Client Alert

New Emphasis on Human Rights and Human Rights Due Diligence in U.S. Export Controls

April 07, 2023

By Jonathan C. Drimmer,Scott M. Flicker,Quinn Dang,

Ariel Vita Giumarelli,

& Talya Hutchison


As the European Union has made continued progress toward implementing a holistic human rights legislative agenda, the United States, in the wake of the recent second Summit for Democracy, began to push its own set of human rights-related regulatory reforms. Among the most significant EU human rights trends are transparency and disclosure, as epitomized by the sweeping Corporate Sustainability Reporting Directive (CSRD), passed by the EU in December 2022, and human rights due diligence, which is the centerpiece of the looming Corporate Sustainability Due Diligence Directive (CSDDD). While the United States did not pursue such expansive reforms, among its announcements in March were two significant commitments coinciding with the week-long summit. The first is the release of a Code of Conduct that highlights the importance of human rights in reviewing potential exports of goods and services that might be misused to violate human rights. The second is guidance (in the form of FAQs) released by the Department of Commerce earlier in the month that directs companies to conduct due diligence on human rights in connection with export license applications. Together, these announcements represent a continued integration by the United States and other countries of human rights, and particularly human rights due diligence, into international regulatory compliance (for more on this trend, see our prior client alert here).


Although due diligence has long been a mechanism for companies to evaluate their corporate risks, the concept of “human rights due diligence” is a key part of the United Nations Guiding Principles on Business and Human Rights (UNGPs). As the UNGPs reflect, human rights due diligence consists of four elements: (1) determining actual, potential, and perceived risks of negative human rights impacts on stakeholders (not just the company); (2) taking steps to prevent and mitigate those impacts; (3) evaluating the effectiveness of those steps; and (4) reporting externally, including to potentially affect individuals and groups (see here; here; and here for prior writings on this).

Human Rights and Export Controls Code of Conduct

On March 30, 2023, the Administration released a Code of Conduct, a voluntary, non-binding document that outlines the commitments by subscribing states (including the United States) to take “human rights into account when reviewing potential exports of dual-use goods, software, and technologies that could be misused for the purposes of serious violations or abuses of human rights.” Human rights due diligence is also explicitly called out in the Code of Conduct, with the U.S. and other subscribing states calling on private sector actors to “conduct due diligence in line with national law and the UN Guiding Principles on Business and Human Rights.”

The Code of Conduct is the output of the Export Controls and Human Rights Initiative, a partnership between the United States and its allies such as Australia, Canada, France, and United Kingdom to counter the rise of digital authoritarianism in countries where surveillance, cyber intrusion, and other dual-use technologies have been used to track human rights defenders and journalists and restrict freedom of expression. The focus of the group is on the use of export control tools to prevent the proliferation of software and technologies that can be used to enable serious human rights abuses – building on the use of export controls to achieve foreign policy and national security objectives in the prior U.S. administration.

Department of Commerce Human Rights Guidance

Prior to that announcement, the U.S. Department of Commerce Bureau of Industry and Security (BIS) quietly released guidance that affirmatively states that human rights concerns will be factored in when reviewing export license applications. Again emphasizing the singular importance of human rights due diligence, the guidance states that:

  • BIS expects exporters to exercise due diligence with regard to identifying human rights concerns.
  • In conducting due diligence regarding human rights, BIS directs companies and exporters to the UNGPs and the U.S. State Department’s Guidance implementing the UNGPs for certain technologies with surveillance capabilities – a 12-page document that translates the UNGPs into practical and actionable steps for companies that work with dual-use technologies, particularly those products and services that can be misused to violate or abuse human rights or transactions that might be linked to foreign government end users.
  • License applications must include all facts and circumstances relevant to human rights concerns (i.e., all parties to the transaction including the consignee, end user, and purchaser); all relevant information includes but is not limited to assurances and safeguards to minimize the risk a proposed export may contribute to human rights violations and abuses.

Considering human rights concerns when reviewing U.S. export license applications is not entirely new. That authority has existed since October 2020, when BIS revised the Export Administration Regulations (EAR) to provide for enhanced consideration of human rights concerns when reviewing almost all license applications for items on the Commerce Control List. Since that time, the government has also placed dozens of companies on the Entity List for human rights concerns, many in connection with concerns tied to the Xinjiang Uyghur Autonomous Region of China (including the addition of 5 new PRC entities to the list on March 30, 2023). This practice, which was confirmed in a recent decision by the United States Court of Appeals for the District of Columbia Circuit, was formalized in regulations on March 30, 2023, when BIS published a final rule amending the EAR to confirm that the foreign policy interest of protecting human rights worldwide is a basis for adding entities to the Entity List. Nor is the concept of due diligence new – BIS has longstanding Know Your Customer (KYC) Guidance, Red Flag Indicators, and instructions to exporters to not “self-blind” – that is, exporters must not cut off the flow of information that comes in the normal course of business, including regarding end-use and end users.

What is significant is the importation of the concept of human rights due diligence consistent with the UNGPs to the U.S. regulatory sphere, especially in the export controls and licensing context – a shift that will impact companies considering opportunities in countries or with governments with a historically poor human rights record, and developing their export controls programs.

Practical Steps

The clear signal from the government is that affected U.S. companies – which might include a broad set of companies that export technologies ranging from sensors, biometric identification, data analytics, surveillance tools, location tracking, and recording devices – will need to start integrating human rights due diligence into compliance programs, including export compliance programs. Practical steps – which are by no means exhaustive – to prepare for licensing reviews might include:

  1. Understanding the inherent risks associated with the products or services to determine how they might be used to commit human rights abuses (with use capturing both intended use and foreseeable misuse) by conducting what is becoming known as downstream due diligence;
  2. Understanding the risks associated with the specific end user and performing KYC checks to determine relevant stakeholders involved in a transaction. This includes reviewing the human rights records of a foreign government agency and relevant laws of the country. For example, the U.S. State Department guidance states that companies should “review, including through in-house and outside counsel, whether the foreign government end user’s laws, regulations, and policies that implicate products and services with surveillance capabilities are consistent with the [Universal Declaration of Human Rights]”;
  3. Assessing the geographical distribution of the products, as human rights are not evenly enforced around the world;
  4. Considering the volume associated with the transaction – taking into consideration that the higher the volume, the greater the risk that products might be misused;
  5. Seeking to mitigate human rights risks through contractual safeguards, including with appropriate grievance mechanisms; and
  6. Considering engaging with experts and NGOs in conducting human rights due diligence, and continued monitoring of the potential end user through public information searches.


In light of the BIS guidance and Code of Conduct, and in addition to the practical steps mentioned, U.S. companies should be prepared to further consider and strengthen their approaches to implementing human rights due diligence, including integration into their compliance programs, policies and procedures. While the BIS guidance to date is specific to license applications (rather than a requirement that human rights due diligence be undertaken where the U.S. government does not require an authorization for export), and the Code of Conduct is non-binding, the shift in emphasis toward human rights due diligence is a significant one. It is a clear sign of the increased convergence between human rights frameworks and export controls regulations specifically, and international regulatory compliance requirements more generally. Since the adoption of the UNGPs in 2011 (which are voluntary in nature), there have been two major trends for human rights regulatory initiatives. Some countries, such as France, Germany and Norway, have successfully enacted standalone human rights laws that require human rights due diligence in line with the UNGPs. The proposed CSDDD seeks to impose the requirement across the EU member states, including for non-EU companies operating in the EU. Other countries, such as the U.S., have sought to incorporate human rights into international regulatory compliance areas – with notable examples including the Uyghur Forced Labor Prevention Act (which focuses on human rights in international trade and import regulations), the Global Magnitsky Act (which addresses human rights through the U.S. sanctions regime), the U.S. Entity List designation (which the U.S. Government has used in recent years to restrict trade with entities tied to human rights abuses), and FinCEN’s efforts to link human trafficking to money laundering and illicit finance (such as alerts related to human smuggling and by updating its Suspicious Activity Report (SAR) form to include a checkbox for financial institutions to identify potential suspicious activity related to human trafficking). The U.S. Government announcements are a continuation of the latter trend, and we expect more to come in the future as human rights takes center stage in U.S. foreign policy, including in the forthcoming update to the National Action Plan on Responsible Business Conduct.

Click here for a PDF of the full text


Image: Jonathan C. Drimmer
Jonathan C. Drimmer

Partner, Litigation Department

Image: Scott M. Flicker
Scott M. Flicker

Partner, Litigation Department

Image: Quinn Dang
Quinn Dang

Associate, Litigation Department

Image: Talya Hutchison
Talya Hutchison

Associate, Litigation Department

Get In Touch With Us

Contact Us