Responsible tech business in conflict

Isabel Ebert and Timothy Charlton-Czaplicki explore the challenges faced by technology companies operating in conflict
Main Top Image
Image created with the assistance of Dall-E 2

During the past decade, social media platforms have been used to incite violence in Myanmar and Ethiopia and to spread disinformation around the invasion of Russia into Ukraine. Most recently they have played an ambiguous role in the Israel-Gaza war. Communications infrastructure required to operate digital services is also often an early target for physical destruction, as was the case in the Gaza Strip in October 2023. Internet shutdowns are a frequent reality in several countries. Many other digitally mediated impacts in conflicts, in particular around surveillance technology, remain hidden under the surface.

Digital tools and services underpin both civilian and military activity, entangling them and their creators in a complex web of responsibilities and duties. Humanitarian actors find themselves in a similar predicament, as the aid they provide increasingly depends on sophisticated digital solutions licensed from global corporations. These technologies range from productivity software to low earth orbit satellite connectivity.

Understanding and anticipating the use of technology in conflict is becoming a central challenge for its creators and users alike. Corporate actors are faced with ensuring their products are used in accordance with international law in fast-paced and fluid conflict settings.

Where should business begin?

In 2011, the UN Human Rights Council unanimously endorsed the “UN Guiding Principles on Business and Human Rights (UNGPs), welcomed by both business and civil society. The principles reaffirm the duty of states to protect human rights and articulate how states’ obligations under international human rights law are to be understood in relation to business activities. Further, the UNGPs recognise and elaborate on the responsibility of business enterprises to respect human rights. As part of this responsibility, all business enterprises are expected to conduct “human rights due diligence”, a process for identifying, preventing, mitigating, and accounting for how they address their impacts on human rights. This means that tech companies, including ‘big tech’, should identify and address how they might negatively affect human rights through their own activities or as a result of their business relationships. This process can be integrated into established corporate risk management processes and policy commitments to respect human rights.

The UNGPs also account for operating environments, such as conflict-affected areas, that may increase the risk of enterprises becoming involved with severe human rights abuses. In such complex contexts, businesses should ensure at the very least that they do not exacerbate the situation. In 2020, the UN Working Group on Business and Human Rights further clarified the expectations of business in such contexts to entail seeking advice and assistance from government bodies, including embassies; engaging in heightened human rights due diligence; and making space for local grievances regarding company activities in a conflict-sensitive way.

Heightened human rights due diligence

 The UNGPs provide business enterprises with a blueprint for addressing human rights risks, including through the exercise of human rights due diligence. This will vary in complexity with the risk of severe human rights impacts and the nature and context of operations. 

Situations of armed conflict should automatically raise red flags within the enterprise and trigger human rights due diligence processes that are finely tuned and sensitive to this higher level of risk. As noted in the UNGPs, in such situations, enterprises are expected to respect the standards of international humanitarian law (IHL) in addition to internationally recognised human rights. 

IHL and international human rights law are complementary and share some aims. Both IHL and human rights law prohibit torture or cruel treatment, prescribe basic rights for persons subject to criminal processes, prohibit discrimination, contain provisions for the protection of women and children, and regulate aspects of the right to food and health. However, IHL specifically applies to armed conflict. IHL is articulated as a series of treaties and protocols agreed at state level, as well as customary rules, meaning general practice accepted as law, which apply to states, non-state actors, and individuals in international and non-international armed conflict.

However, deferring solely to IHL leaves a gap in the advisory literature on responsible corporate conduct in borderline conflict or fast-moving situations. Since IHL “applies only in situations of armed conflict”, it does not guide actors in the periods preceding or following it. Monitoring ongoing debates and commentary in this developing space, such as when cyber operations constitute armed conflict or how geographically dispersed civilian data should be safeguarded, is highly relevant to globally operating tech companies. As digital technologies dissolve the temporal and spatial boundaries of conflict, knowing which body of law applies in a situation is crucial.

To be effective for the wide range of corporate actors involved in kinetic and cyber conflict, ‘heightened human rights due diligence’ should include voluntary measures to avoid civilian harm and guarantee the ability of humanitarian organisations to act unimpeded where conflict might be reasonably anticipated. Interpretations of international law and norms related to novel technologies in conflict situations are currently emerging, meaning a definitive set of instructions is not yet available. However, the expectations of the UNGPs are clear – all companies should conduct human rights due diligence with respect to all internationally recognised human rights and IHL in conflict situations. The exact ways in which new technologies impact human rights and IHL may not be fully understood, though companies can begin by implementing a range of measures.

Where to go from here?

What should conflict-sensitive corporate responsibility look like? A set of recommendations for technology companies, based on the UNGPs and IHL, can help address human rights concerns in conflict settings:

  1. Adopt Conflict-Specific Policies and Practices applicable to all business units, addressing emerging normative standards related to international human rights. These allow companies to prepare for potential conflicts with state actors and commit to pushing back against government requests that conflict with human rights standards.
  2. Practice Heightened Human Rights Due Diligence to identify areas of conflict where technology is currently in use or might be in the future. This applies even if the company has no operations or employees present. Enhanced Due Diligence can also help assess potential human rights implications in conflict through research and stakeholder engagement, eg, with regard to considerations for remaining and exiting. The boundaries of modern conflicts are spatially and temporally fluid.
  3. Involve Legal and Compliance Team(s) to treat human rights and IHL abuses in conflict areas as compliance issues.
  4. Apply conflict-sensitive Product Design to prevent and mitigate adverse human rights and IHL impacts by introducing security features or limiting certain functionalities. Appropriate Contract Drafting can limit abuse by requiring rights-compatible usage of technology products.
  5. Establish Avenues for Early Warning, Crisis Protocols, and Rapid Response involving employees, contractors, civil society, and community stakeholders. This may entail Industry Collaboration and Information Sharing to engage with other companies.
  6. Establish or participate in effective operational-level grievance mechanisms that are conflict sensitive to help identify and address adverse impacts of digital technologies in conflict settings (see also the full range of UNGPs effectiveness criteria).
  7. Carry out Conflict-Sensitive Training for employees and workers, including an introduction to IHL and considerations for engaging with victims of trauma, to prepare staff to act in an informed manner.
  8. Implement Enhanced Privacy Policies to safeguard people in conflict settings, minimise data risks, and conduct ongoing human rights due diligence on third-party partnerships.

These recommendations emphasise the importance of proactive measures, collaboration, and consideration of the unique challenges posed by conflict settings to safeguard human rights in the technology sector.

The views expressed are those of the authors and do not necessarily reflect the official views of any UN organisation.