation when politics shift and regulation fragments.

The companies that fail will often do so quietly at first. They will reduce public commitments, narrow internal attention, rely on first-tier supplier assurances, and wait for legal clarity. For a time, this may feel prudent. But risk will continue to accumulate beneath the surface.

The companies that succeed will take a different path. They will speak carefully but act seriously. They will build due diligence systems that survive political backlash. They will examine conflict exposure before it becomes complicity. They will understand that supply-chain visibility is not a reporting exercise but a strategic capability. They will treat human rights not as a public-relations category, but as a test of whether the company can operate responsibly in a volatile world.

In 2026, the central question is not whether companies can avoid controversy. It is whether they can build enough trust and discipline to endure it.

Human rights due diligence is how that discipline begins.